Skip to content

fix(deps): bump vite to ^6.4.3 to fix CVE-2026-53632#32

Merged
davidkonigsberg merged 2 commits into
mainfrom
dependabot-alert-32-devin
Jun 24, 2026
Merged

fix(deps): bump vite to ^6.4.3 to fix CVE-2026-53632#32
davidkonigsberg merged 2 commits into
mainfrom
dependabot-alert-32-devin

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 24, 2026
edited by devin-ai-integration Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

Bumps vite devDependency from ^6.4.2 to ^6.4.3 to resolve GHSA-v6wh-96g9-6wx3 (launch-editor NTLMv2 hash disclosure via UNC path handling on Windows).

Direct dependency update — no override needed. All tests, lint, and build pass.

Link to Devin session: https://app.devin.ai/sessions/21e6ebbf38d248f7b58012f50a87e11e
Requested by: @davidkonigsberg

github-actions Bot and others added 2 commits June 24, 2026 11:01
@github-actions
[Dependabot Alert #32] Scaffold PR for vite
5a2db11
@devin-ai-integration @davidkonigsberg
fix(deps): bump vite to ^6.4.3 to fix CVE-2026-53632
4fbe6bc 
Update vite from ^6.4.2 to ^6.4.3 to resolve GHSA-v6wh-96g9-6wx3
(launch-editor NTLMv2 hash disclosure via UNC path handling on Windows).

Direct dependency update - no override needed.

Co-Authored-By: David Konigsberg <davidakonigsberg@gmail.com>
@devin-ai-integration devin-ai-integration Bot changed the title [Dependabot Alert #32] MEDIUM: vite vulnerability fix(deps): bump vite to ^6.4.3 to fix CVE-2026-53632 Jun 24, 2026
@devin-ai-integration devin-ai-integration Bot marked this pull request as ready for review June 24, 2026 11:04
@davidkonigsberg davidkonigsberg merged commit 2f722e1 into main Jun 24, 2026
1 check passed
@davidkonigsberg davidkonigsberg deleted the dependabot-alert-32-devin branch June 24, 2026 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidkonigsberg davidkonigsberg davidkonigsberg approved these changes
@patrickthornton patrickthornton Awaiting requested review from patrickthornton patrickthornton is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davidkonigsberg