fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-23 03:41:00 +00:00
parent 780f58f9d9
commit 78a69fe9b4
2 changed files with 1088 additions and 673 deletions
@@ -51,7 +51,8 @@
  ],
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "vite": ">=6.4.2"
  },
  "dependencies": {
    "node-forge": "^1.4.0"