chore(deps-dev): bump vite from 6.4.1 to 6.4.2 in /web#1088
chore(deps-dev): bump vite from 6.4.1 to 6.4.2 in /web#1088dependabot[bot] wants to merge 1 commit intodevfrom
Conversation
dependabot
bot
added
dependencies
|
@aaight dude, fix CI |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/web/vite-6.4.2
branch
from
d0de00f to
c0fc357
Compare
|
Done. The CI check was failing because Fixed by adding 🕵️ claude-code · claude-sonnet-4-6 · run details |
|
@dependabot rebase |
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
|
@dependabot recreate |
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.1 to 6.4.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/web/vite-6.4.2
branch
from
b668751 to
492a56e
Compare
Security patches for two advisories blocked on Dependabot: - vite 6.4.1 → 6.4.2: path traversal in optimize deps sourcemap handler, server.fs check for env transport (vitejs/vite#22161, #22159) - picomatch 4.0.3 → 4.0.4: CVE-2026-33671, CVE-2026-33672 Replaces #1088 and #1058, which were stuck on CI because Dependabot's lockfile regeneration produced a divergent lockfile vs. dev (dropped @trpc/server and react-is resolved entries, added platform-specific tailwindcss-oxide-wasm32-wasi nested entries). Rather than iterate on @dependabot recreate, bundled both bumps into a single manual PR with a lockfile regenerated from dev's current state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Superseded by #1098 — Dependabot's regenerated lockfile kept diverging from |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Security patches for two advisories blocked on Dependabot: - vite 6.4.1 → 6.4.2: path traversal in optimize deps sourcemap handler, server.fs check for env transport (vitejs/vite#22161, #22159) - picomatch 4.0.3 → 4.0.4: CVE-2026-33671, CVE-2026-33672 Replaces #1088 and #1058, which were stuck on CI because Dependabot's lockfile regeneration produced a divergent lockfile vs. dev (dropped @trpc/server and react-is resolved entries, added platform-specific tailwindcss-oxide-wasm32-wasi nested entries). Rather than iterate on @dependabot recreate, bundled both bumps into a single manual PR with a lockfile regenerated from dev's current state. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2 participants
Bumps vite from 6.4.1 to 6.4.2.
Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
6b3fad0release: v6.4.2ca4da5dfix: avoid path traversal with optimize deps sourcemap handler (#22161)fe28e47fix: apply server.fs check to env transport (#22159) (#22163)5487f4frelease: v6.4.11114b5dfix(dev): trim trailing slash beforeserver.fs.denycheck (#20968) (#20969)f12697crelease: v6.4.0ca6455efeat: allow passing down resolved config to vite's createServer (#20932)0e173d8release: v6.3.7c59a222fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)3f337c5release: v6.3.6