Closed snyk-bot closed 6 months ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-VITE-5664718
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: vite
The new version differs by 44 commits.- 2f5827c release: v4.0.5
- 28548b5 fix: fs.deny with leading double slash (#13348)
- 4f7a48f release: v4.0.4
- 1b043f9 fix(optimizer): check .vite/deps directory existence before removing (#11499)
- 3748acb fix(cli): revert ctrl+C no longer kills processes (#11434) (#11518) (#11562)
- 718fc1d fix(cli): ctrl+C no longer kills processes (#11434) (#11518)
- 3647d07 chore(deps): update dependency @ rollup/plugin-json to v6 (#11553)
- 25c64d7 fix: importmap should insert before module preload link (#11492)
- f12a1ab fix(ssr): emit js sourcemaps for ssr builds (#11343)
- 7d20580 test(html): do not wrap duplicated html (#11515)
- 2c38bae fix: server.host with ipv6 missed [] (fix #11466) (#11509)
- 13ac37d chore(docs): workaround netlify pnpm build issue (#11477)
- 7a97a04 fix(build): invalidate chunk hash when css changed (#11475)
- 3d346c0 chore: update license (#11476)
- 568a014 fix: stop considering parent URLs as public file (#11145)
- b9511f1 release: v4.0.3
- 54e4df5 test: remove vue plugin from preload playground (#11451)
- 8196a5f test: remove vue plugin from optimize-deps playground (#11452)
- ed80ea5 chore(typo): fix typo (#11445)
- d3c9c0b fix(ssr): ignore module exports condition (#11409)
- 857d578 feat: allow import.meta.hot define override (#8944)
- 2f5b9b3 docs: fix typo succeful (#11415)
- 241db16 chore(deps): update dependency @ rollup/plugin-commonjs to v24 (#11420)
- 8ec44a5 release: v4.0.2
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.