SAP / ui5-webcomponents-react / 14063744184 / 6 – main/src/components
89%
main: 89%

DEFAULT BRANCH: main
Ran
Files 148
Run time 32s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 84.982%. Remained the same
main/src/components – 14063744184.6

push

github

web-flow 
chore(deps): update dependency vite to v6.2.3 [security] (main) (#7143)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`6.2.2` ->
`6.2.3`](https://renovatebot.com/diffs/npm/vite/6.2.2/6.2.3) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/6.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/6.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/6.2.2/6.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.2.2/6.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-30208](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w)

### Summary
The contents of arbitrary files can be returned to the browser.

### Impact
Only apps explicitly exposing the Vite dev server to the network (using
`--host` or [`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host)) are
affected.

### Details
`@fs` denies access to files outside of Vite serving allow list. Adding
`?raw??` or `?import&raw??` to the URL bypasses this limitation and
returns the file content if it exists. This bypass exists because
trailing separators such as `?` are removed in several places, but are
not accounted for in query string regexes.

### PoC
```bash
$ npm create vite@latest
$ cd vite-project/
$ npm install
$ npm run dev

$ echo "top secret content" > /tmp/secret.txt

# expected behaviour
$ curl "http://localhost:5173/@​fs/tmp/secret.txt"

    <body>
      <h1>403 Restricted</h1>
      <p>The request url &quot;/tm... (continued)

2274 of 2904 branches covered (78.31%)

3865 of 4548 relevant lines covered (84.98%)

117117.02 hits per line

Source Files on job main/src/components - 14063744184.6