From b5d0ecfb9aff8a54e488c195e7a631afc8b92e91 Mon Sep 17 00:00:00 2001 From: asherc Date: Sun, 12 Apr 2026 14:37:29 +0300 Subject: [PATCH] fix(deps): upgrade vite to 5.4.21 to patch 4 CVEs Bumps vite from 5.4.14 to 5.4.21 to address: - CVE-2025-31125 (access control bypass, exploited in the wild) - CVE-2025-30208 (file content disclosure) - CVE-2025-31486 (file access bypass) - CVE-2025-46565 (path traversal) --- vim--base-app-template--react/package-lock.json | 8 ++++---- vim--base-app-template--react/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vim--base-app-template--react/package-lock.json b/vim--base-app-template--react/package-lock.json index bdd2d41..6a6fda4 100644 --- a/vim--base-app-template--react/package-lock.json +++ b/vim--base-app-template--react/package-lock.json @@ -31,7 +31,7 @@ "postcss": "^8.4.41", "typescript": "^5.5.3", "typescript-eslint": "^8.0.1", - "vite": "^5.4.1", + "vite": "^5.4.21", "wrangler": "4.13.0" } }, @@ -4129,9 +4129,9 @@ } }, "node_modules/vite": { - "version": "5.4.14", - "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.14.tgz", - "integrity": "sha512-EK5cY7Q1D8JNhSaPKVK4pwBFvaTmZxEnoKXLG/U9gmdDcihQGNzFlgIvaxezFR4glP1LsuiedwMBqCXH3wZccA==", + "version": "5.4.21", + "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.21.tgz", + "integrity": "sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==", "dev": true, "dependencies": { "esbuild": "^0.21.3", diff --git a/vim--base-app-template--react/package.json b/vim--base-app-template--react/package.json index 4e5ecdc..486a55e 100644 --- a/vim--base-app-template--react/package.json +++ b/vim--base-app-template--react/package.json @@ -35,7 +35,7 @@ "postcss": "^8.4.41", "typescript": "^5.5.3", "typescript-eslint": "^8.0.1", - "vite": "^5.4.1", + "vite": "^5.4.21", "wrangler": "4.13.0" } }