Skip to content

fix(deps): bump vite to ^6.4.2 (Dependabot alert #24)#35

Merged
racmac57 merged 2 commits into
mainfrom
fix/vite-path-traversal-alert-24
Apr 14, 2026
Merged

fix(deps): bump vite to ^6.4.2 (Dependabot alert #24)#35
racmac57 merged 2 commits into
mainfrom
fix/vite-path-traversal-alert-24

Conversation

@racmac57
Copy link
Copy Markdown
Owner

@racmac57 racmac57 commented Apr 14, 2026

Summary

Notes

  • Patched version per advisory is 6.4.2 — no backport to 4.x or 5.x, so a major-version bump is required.
  • The folder is an archived, timestamped snapshot. It is not built or installed in CI or locally; this is a declaration-only change to close the alert against the tracked manifest.
  • Follows the same pattern as PR fix: bump nltk, pytest, Flask to resolve Dependabot security alerts #34.

Test plan

@racmac57 racmac57 requested a review from hy5guy as a code owner April 14, 2026 00:55
@racmac57
fix(deps): bump vite from ^4.4.5 to ^6.4.2 in legacy archive
2448b57 
Resolves Dependabot alert #24 (GHSA-93m4-mmwf-r9vq): Vite path
traversal in optimized deps `.map` handling. Patched version 6.4.2.

The archived snapshot under 06_config/legacy/ClaudeExportFixer_20251029_215403/
is not built or installed; this is a declaration-only bump to close the
security alert against the tracked manifest.
@racmac57 racmac57 mentioned this pull request Apr 14, 2026
Merged
3 tasks
@racmac57 racmac57 merged commit a27da57 into main Apr 14, 2026
6 checks passed
@racmac57 racmac57 deleted the fix/vite-path-traversal-alert-24 branch April 14, 2026 01:29
racmac57 added a commit that referenced this pull request Apr 14, 2026
@racmac57
docs: add session note for 2026-04-14 Dependabot + CI work
4d068c9 
Short in-repo pointer to the canonical handoff in cad_rms_data_quality.
Summarizes PRs #24, #35, #36 and the test_job_integrity root cause in
one paragraph — full handoff is not duplicated here.
@racmac57 racmac57 mentioned this pull request Apr 14, 2026
Merged
1 task
racmac57 added a commit that referenced this pull request Apr 14, 2026
@racmac57
docs: add session note for 2026-04-14 Dependabot + CI work (#37)
33a7a67 
Short in-repo pointer to the canonical handoff in cad_rms_data_quality.
Summarizes PRs #24, #35, #36 and the test_job_integrity root cause in
one paragraph — full handoff is not duplicated here.

Co-authored-by: Robert Carucci <racmac57@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hy5guy hy5guy Awaiting requested review from hy5guy

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@racmac57