[security] deps: vulnerability in vite (high) #236
Labels
No labels
autopilot:pending-human
source:analyste
source:defenseur
source:human
source:medic
status:approved
status:blocked
status:in-progress
status:needs-clarification
status:needs-fix
status:ready
status:review
status:triage
type:bug
type:feature
type:infra
type:refactor
type:schema
type:security
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: maximus/Simpl-Resultat#236
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Contexte
Detecte par le Defenseur defenseur-simpl-resultat (npm audit) le 2026-06-30. Vulnerabilite HIGH sur
vite@6.4.2, range affecte<=6.4.2:server.fs.denybypass on Windows alternate pathsviteest une devDependency directe. Plusieurs chemins (@tailwindcss/vite,@vitejs/plugin-react,vitest) sont tous deja deduped a la meme version -- un bump direct suffit, pas d'override necessaire.Travail a faire
viteen^6.4.3danspackage.json(devDependencies)npm installpour regenererpackage-lock.jsonnpm ls vite-> une seule version>=6.4.3(deduped),npm auditne liste plus ce CVEFichiers concernes
package.json(version devite)package-lock.json(regenere)Surface de test
Aucune (dev-only : build tool + tests). Verification :
npm run build(ou equivalent Tauri) etnpm testpassent toujours.Criteres d'acceptation
npm audit --json | jq '.vulnerabilities.vite'videnpm ls vite>= 6.4.3, dedupe (une seule version)Complexite estimee
Simple.