Closed renovate[bot] closed 1 year ago
The latest updates on your projects. Learn more about Vercel for Git โ๏ธ
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
chirpy | โ Ready (Inspect) | Visit Preview | ๐ฌ Add feedback | Jun 23, 2023 0:59am |
Latest commit: d327a5a24cef74785b0968fff69ff43d3a9d905a
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
./apps/main
St.:grey_question: |
Category | Percentage | Covered / Total |
---|---|---|---|
๐ด | Statements | 8.7% | 40/460 |
๐ด | Branches | 9.89% | 9/91 |
๐ด | Functions | 4.29% | 3/70 |
๐ด | Lines | 9.25% | 38/411 |
2 tests passing in 2 suites.
Report generated by ๐งชjest coverage report action from d327a5a24cef74785b0968fff69ff43d3a9d905a
e813977(current) vs 7235eb7 main#1379(baseline)
:warning: Bundle contains 5 duplicate packages
Metrics (1 change)
โโโโโโโโโโ | โโโโโโCurrent Job #1381 |
โโโโโBaseline Job #1379 |
---|---|---|
Initial JS | 1.77MiB |
1.77MiB |
Initial CSS | 82.86KiB |
82.86KiB |
Cache Invalidation | 0% |
98.09% |
Chunks | 53 |
53 |
Assets | 65 |
65 |
Modules | 1736 |
1736 |
Duplicate Modules | 202 |
202 |
Duplicate Code | 4.55% |
4.55% |
Packages | 151 |
151 |
Duplicate Packages | 5 |
5 |
View job #1381 reportโView refs/pull/573/merge branch activity
2 | 4 | 0 | 1 | 0 |
Details:
chore(deps): update dependency vite to v2.9.16 [security] | |||
Project: chirpy | Commit: d327a5a24c |
||
Status: Failed | Duration: 02:29 ๐ก | ||
Started: Jun 23, 2023 1:01 PM | Ended: Jun 23, 2023 1:03 PM |
View
Output
Video
Test | Artifacts | |
---|---|---|
Header > should show user menu |
Output
Screenshots
Video
|
View
Output
Video
Test | Artifacts | |
---|---|---|
Project > should show integration doc |
Output
Screenshots
Video
|
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.
This PR contains the following updates:
2.9.14
->2.9.16
GitHub Vulnerability Alerts
CVE-2023-34092
Summary
Vite Server Options (
server.fs.deny
) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the defaultfs.deny
settings (['.env', '.env.*', '*.{crt,pem}']
)Impact
Only users explicitly exposing the Vite dev server to the network (using
--host
orserver.host
config option) are affected, and only files in the immediate Vite project root folder could be exposed.Patches
Fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5 And in the latest minors of the previous two majors: vite@3.2.7, vite@2.9.16
Details
Vite serve the application with under the root-path of the project while running on the dev mode. By default, vite using server options fs.deny to protected the sensitive information of the file. But, with simply double forward-slash, we can bypass this fs restriction.
PoC
//
) (e.g://.env
,//.env.local
)fs.deny
restrict successfully bypassed.Proof Images:
Release Notes
vitejs/vite
### [`v2.9.16`](https://togithub.com/vitejs/vite/releases/tag/v2.9.16) [Compare Source](https://togithub.com/vitejs/vite/compare/v2.9.15...v2.9.16) Please refer to [CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v2.9.16/packages/vite/CHANGELOG.md) for details. ### [`v2.9.15`](https://togithub.com/vitejs/vite/releases/tag/v2.9.15) [Compare Source](https://togithub.com/vitejs/vite/compare/v2.9.14...v2.9.15) Please refer to [CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v2.9.15/packages/vite/CHANGELOG.md) for details.Configuration
๐ Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
๐ Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.