Skip to content

build(deps-dev): bump vite from 5.4.21 to 6.4.3#2147

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-6.4.3
Open

build(deps-dev): bump vite from 5.4.21 to 6.4.3#2147
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-6.4.3

build(deps-dev): bump vite from 5.4.21 to 6.4.3

25549be
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Jun 17, 2026 in 6s

3 new alerts including 1 high severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

  • 1 high
  • 2 medium

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 20086 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

vite: `server.fs.deny` bypass on Windows alternate paths High

Package: vite
Installed Version: 5.4.21
Vulnerability CVE-2026-53571
Severity: HIGH
Fixed Version: 8.0.16, 7.3.5, 6.4.3
Link: CVE-2026-53571

Check warning on line 20086 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

vite: Vite: Information disclosure via path traversal in dev server's .map request handling Medium

Package: vite
Installed Version: 5.4.21
Vulnerability CVE-2026-39365
Severity: MEDIUM
Fixed Version: 8.0.5, 7.3.2, 6.4.2
Link: CVE-2026-39365

Check warning on line 20086 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows Medium

Package: vite
Installed Version: 5.4.21
Vulnerability CVE-2026-53632
Severity: MEDIUM
Fixed Version: 8.0.16, 7.3.5, 6.4.3
Link: CVE-2026-53632