chore(deps-dev): Bump vitest from 3.2.4 to 3.2.6#22
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
|
||
| vitest@3.2.4: | ||
| resolution: {integrity: sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A==} | ||
| vitest@3.2.6: |
There was a problem hiding this comment.
Risk: Affected versions of vitest are vulnerable to Missing Authorization. When the Vitest UI server is listening, the deprecated isFileServingAllowed check is applied without normalizing the URL before filesystem operations, allowing path traversal that lets an attacker read, write, and execute arbitrary files outside the project directory.
Manual Review Advice: A vulnerability from this advisory is reachable if you run the Vitest UI on Windows, or you expose the Vitest UI server to the network with the --api.host flag or api.host config option
Fix: Upgrade this library to at least version 4.1.0 at openpartner/pnpm-lock.yaml:2949.
Reference(s): GHSA-5xrq-8626-4rwp
🧹 Removed in commit 2f85e80 🧹
23c4fec to
2f85e80
Compare
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 3.2.6. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 3.2.6 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
2f85e80 to
ac82626
Compare
Bumps vitest from 3.2.4 to 3.2.6.
Release notes
Sourced from vitest's releases.
Commits
b6d56f8chore: release v3.2.616f120dfix: pin last supported vite-node version2cbad0achore: release v3.2.5385a1aefix(browser): disable clientcdpAPI whenallowWrite/allowExec: false[ba...af88b1ffeat(api): addallowWriteandallowExecoptions toapi[backport to v3]...Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.