fix: vite security issue (#9773)

withastro · Jan 23, 2024 · 9aa7a53 · 9aa7a53
1 parent 3b5824a
commit 9aa7a53
Show file tree

Hide file tree

Showing 9 changed files with 95 additions and 46 deletions.
diff --git a/.changeset/tricky-cobras-provide.md b/.changeset/tricky-cobras-provide.md
@@ -0,0 +1,5 @@
+---
+"astro": patch
+---
+
+Raises the required vite version to address a vulnerability in `vite.server.fs.deny` that affected the dev mode.
diff --git a/packages/astro/package.json b/packages/astro/package.json
@@ -172,7 +172,7 @@
     "tsconfck": "^3.0.0",
     "unist-util-visit": "^5.0.0",
     "vfile": "^6.0.1",
-    "vite": "^5.0.10",
+    "vite": "^5.0.12",
     "vitefu": "^0.2.5",
     "which-pm": "^2.1.1",
     "yargs-parser": "^21.1.1",

diff --git a/packages/integrations/markdoc/package.json b/packages/integrations/markdoc/package.json
@@ -88,7 +88,7 @@
     "devalue": "^4.3.2",
     "linkedom": "^0.16.4",
     "mocha": "^10.2.0",
-    "vite": "^5.0.10"
+    "vite": "^5.0.12"
   },
   "engines": {
     "node": ">=18.14.1"

diff --git a/packages/integrations/mdx/package.json b/packages/integrations/mdx/package.json
@@ -75,7 +75,7 @@
     "remark-shiki-twoslash": "^3.1.3",
     "remark-toc": "^9.0.0",
     "unified": "^11.0.4",
-    "vite": "^5.0.10"
+    "vite": "^5.0.12"
   },
   "engines": {
     "node": ">=18.14.1"

diff --git a/packages/integrations/react/package.json b/packages/integrations/react/package.json
@@ -56,10 +56,10 @@
     "astro-scripts": "workspace:*",
     "chai": "^4.3.7",
     "cheerio": "1.0.0-rc.12",
+    "mocha": "^10.2.0",
     "react": "^18.1.0",
     "react-dom": "^18.1.0",
-    "vite": "^5.0.10",
-    "mocha": "^10.2.0"
+    "vite": "^5.0.12"
   },
   "peerDependencies": {
     "@types/react": "^17.0.50 || ^18.0.21",

diff --git a/packages/integrations/svelte/package.json b/packages/integrations/svelte/package.json
@@ -49,7 +49,7 @@
     "astro": "workspace:*",
     "astro-scripts": "workspace:*",
     "svelte": "^4.2.5",
-    "vite": "^5.0.10"
+    "vite": "^5.0.12"
   },
   "peerDependencies": {
     "astro": "^4.0.0",

diff --git a/packages/integrations/tailwind/package.json b/packages/integrations/tailwind/package.json
@@ -43,7 +43,7 @@
     "chai": "^4.3.7",
     "mocha": "^10.2.0",
     "tailwindcss": "^3.3.5",
-    "vite": "^5.0.10"
+    "vite": "^5.0.12"
   },
   "peerDependencies": {
     "astro": "^3.0.0 || ^4.0.0",

diff --git a/packages/integrations/vue/package.json b/packages/integrations/vue/package.json
@@ -53,7 +53,7 @@
     "cheerio": "1.0.0-rc.12",
     "linkedom": "^0.16.4",
     "mocha": "^10.2.0",
-    "vite": "^5.0.10",
+    "vite": "^5.0.12",
     "vue": "^3.3.8"
   },
   "peerDependencies": {

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml