SAP / ui5-webcomponents-react / 14428360177 / 4 – cypress-commands
89%
main: 89%

DEFAULT BRANCH: main
Ran
Files 149
Run time 3s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 15.428%. Remained the same
cypress-commands – 14428360177.4

push

github

web-flow 
chore(deps): update dependency vite to v6.2.6 [security] (main) (#7225)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`6.2.5` ->
`6.2.6`](https://renovatebot.com/diffs/npm/vite/6.2.5/6.2.6) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/6.2.5/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.2.5/6.2.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-32395](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4)

### Summary
The contents of arbitrary files can be returned to the browser if the
dev server is running on Node or Bun.

### Impact
Only apps with the following conditions are affected.

- explicitly exposing the Vite dev server to the network (using --host
or [server.host config
option](https://vitejs.dev/config/server-options.html#server-host))
- running the Vite dev server on runtimes that are not Deno (e.g. Node,
Bun)

### Details

[HTTP 1.1 spec (RFC 9112) does not allow `#` in
`request-target`](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2).
Although an attacker can send such a request. For those requests with an
invalid `request-line` (it includes `request-target`), the spec
[recommends to reject them with 400 or
301](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2-4). The
same can be said for HTTP 2
([ref1](https://datatracker.ietf.org/doc/html/rfc9113#secti... (continued)

65 of 2936 branches covered (2.21%)

712 of 4615 relevant lines covered (15.43%)

57.84 hits per line

Source Files on job cypress-commands - 14428360177.4