VULN UPGRADE: minor upgrades — 12 packages (minor: 5 · patch: 7) [examples/single-page-app]

[campaigner-prod]

Summary: Security update — 12 packages upgraded (MINOR changes included)

Manifests changed:

• examples/single-page-app (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
vite	5.2.13	5.2.14	patch	18 MODERATE, 4 LOW
@emotion/react	11.11.4	11.14.0	minor	-
@emotion/styled	11.11.5	11.14.1	minor	-
eslint-plugin-import	2.29.1	2.32.0	minor	-
eslint-plugin-promise	6.2.0	6.6.0	minor	-
react-router-dom	6.23.1	6.30.3	minor	-
@types/react	18.3.3	18.3.28	patch	-
@types/react-dom	18.3.0	18.3.7	patch	-
@vitejs/plugin-react	4.3.1	4.3.4	patch	-
eslint-plugin-react	7.34.2	7.34.4	patch	-
eslint-plugin-react-refresh	0.4.7	0.4.26	patch	-
framer-motion	11.2.10	11.2.14	patch	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (22)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
vite	GHSA-859w-5945-r5v3	MODERATE	Vite's server.fs.deny bypassed with /. for files under project root	5.2.13	6.3.4
vite	CVE-2025-46565	MODERATE	Vite's server.fs.deny bypassed with /. for files under project root	5.2.13	-
vite	GHSA-9cwx-2883-4wfx	MODERATE	Vite's server.fs.deny is bypassed when using ?import&raw	5.2.13	5.4.6
vite	CVE-2024-45811	MODERATE	server.fs.deny bypassed when using ?import&raw in vite	5.2.13	-
vite	GHSA-93m4-6634-74q7	MODERATE	vite allows server.fs.deny bypass via backslash on Windows	5.2.13	7.1.11
vite	CVE-2025-62522	MODERATE	vite allows server.fs.deny bypass via backslash on Windows	5.2.13	-
vite	GHSA-vg6x-rcgg-rjx6	MODERATE	Websites were able to send any requests to the development server and read the response in vite	5.2.13	6.0.9
vite	CVE-2025-24010	MODERATE	Vite allows any websites to send any requests to the development server and read the response	5.2.13	-
vite	CVE-2025-30208	MODERATE	Vite bypasses server.fs.deny when using ?raw??	5.2.13	-
vite	GHSA-x574-m823-4x7w	MODERATE	Vite bypasses server.fs.deny when using ?raw??	5.2.13	6.2.3
vite	CVE-2025-31125	MODERATE	Vite has a server.fs.deny bypassed for inline and raw with ?import query	5.2.13	-
vite	GHSA-4r4m-qw57-chr8	MODERATE	Vite has a server.fs.deny bypassed for inline and raw with ?import query	5.2.13	6.2.4
vite	CVE-2025-32395	MODERATE	Vite has an server.fs.deny bypass with an invalid request-target	5.2.13	-
vite	GHSA-356w-63v5-8wf4	MODERATE	Vite has an server.fs.deny bypass with an invalid request-target	5.2.13	6.2.6
vite	GHSA-64vr-g452-qvp3	MODERATE	Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS	5.2.13	5.4.6
vite	CVE-2024-45812	MODERATE	DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite	5.2.13	-
vite	GHSA-xcj6-pq6g-qj4x	MODERATE	Vite allows server.fs.deny to be bypassed with .svg or relative paths	5.2.13	6.2.5
vite	CVE-2025-31486	MODERATE	Vite allows server.fs.deny to be bypassed with .svg or relative paths	5.2.13	-
vite	CVE-2025-58751	LOW	Vite middleware may serve files starting with the same name with the public directory	5.2.13	-
vite	CVE-2025-58752	LOW	Vite's server.fs settings were not applied to HTML files	5.2.13	-
vite	GHSA-g4jq-h2w9-997c	LOW	Vite middleware may serve files starting with the same name with the public directory	5.2.13	7.1.5
vite	GHSA-jqfw-vq24-v9c3	LOW	Vite's server.fs settings were not applied to HTML files	5.2.13	7.1.5

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[dd-prapprover]

This PR has been automatically approved by the DD PR Approver bot.

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-02-13 07:05:15 UTC ℹ️ Start processing command /merge

---

2026-02-13 07:05:19 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 0s (p90).

---

2026-02-13 15:01:46 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

---

2026-02-13 17:02:00 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

---

2026-02-13 19:02:14 UTC ❌ MergeQueue: The build pipeline has timeout

The merge request has been interrupted because the build 0 took longer than expected. The current limit for the base branch 'master' is 120 minutes.