[Snyk] Fix for 2 vulnerabilities #37
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SIRV-12558119 - https://snyk.io/vuln/SNYK-JS-VITE-12558116
There was a problem hiding this comment.
Pull Request Overview
This PR addresses security vulnerabilities by upgrading npm dependencies to fix 2 low-severity vulnerabilities: a Directory Traversal vulnerability in sirv and a Relative Path Traversal vulnerability in vite.
- Updates multiple development dependencies to their latest secure versions
- Upgrades vite from v2.9.16 to v5.4.20 (major version upgrade)
- Updates related vite plugins and testing frameworks to maintain compatibility
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| "pnpm": "^7.33.4", | ||
| "typescript": "^4.7.2", | ||
| "unocss": "^0.45.22", | ||
| "unocss": "^0.65.2", |
There was a problem hiding this comment.
This represents a major version upgrade for vite (2.x to 5.x) and other dependencies. Major version upgrades often include breaking changes that could affect your application's functionality. Consider testing thoroughly and reviewing the migration guides for each package to ensure compatibility with your existing codebase.
| "unocss": "^0.65.2", | |
| "unocss": "^0.58.6", |
| "vite-plugin-md": "^0.14.0", | ||
| "vite": "^5.4.20", | ||
| "vite-plugin-inspect": "^0.8.8", | ||
| "vite-plugin-md": "^0.18.0", |
There was a problem hiding this comment.
This represents a major version upgrade for vite (2.x to 5.x) and other dependencies. Major version upgrades often include breaking changes that could affect your application's functionality. Consider testing thoroughly and reviewing the migration guides for each package to ensure compatibility with your existing codebase.
| "vite-plugin-md": "^0.18.0", | |
| "vite-plugin-md": "^0.23.0", |
| "vite-ssg": "^0.20.0", | ||
| "vite-ssg-sitemap": "^0.2.7", | ||
| "vitest": "^0.13.1", | ||
| "vitest": "^0.34.4", |
There was a problem hiding this comment.
This represents a major version upgrade for vite (2.x to 5.x) and other dependencies. Major version upgrades often include breaking changes that could affect your application's functionality. Consider testing thoroughly and reviewing the migration guides for each package to ensure compatibility with your existing codebase.
Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-SIRV-12558119
SNYK-JS-VITE-12558116
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Directory Traversal