fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability
Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Gandalf the Greybeard
+2
-1
@@ -51,7 +51,8 @@
|
|||||||
],
|
],
|
||||||
"overrides": {
|
"overrides": {
|
||||||
"tar": "^7.5.11",
|
"tar": "^7.5.11",
|
||||||
"undici": "^7.24.3"
|
"undici": "^7.24.3",
|
||||||
|
"vite": ">=6.4.2"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"node-forge": "^1.4.0"
|
"node-forge": "^1.4.0"
|
||||||
|
|||||||
Generated
+1086
-672
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user