fix: patch Vite arbitrary file read vulnerability (GHSA-p9ff-h696-f583) #28
+2
-1
@@ -50,6 +50,7 @@
|
|||||||
},
|
},
|
||||||
"overrides": {
|
"overrides": {
|
||||||
"tar": "^7.5.11",
|
"tar": "^7.5.11",
|
||||||
"undici": "^7.24.3"
|
"undici": "^7.24.3",
|
||||||
|
"vite": ">=6.4.2"
|
||||||
}
|
}
|
||||||
|
|
|||||||
}
|
}
|
||||||
|
|||||||
Generated
+843
-760
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user
The new override uses
>=6.4.2, which is unbounded above and will automatically resolve to any future major version of Vite (e.g. 7.x, 8.x). The other overrides in this file use caret ranges (^7.5.11,^7.24.3) which restrict resolution to the same major version, preventing accidental adoption of breaking changes.^6.4.2would be the safer and more consistent choice here — it still satisfies the vulnerability fix while staying within the v6 series that is already tested with this project.Prompt To Fix With AI