UI5 / webcomponents-react / 24066529362 / 3 – main/src/webComponents
84%
main: 82%

LAST BUILD BRANCH: fix/at-retain-col-width-recalc
DEFAULT BRANCH: main
Ran
Files 347
Run time 8s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 14.688%. Remained the same
main/src/webComponents – 24066529362.3

push

github

web-flow 
chore(deps): update dependency vite [security] (#8438)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`8.0.3` →
`8.0.5`](https://renovatebot.com/diffs/npm/vite/8.0.3/8.0.5) |
![age](https://developer.mend.io/api/mc/badges/age/npm/vite/8.0.5?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/8.0.3/8.0.5?slim=true)
|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`7.3.1` →
`7.3.2`](https://renovatebot.com/diffs/npm/vite/7.3.1/7.3.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/vite/7.3.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/7.3.1/7.3.2?slim=true)
|

### GitHub Vulnerability Alerts

####
[GHSA-4w7w-66w2-5vf9](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9)

### Summary

Any files ending with `.map` even out side the project can be returned
to the browser.

### Impact

Only apps that match the following conditions are affected:

- explicitly exposes the Vite dev server to the network (using `--host`
or [`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host))
- have a sensitive content in files ending with `.map` and the path is
predictable

### Details

In Vite v7.3.1, the dev server’s handling of `.map` requests for
optimized dependencies resolves file paths and calls `readFile` without
restricting `../` segments in the URL. As a result, it is possible to
bypass the
[`server.fs.strict`](https://vite.dev/config/server-options#server-fs-strict)
allow list and retrieve `.map` files located outside the project root,
provided they can be parsed as valid source map JSON.

### PoC
1. Crea... (continued)

36 of 2259 branches covered (1.59%)

Branch coverage included in aggregate %.

935 of 4352 relevant lines covered (21.48%)

2.84 hits per line

Source Files on job main/src/webComponents - 24066529362.3