Skip to content

Fix vite vulnerabilities and enable Dependabot #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 30, 2025
Merged

Fix vite vulnerabilities and enable Dependabot #2

merged 2 commits into from
Oct 30, 2025

Conversation

Copy link
Contributor

Copilot AI commented Oct 30, 2025
edited
Loading

Resolves 3 vite security vulnerabilities (1 moderate, 2 low) affecting file serving and path traversal. Adds Dependabot configuration for automated dependency updates.

Changes

  • Security fixes: Updated vitest ecosystem from 3.2.4 to 4.0.5, transitively updating vite from 7.1.4 to 7.1.12

    • vitest: 3.2.4 → 4.0.5
    • @vitest/ui: 3.2.4 → 4.0.5
    • @vitest/coverage-v8: 3.2.4 → 4.0.5

  • Dependabot: Added .github/dependabot.yml

    • Weekly npm dependency updates with grouped minor/patch versions
    • Weekly GitHub Actions updates
Original prompt

This section details on the original issue you should resolve

<issue_title>Fix vulnerabilities</issue_title>
<issue_description>I got this error:

Run actions/checkout@v4
Syncing repository: empeje/bakul-mcp
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/b846d3f1-9222-4b85-9773-6719d0c62630' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/bakul-mcp/bakul-mcp
Deleting the contents of '/home/runner/work/bakul-mcp/bakul-mcp'
Initializing the repository
Disabling automatic garbage collection
Setting up auth
Fetching the repository
Determining the checkout info
/usr/bin/git sparse-checkout disable
/usr/bin/git config --local --unset-all extensions.worktreeConfig
Checking out the ref
/usr/bin/git log -1 --format=%H
bc6d3d868099b41e614210ef577223a253cfaa7a

Also would be nice to enable dependabot.</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Fix vulnerabilities and enable dependabot Fix vite vulnerabilities and enable Dependabot Oct 30, 2025
Copilot AI requested a review from empeje October 30, 2025 22:02
Copilot finished work on behalf of empeje October 30, 2025 22:02
@empeje empeje marked this pull request as ready for review October 30, 2025 22:03
@empeje empeje merged commit ac69849 into master Oct 30, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@empeje empeje empeje approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@empeje empeje

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix vulnerabilities

2 participants

@empeje