Commit 22ca07a
committed
chore(deps): patch vite + yaml CVEs flagged by Dependabot
Resolves all six open Dependabot alerts:
vite 7.3.1 → 7.3.2 (npm audit fix, no breaking changes):
- GHSA-p9ff-h696-f583 (high) — Arbitrary file read via dev server WS
- GHSA-4w7w-66w2-5vf9 (medium) — Path traversal in optimized deps .map
- GHSA-v2wj-q39q-566r (high) — server.fs.deny bypass via queries
yaml 2.x → 2.8.3 via package.json `overrides` block:
- GHSA-48c2-rrv3-qjmp (moderate) — Stack overflow on deeply nested
YAML collections. Pulled transitively by @astrojs/check (dev only)
via the yaml-language-server chain. Override forces every yaml dep
in the tree to the patched version without downgrading
@astrojs/check (which `npm audit fix --force` would have done).
npm audit reports 0 vulnerabilities after the change. Astro check
clean, 372 tests pass, full build succeeds.1 parent a04fdc8 commit 22ca07a
2 files changed
+6
-16
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
40 | 43 | | |
41 | 44 | | |
0 commit comments