From acedd18c077730e237cdf3d9640c73a6aadbf006 Mon Sep 17 00:00:00 2001 From: rcourtman Date: Tue, 21 Oct 2025 12:41:08 +0000 Subject: [PATCH] fix: upgrade vite to 6.4.1 to resolve CVE-2025-62522 Fixes Dependabot alert #33 - path traversal vulnerability in vite's server.fs.deny when using backslash on Windows. Upgraded from 6.3.5 to 6.4.1. --- frontend-modern/package-lock.json | Bin 209702 -> 210066 bytes frontend-modern/package.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend-modern/package-lock.json b/frontend-modern/package-lock.json index 22f18bb0ffe63aa9106f7ff7ec7a95a85d196a53..6d2dbcaab7454f2f2cbed09990d4ec7ea6072a6c 100644 GIT binary patch delta 489 zcmZ4XjAznIo(&h6nN9QzH(zFc!p%~Unp!k@qo(%eOZ+=@!My2-UlxsP}|IPokJgD=sI6U#p!3*89BG>urcbYLIf2z zGHOr%EyXCcy-%A_H~?YX*^7eP&sH-=HzL$+cmB)R69(ZM3Ig@j=rD0^{~XMe?F117 z`%M3h%JlrHOzhiNPGb`1LehPE0aK$fT%qCgd3=nHlRvO=Za;p7Nk$MN0dnK^FHf1A zcop}^z#gMH7%%2bS(AuF>y2wbul(6Ofkr*FxAdZ^DZ!& mevpMpe{#VePO$yJn9|y=^O=d4AB#Ju1Knw`{R$IvkO2VBceO(R delta 393 zcmbRAl4sd7o(&h6nT_>KH(zFc!ae=NUq-3TPx*K1P8Y~wl%M{gh*4znf?slzZ~A(*;Nz z`*-Zyr_?ZdG=hbh}4zuF+{OL@NT+^$Qfkxb4$kb>&-C+;V z)z!R=&XYf|aZVRtVK$g9aE^&(yYMxp7Xs6!F$r#0c+TX+!)QG9A+z!H0ybur>9amF zaWNWCU!cIK8j@S=8s_2U8k`)Ml#!hj7LufIlIanZ;$;>bQK0WwR^ek*oK+qf=$7VG zn3L*JlIL7lX6R*HoM>5<6keromK|=GYZ;POm1k*G7OtHgWf&f27C5=^q}BA5MU33r R`@b+T@uNC%JJ5+u1_1T5j=}%{ diff --git a/frontend-modern/package.json b/frontend-modern/package.json index 754b51b..4ce5856 100644 --- a/frontend-modern/package.json +++ b/frontend-modern/package.json @@ -47,7 +47,7 @@ "prettier": "^3.3.0", "tailwindcss": "^3.4.0", "typescript": "^5.3.0", - "vite": "^6.3.5", + "vite": "^6.4.1", "vite-plugin-solid": "^2.8.0", "vitest": "^3.2.4" }