fix(security): resolve vitest critical advisory GHSA-5xrq-8626-4rwp (#2)

Browse Source

The weekly Security workflow started failing after a critical advisory
was published for vitest <4.1.0 (arbitrary file read/execute via the
Vitest UI server). npm audit fix bumps vitest and @vitest/coverage-v8
to 4.1.x within existing semver ranges, plus a few moderate fixes
(yaml, flatted, etc.). No package.json changes.

Verified: npm audit reports 0 critical; vitest run 92 passed; vite
build succeeds.

...

This commit is contained in:

SatoshiQaziMuhammed

2026-06-11 07:22:18 -07:00

committed by GitHub

parent 704a46f459

commit 39ff9e959f

1 changed files with 1048 additions and 829 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

package-lock.json

Generated

+1048 -829

File diff suppressed because it is too large Load Diff