Closed depfu[bot] closed 5 months ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/vite@4.5.2 | environment, eval, filesystem, network, shell, unsafe | +33 |
220 MB | antfu, patak, soda, ...2 more |
🚮 Removed packages: npm/vite@4.5.1
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ vite (4.5.1 → 4.5.2) · Repo · Changelog
Security Advisories 🚨
🚨 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Release Notes
4.5.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 2 commits:
release: v4.5.2
fix: fs deny for case insensitive systems (#15653)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands