fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#37)

Browse Source

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

This commit was merged in pull request #37.

...

This commit is contained in:

privilegedescalation-engineer[bot]

2026-05-03 17:44:08 +00:00

committed by GitHub

parent 39ed3ea90a

commit d44ae043c3

2 changed files with 1059 additions and 644 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

pnpm-lock.yaml

Generated

+1057 -643

File diff suppressed because it is too large Load Diff