Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade vite #9443

Closed
1 task done
florian-lefebvre opened this issue Dec 15, 2023 · 0 comments · Fixed by #9452
Closed
1 task done

Upgrade vite #9443

florian-lefebvre opened this issue Dec 15, 2023 · 0 comments · Fixed by #9452
Assignees
@florian-lefebvre
Labels
- P1: chore Doesn't change code behavior (priority)

Comments

@florian-lefebvre
Copy link
Member

Astro Info

Not applicable

If this issue only occurs in one browser, which browser is a problem?

No response

Describe the Bug

According to https://github.com/withastro/astro/security/dependabot/33, there's a vulnerability in vite. After discussing with @matthewp, we should not be using that method in Astro but it does not hurt to upgrade Vite anyway!

What's the expected result?

Apply dependabot recommendation:

Upgrade vite to version 5.0.5 or later

Link to Minimal Reproducible Example

N/A

Participation

  • I am willing to submit a pull request for this issue.
@florian-lefebvre florian-lefebvre added the - P1: chore Doesn't change code behavior (priority) label Dec 15, 2023
@github-actions github-actions bot added the needs triage Issue needs to be triaged label Dec 15, 2023
@florian-lefebvre florian-lefebvre removed the needs triage Issue needs to be triaged label Dec 16, 2023
@florian-lefebvre florian-lefebvre self-assigned this Dec 17, 2023
@florian-lefebvre florian-lefebvre mentioned this issue Dec 17, 2023
Merged
ematipico added a commit that referenced this issue Dec 20, 2023
@florian-lefebvre @ematipico
chore: upgrade vite to latest (close #9443) (#9452)
e83b509 
* chore: upgrade vite to latest

* chore: add changeset

* fix: enforce type

* fix: postcss

* chore: log messages

* fix: take vite re-optimizing message into account

---------

Co-authored-by: Emanuele Stoppa <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@florian-lefebvre florian-lefebvre

Labels
- P1: chore Doesn't change code behavior (priority)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: upgrade vite to latest (close #9443) florian-lefebvre/astro
1 participant
@florian-lefebvre