fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-23 03:41:14 +00:00
parent 409efe84d5
commit b40b553489
2 changed files with 845 additions and 761 deletions
@@ -50,6 +50,7 @@
  },
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "vite": ">=6.4.2"
  }
 }