SAP / ui5-webcomponents-react / 12905359653
89%

DEFAULT BRANCH: main
Ran
Jobs 6
Files 216
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 87.343%. Remained the same
12905359653

push

github

web-flow 
chore(deps): update dependency vite to v6.0.9 [security] (#6846)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`6.0.7` ->
`6.0.9`](https://renovatebot.com/diffs/npm/vite/6.0.7/6.0.9) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/6.0.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/6.0.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/6.0.7/6.0.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.0.7/6.0.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-24010](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6)

### Summary
Vite allowed any websites to send any requests to the development server
and read the response due to default CORS settings and lack of
validation on the Origin header for WebSocket connections.

### Upgrade Path
Users that does not match either of the following conditions should be
able to upgrade to a newer version of Vite that fixes the vulnerability
without any additional configuration.

- Using the backend integration feature
- Using a reverse proxy in front of Vite
- Accessing the development server via a domain other than `localhost`
or `*.localhost`
- Using a plugin / framework that connects to the WebSocket server on
their own from the browser

#### Using the backend integration feature
If you are using the backend integration feature and not setting
[`server.origin`](https://vite.dev/config/server-options.html#server-origin),
you need to add the origin of the backend serve... (continued)

2904 of 3865 branches covered (75.14%)

5079 of 5815 relevant lines covered (87.34%)

42123.93 hits per line

Subprojects
ID Flag name Job ID Ran Files Coverage
1 main/src/internal 12905359653.1 148
15.63
 GitHub Action Run
2 compat 12905359653.2 159
19.12
 GitHub Action Run
3 base 12905359653.3 148
15.67
 GitHub Action Run
4 cypress-commands 12905359653.4 148
15.52
 GitHub Action Run
5 charts 12905359653.5 205
28.26
 GitHub Action Run
6 main/src/components 12905359653.6 148
84.77
 GitHub Action Run
Source Files on build 12905359653