Bump vite from 6.0.7 to 6.0.9 (!81) · Merge requests · tools / zitzoeker

Merged Dependabot requested to merge dependabot-npm_and_yarn-vite-6.0.9 into master 2 months ago

All threads resolved!

Bumps vite from 6.0.7 to 6.0.9.

Release notes

v6.0.9

This version contains a breaking change due to security fixes. See https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.0.9 (2025-01-20)

fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)

fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)

fix: verify token for HMR WebSocket connection (029dcd6)

6.0.8 (2025-01-20)

fix: avoid SSR HMR for HTML files (#19193) (3bd55bc), closes #19193

fix: build time display 7m 60s (#19108) (cf0d2c8), closes #19108

fix: don't resolve URL starting with double slash (#19059) (35942cd), closes #19059

fix: ensure server.close() only called once (#19204) (db81c2d), closes #19204

fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#19174) (ad75c56), closes #19174

fix: tree shake stringified JSON imports (#19189) (f2aed62), closes #19189

fix: use shared sigterm callback (#19203) (47039f4), closes #19203

fix(deps): update all non-major dependencies (#19098) (8639538), closes #19098

fix(optimizer): use correct default install state path for yarn PnP (#19119) (e690d8b), closes #19119

fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #19146

chore(deps): update dependency pathe to v2 (#19139) (71506f0), closes #19139

Commits

a55f8ba release: v6.0.9
bd896fb fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
029dcd6 fix: verify token for HMR WebSocket connection
b09572a fix!: default server.cors: false to disallow fetching from untrusted origins
c0f72a6 release: v6.0.8
f2aed62 fix: tree shake stringified JSON imports (#19189)
db81c2d fix: ensure server.close() only called once (#19204)
47039f4 fix: use shared sigterm callback (#19203)
3bd55bc fix: avoid SSR HMR for HTML files (#19193)
e690d8b fix(optimizer): use correct default install state path for yarn PnP (#19119)
Additional commits viewable in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Activity

Dependabot added dependencies javascript labels 2 months ago

added dependencies javascript labels
Dependabot @dependabot 2 months ago

Author Maintainer

Resolved 2 months ago by Dependabot

$dependabot recreate

Last reply by Dependabot 2 months ago
Dependabot resolved all threads 2 months ago

resolved all threads
Dependabot added 3 commits 2 months ago
added 3 commits

34e029df...6cb7c8ef - 2 commits from branch master

8603f2dd - Bump vite from 6.0.7 to 6.0.9

Compare with previous version
Dependabot merged 2 months ago

merged
Dependabot mentioned in commit a84eb33e 2 months ago

mentioned in commit a84eb33e

Please register or sign in to reply

Bump vite from 6.0.7 to 6.0.9

v6.0.9

v6.0.8

6.0.9 (2025-01-20)

6.0.8 (2025-01-20)

Merge request reports

Merged by Dependabot 2 months ago (Jan 20, 2025 7:31pm UTC) 2 months ago

Activity