14279013598
89%

Ran 05 Apr 2025 05:56AM UTC

Jobs 6

Files 216

Run time 2min

Badge

Embed ▾

Committed 05 Apr 2025 05:53AM UTC coverage: 87.5%. Remained the same

Build # 14279013598

Build Type

push

github

Committed by

web-flow

Commit Message

chore(deps): update dependency vite to v6.2.5 [security] (main) (#7191)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`6.2.4` ->
`6.2.5`](https://renovatebot.com/diffs/npm/vite/6.2.4/6.2.5) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/6.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/6.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/6.2.4/6.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.2.4/6.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-31486](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x)

### Summary

The contents of arbitrary files can be returned to the browser.

### Impact

Only apps explicitly exposing the Vite dev server to the network (using
--host or [server.host config
option](https://vitejs.dev/config/server-options.html#server-host)) are
affected..

### Details

#### `.svg`

Requests ending with `.svg` are loaded at this line.

https://github.com/vitejs/vite/blob/037f80107/packages/vite/src/node/plugins/asset.ts#L285-L290
By adding `?.svg` with `?.wasm?init` or with `sec-fetch-dest: script`
header, the restriction was able to bypass.

This bypass is only possible if the file is smaller than
[`build.assetsInlineLimit`](https://vite.dev/config/build-options.html#build-assetsinlinelimit)
(default: 4kB) and when using Vite 6.0+.

#### relative paths

The check was applied before the id normalization. This allowed requests
to bypass wit... (continued)

Run Details

2944 of 3900 branches covered (75.49%)

5124 of 5856 relevant lines covered (87.5%)

91391.71 hits per line

Subprojects

ID	Flag name	Job ID	Ran	Files	Coverage
2	main/src/internal	14279013598.2	05 Apr 2025 05:56AM UTC	148	15.44	GitHub Action Run
3	charts	14279013598.3	05 Apr 2025 05:58AM UTC	205	28.04	GitHub Action Run
4	compat	14279013598.4	05 Apr 2025 05:56AM UTC	159	18.95	GitHub Action Run
5	base	14279013598.5	05 Apr 2025 05:57AM UTC	148	17.19	GitHub Action Run
6	cypress-commands	14279013598.6	05 Apr 2025 05:56AM UTC	148	15.46	GitHub Action Run
1	main/src/components	14242795242.1	03 Apr 2025 12:27PM UTC	148	84.98	GitHub Action Run

SAP / ui5-webcomponents-react / 14279013598
89%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Subprojects

Source Files on build 14279013598

SAP / ui5-webcomponents-react / 14279013598 89%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Subprojects

Source Files on build 14279013598

SAP / ui5-webcomponents-react / 14279013598
89%

README BADGES
x