14428360177
89%

Ran 13 Apr 2025 09:54AM UTC

Jobs 6

Files 218

Run time 2min

Badge

Embed ▾

Committed 13 Apr 2025 09:52AM UTC coverage: 87.732% (-0.02%) from 87.749%

Build # 14428360177

Build Type

push

github

Committed by

web-flow

Commit Message

chore(deps): update dependency vite to v6.2.6 [security] (main) (#7225)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`6.2.5` ->
`6.2.6`](https://renovatebot.com/diffs/npm/vite/6.2.5/6.2.6) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/6.2.5/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.2.5/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-32395](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4)

### Summary
The contents of arbitrary files can be returned to the browser if the
dev server is running on Node or Bun.

### Impact
Only apps with the following conditions are affected.

- explicitly exposing the Vite dev server to the network (using --host
or [server.host config
option](https://vitejs.dev/config/server-options.html#server-host))
- running the Vite dev server on runtimes that are not Deno (e.g. Node,
Bun)

### Details

[HTTP 1.1 spec (RFC 9112) does not allow `#` in
`request-target`](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2).
Although an attacker can send such a request. For those requests with an
invalid `request-line` (it includes `request-target`), the spec
[recommends to reject them with 400 or
301](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2-4). The
same can be said for HTTP 2
([ref1](https://datatracker.ietf.org/doc/html/rfc9113#secti... (continued)

Run Details

2982 of 3936 branches covered (75.76%)

5206 of 5934 relevant lines covered (87.73%)

87613.16 hits per line

Uncovered Existing Lines

Lines	Coverage	∆	File
1	89.19	-2.7%	packages/charts/src/components/ColumnChart/ColumnChart.tsx

Subprojects

ID	Flag name	Job ID	Ran	Files	Coverage
1	main/src/components	14428360177.1	13 Apr 2025 09:59AM UTC	149	85.24	GitHub Action Run
2	main/src/internal	14428360177.2	13 Apr 2025 09:54AM UTC	149	15.36	GitHub Action Run
3	base	14428360177.3	13 Apr 2025 09:55AM UTC	149	16.99	GitHub Action Run
4	cypress-commands	14428360177.4	13 Apr 2025 09:55AM UTC	149	15.43	GitHub Action Run
5	compat	14428360177.5	13 Apr 2025 09:55AM UTC	160	18.89	GitHub Action Run
6	charts	14428360177.6	13 Apr 2025 09:56AM UTC	207	27.85	GitHub Action Run

SAP / ui5-webcomponents-react / 14428360177
89%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Subprojects

Source Files on build 14428360177

SAP / ui5-webcomponents-react / 14428360177 89%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Subprojects

Source Files on build 14428360177

SAP / ui5-webcomponents-react / 14428360177
89%

README BADGES
x