UI5 / webcomponents-react / 24066833887
82%

DEFAULT BRANCH: main
Ran
Jobs 8
Files 422
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 83.725%. Remained the same
24066833887

push

github

web-flow 
chore(deps): update dependency vite [security] (#8438)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`8.0.3` →
`8.0.5`](https://renovatebot.com/diffs/npm/vite/8.0.3/8.0.5) |
![age](https://developer.mend.io/api/mc/badges/age/npm/vite/8.0.5?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/8.0.3/8.0.5?slim=true)
|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`7.3.1` →
`7.3.2`](https://renovatebot.com/diffs/npm/vite/7.3.1/7.3.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/vite/7.3.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/7.3.1/7.3.2?slim=true)
|

### GitHub Vulnerability Alerts

####
[GHSA-4w7w-66w2-5vf9](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9)

### Summary

Any files ending with `.map` even out side the project can be returned
to the browser.

### Impact

Only apps that match the following conditions are affected:

- explicitly exposes the Vite dev server to the network (using `--host`
or [`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host))
- have a sensitive content in files ending with `.map` and the path is
predictable

### Details

In Vite v7.3.1, the dev server’s handling of `.map` requests for
optimized dependencies resolves file paths and calls `readFile` without
restricting `../` segments in the URL. As a result, it is possible to
bypass the
[`server.fs.strict`](https://vite.dev/config/server-options#server-fs-strict)
allow list and retrieve `.map` files located outside the project root,
provided they can be parsed as valid source map JSON.

### PoC
1. Crea... (continued)

2550 of 3333 branches covered (76.51%)

Branch coverage included in aggregate %.

5043 of 5736 relevant lines covered (87.92%)

118439.08 hits per line

Subprojects
ID Flag name Job ID Ran Files Coverage
1 playwright 24066833887.1 9
86.96
 GitHub Action Run
2 main/src/webComponents 24066833887.2 347
14.7
 GitHub Action Run
3 cypress-commands 24066833887.3 347
16.05
 GitHub Action Run
4 main/src/internal 24066833887.4 348
16.31
 GitHub Action Run
5 main/src/components 24066833887.5 349
81.23
 GitHub Action Run
6 base 24066833887.6 352
17.07
 GitHub Action Run
7 charts 24066833887.7 401
26.32
 GitHub Action Run
8 compat 24066833887.8 362
19.12
 GitHub Action Run
Source Files on build 24066833887