Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade vite from 2.9.1 to 2.9.17 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade vite from 2.9.1 to 2.9.17 #3

wants to merge 1 commit into from

Conversation

sascha1337
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • react/package.json
    • react/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Access Control Bypass
SNYK-JS-VITE-6182924		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: vite The new version differs by 173 commits.
  • 3441f12 release: v2.9.17
  • 0cd769c fix: port #15653 to v3 (#15655)
  • ea814d7 release: v2.9.16
  • 7d8100a fix: port #13348 to v2, fs.deny with leading double slash (#13350)
  • 4f00f58 release: [email protected]
  • 78ca0b0 release: [email protected]
  • 3a5543d release: v2.9.15
  • 521bb39 fix: fs serve only edit pathname (fixes #9148) (#9654)
  • ed8d6a7 chore: narrow down rollup version (#9651)
  • e361a80 fix(ssr-manifest): check name before saving to ssrManifest (#9595)
  • 7f01a00 fix: backport make `resolveConfig()` concurrent safe (#9224) (#9229)
  • 0d13630 release: v2.9.14
  • adb61c5 fix: backport #8979, re-encode url to prevent fs.allow bypass (fixes #8498) (#8990)
  • 84ec02a fix(css): backport #8936 (#8977)
  • 194a265 docs: Update playground links for v2 in the v2 doccumentation (#8902)
  • 7a3a9bd test: skip failing test
  • d4d89b9 fix(css): backport #7746
  • da77dee fix: reverts #8471
  • 96c885a test: add #8461 test case
  • ac58a04 test: add #8245 test case
  • d93ac8e release: v2.9.13
  • e109d64 fix: backport #8804, /@ fs/ dir traversal with escaped chars (fixes #8498) (#8805)
  • 1afc1c2 fix(wasm): support decoding data URL in Node < v16 (#8668)
  • 86a55d3 release: v2.9.12

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access Control Bypass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sascha1337 @snyk-bot