chore(deps): update dependency vite to v7.0.8 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vite (source)	7.0.7 -> 7.0.8

GitHub Vulnerability Alerts

CVE-2025-62522

Summary

Files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows.

Impact

Only apps that match the following conditions are affected:

• explicitly exposes the Vite dev server to the network (using --host or server.host config option)
• running the dev server on Windows

Details

server.fs.deny can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass by using a back slash(\). The root cause is that fs.readFile('/foo.png/') loads /foo.png.

PoC

npm create vite@latest
cd vite-project/
cat "secret" > .env
npm install
npm run dev
curl --request-target /.env\ http://localhost:5173

---

Release Notes

vitejs/vite (vite)

v7.0.8

Compare Source

Please refer to CHANGELOG.md for details.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.62%. Comparing base (4eb7024) to head (d212b64).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1153   +/-   ##
=======================================
  Coverage   59.62%   59.62%           
=======================================
  Files          35       35           
  Lines        1008     1008           
  Branches      342      342           
=======================================
  Hits          601      601           
  Misses        339      339           
  Partials       68       68           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.