Skip to content

fix(deps): vuln vite (patch → 7.3.2) [web-frontend]#259

Closed
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/web-frontend/1-1778178778
Closed

fix(deps): vuln vite (patch → 7.3.2) [web-frontend]#259
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/web-frontend/1-1778178778

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown

Summary: High-severity security update — 1 package upgraded (patch changes only)

Manifests changed:

  • web-frontend (npm)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
vite 7.3.1 7.3.2 patch Direct 2 HIGH, 1 MODERATE

Security Details

🚨 Critical & High Severity (2 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
vite GHSA-p9ff-h696-f583 HIGH Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket 7.3.1 8.0.5
vite GHSA-v2wj-q39q-566r HIGH Vite: server.fs.deny bypassed with queries 7.3.1 8.0.5
ℹ️ Other Vulnerabilities (1)
Package CVE Severity Summary Unsafe Version Fixed In
vite GHSA-4w7w-66w2-5vf9 MODERATE Vite Vulnerable to Path Traversal in Optimized Deps .map Handling 7.3.1 8.0.5

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants