Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade vite from 2.9.1 to 2.9.16 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

sascha1337
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • react/package.json
    • react/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Path Equivalence
SNYK-JS-VITE-5664718
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: vite The new version differs by 171 commits.
  • ea814d7 release: v2.9.16
  • 7d8100a fix: port #13348 to v2, fs.deny with leading double slash (#13350)
  • 4f00f58 release: [email protected]
  • 78ca0b0 release: [email protected]
  • 3a5543d release: v2.9.15
  • 521bb39 fix: fs serve only edit pathname (fixes #9148) (#9654)
  • ed8d6a7 chore: narrow down rollup version (#9651)
  • e361a80 fix(ssr-manifest): check name before saving to ssrManifest (#9595)
  • 7f01a00 fix: backport make `resolveConfig()` concurrent safe (#9224) (#9229)
  • 0d13630 release: v2.9.14
  • adb61c5 fix: backport #8979, re-encode url to prevent fs.allow bypass (fixes #8498) (#8990)
  • 84ec02a fix(css): backport #8936 (#8977)
  • 194a265 docs: Update playground links for v2 in the v2 doccumentation (#8902)
  • 7a3a9bd test: skip failing test
  • d4d89b9 fix(css): backport #7746
  • da77dee fix: reverts #8471
  • 96c885a test: add #8461 test case
  • ac58a04 test: add #8245 test case
  • d93ac8e release: v2.9.13
  • e109d64 fix: backport #8804, /@ fs/ dir traversal with escaped chars (fixes #8498) (#8805)
  • 1afc1c2 fix(wasm): support decoding data URL in Node < v16 (#8668)
  • 86a55d3 release: v2.9.12
  • c0d6c60 fix: backport outdated optimized dep removed from module graph (#8534)
  • 078a7dc release: v2.9.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants