fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Gandalf the Greybeard
2026-04-23 03:41:14 +00:00
parent 409efe84d5
commit b40b553489
2 changed files with 845 additions and 761 deletions
+843 -760
View File
File diff suppressed because it is too large Load Diff