Skip to content

fix(security): bump vite and js-yaml overrides to patched versions#100

Merged
watany-dev merged 2 commits into
mainfrom
claude/ci-security-fix-ujbtoa
Jun 22, 2026
Merged

fix(security): bump vite and js-yaml overrides to patched versions#100
watany-dev merged 2 commits into
mainfrom
claude/ci-security-fix-ujbtoa

Conversation

@watany-dev

Copy link
Copy Markdown
Owner

Resolve bun audit failures in the CI security job:

bun audit now reports no vulnerabilities.

Claude-Session: https://claude.ai/code/session_01VnT5d5W52tycaVnUQvx3zg

claude added 2 commits June 22, 2026 16:17
Resolve `bun audit` failures in the CI security job:
- vite: >=7.3.2 -> >=7.3.5 (fixes GHSA-fx2h-pf6j-xcff server.fs.deny
  bypass and GHSA-v6wh-96g9-6wx3 launch-editor NTLMv2 disclosure;
  versions <=7.3.4 were vulnerable)
- js-yaml: add >=4.2.0 override (fixes GHSA-h67p-54hq-rp68
  quadratic-complexity DoS via merge keys; <=4.1.1 vulnerable)

bun audit now reports no vulnerabilities.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01VnT5d5W52tycaVnUQvx3zg
Bump both vitest and @vitest/coverage-v8 to 4.1.9 so their versions
match, removing the "Running mixed versions is not supported" warning
emitted during test:coverage.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01VnT5d5W52tycaVnUQvx3zg
@watany-dev watany-dev merged commit 4ef6cac into main Jun 22, 2026
7 checks passed
@watany-dev watany-dev deleted the claude/ci-security-fix-ujbtoa branch June 22, 2026 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants