BreizhHardware/portfolio
1
0
Fork 0
mirror of https://github.com/BreizhHardware/portfolio.git synced 2026-05-09 16:25:58 +02:00
Code Issues 8 Projects Packages Wiki Activity

[PR #108] [MERGED] Bump vite from 6.0.7 to 6.0.10 #184

New issue
Closed
opened 2026-05-06 12:15:45 +02:00 by BreizhHardware · 0 comments
BreizhHardware commented 2026-05-06 12:15:45 +02:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/BreizhHardware/portfolio/pull/108
Author: @dependabot[bot]
Created: 1/20/2025
Status: Merged
Merged: 1/30/2025
Merged by: @BreizhHardware

Base: masterHead: dependabot/npm_and_yarn/vite-6.0.10

📝 Commits (1)

  • a4cb1a1 Bump vite from 6.0.7 to 6.0.10

📊 Changes

2 files changed (+6 additions, -5 deletions)

View changed files

📝 package-lock.json (+5 -4)
📝 package.json (+1 -1)

📄 Description

Bumps vite from 6.0.7 to 6.0.10.

Release notes

Sourced from vite's releases.

v6.0.10

Please refer to CHANGELOG.md for details.

v6.0.9

This version contains a breaking change due to security fixes. See https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.0.10 (2025-01-20)

6.0.9 (2025-01-20)

  • fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
  • fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
  • fix: verify token for HMR WebSocket connection (029dcd6)

6.0.8 (2025-01-20)

Commits
  • 9654348 release: v6.0.10
  • 2495022 fix: try parse server.origin URL (#19241)
  • a55f8ba release: v6.0.9
  • bd896fb fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
  • 029dcd6 fix: verify token for HMR WebSocket connection
  • b09572a fix!: default server.cors: false to disallow fetching from untrusted origins
  • c0f72a6 release: v6.0.8
  • f2aed62 fix: tree shake stringified JSON imports (#19189)
  • db81c2d fix: ensure server.close() only called once (#19204)
  • 47039f4 fix: use shared sigterm callback (#19203)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/BreizhHardware/portfolio/pull/108 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 1/20/2025 **Status:** ✅ Merged **Merged:** 1/30/2025 **Merged by:** [@BreizhHardware](https://github.com/BreizhHardware) **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/vite-6.0.10` --- ### 📝 Commits (1) - [`a4cb1a1`](https://github.com/BreizhHardware/portfolio/commit/a4cb1a1d075f65b54bd76c25d5d45afa9f61a764) Bump vite from 6.0.7 to 6.0.10 ### 📊 Changes **2 files changed** (+6 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+5 -4) 📝 `package.json` (+1 -1) </details> ### 📄 Description Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.7 to 6.0.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.0.10</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.0.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.0.9</h2> <p>This version contains a breaking change due to security fixes. See <a href="https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6">https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6</a> for more details.</p> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.0.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.0.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.0.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.0.10 (2025-01-20)<!-- raw HTML omitted --></h2> <ul> <li>fix: try parse <code>server.origin</code> URL (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19241">#19241</a>) (<a href="https://github.com/vitejs/vite/commit/2495022420fda05ee389c2dcf26921b21e2aed3b">2495022</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19241">#19241</a></li> </ul> <h2><!-- raw HTML omitted -->6.0.9 (2025-01-20)<!-- raw HTML omitted --></h2> <ul> <li>fix!: check host header to prevent DNS rebinding attacks and introduce <code>server.allowedHosts</code> (<a href="https://github.com/vitejs/vite/commit/bd896fb5f312fc0ff1730166d1d142fc0d34ba6d">bd896fb</a>)</li> <li>fix!: default <code>server.cors: false</code> to disallow fetching from untrusted origins (<a href="https://github.com/vitejs/vite/commit/b09572acc939351f4e4c50ddf793017a92c678b1">b09572a</a>)</li> <li>fix: verify token for HMR WebSocket connection (<a href="https://github.com/vitejs/vite/commit/029dcd6d77d3e3ef10bc38e9a0829784d9760fdb">029dcd6</a>)</li> </ul> <h2><!-- raw HTML omitted -->6.0.8 (2025-01-20)<!-- raw HTML omitted --></h2> <ul> <li>fix: avoid SSR HMR for HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19193">#19193</a>) (<a href="https://github.com/vitejs/vite/commit/3bd55bcb7e831d2c4f66c90d7bbb3e1fbf7a02b6">3bd55bc</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19193">#19193</a></li> <li>fix: build time display 7m 60s (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19108">#19108</a>) (<a href="https://github.com/vitejs/vite/commit/cf0d2c8e232a1af716c71cdd2218d180f7ecc02b">cf0d2c8</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19108">#19108</a></li> <li>fix: don't resolve URL starting with double slash (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19059">#19059</a>) (<a href="https://github.com/vitejs/vite/commit/35942cde11fd8a68fa89bf25f7aa1ddb87d775b2">35942cd</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19059">#19059</a></li> <li>fix: ensure <code>server.close()</code> only called once (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19204">#19204</a>) (<a href="https://github.com/vitejs/vite/commit/db81c2dada961f40c0882b5182adf2f34bb5c178">db81c2d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19204">#19204</a></li> <li>fix: resolve.conditions in ResolvedConfig was <code>defaultServerConditions</code> (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19174">#19174</a>) (<a href="https://github.com/vitejs/vite/commit/ad75c56dce5618a3a416e18f9a5c3880d437a107">ad75c56</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19174">#19174</a></li> <li>fix: tree shake stringified JSON imports (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19189">#19189</a>) (<a href="https://github.com/vitejs/vite/commit/f2aed62d0bf1b66e870ee6b4aab80cd1702793ab">f2aed62</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19189">#19189</a></li> <li>fix: use shared sigterm callback (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19203">#19203</a>) (<a href="https://github.com/vitejs/vite/commit/47039f4643179be31a8d7c7fbff83c5c13deb787">47039f4</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19203">#19203</a></li> <li>fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19098">#19098</a>) (<a href="https://github.com/vitejs/vite/commit/8639538e6498d1109da583ad942c1472098b5919">8639538</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19098">#19098</a></li> <li>fix(optimizer): use correct default install state path for yarn PnP (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19119">#19119</a>) (<a href="https://github.com/vitejs/vite/commit/e690d8bb1e5741e81df5b7a6a5c8c3c1c971fa41">e690d8b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19119">#19119</a></li> <li>fix(types): improve <code>ESBuildOptions.include / exclude</code> type to allow <code>readonly (string | RegExp)[]</code> (<a href="https://github.com/vitejs/vite/commit/ea53e7095297ea4192490fd58556414cc59a8975">ea53e70</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19146">#19146</a></li> <li>chore(deps): update dependency pathe to v2 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19139">#19139</a>) (<a href="https://github.com/vitejs/vite/commit/71506f0a8deda5254cb49c743cd439dfe42859ce">71506f0</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19139">#19139</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/9654348258eaa0883171533a2b74b4e2825f5fb6"><code>9654348</code></a> release: v6.0.10</li> <li><a href="https://github.com/vitejs/vite/commit/2495022420fda05ee389c2dcf26921b21e2aed3b"><code>2495022</code></a> fix: try parse <code>server.origin</code> URL (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19241">#19241</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/a55f8ba3e43108de340610d4d021dcd926be5876"><code>a55f8ba</code></a> release: v6.0.9</li> <li><a href="https://github.com/vitejs/vite/commit/bd896fb5f312fc0ff1730166d1d142fc0d34ba6d"><code>bd896fb</code></a> fix!: check host header to prevent DNS rebinding attacks and introduce `serve...</li> <li><a href="https://github.com/vitejs/vite/commit/029dcd6d77d3e3ef10bc38e9a0829784d9760fdb"><code>029dcd6</code></a> fix: verify token for HMR WebSocket connection</li> <li><a href="https://github.com/vitejs/vite/commit/b09572acc939351f4e4c50ddf793017a92c678b1"><code>b09572a</code></a> fix!: default <code>server.cors: false</code> to disallow fetching from untrusted origins</li> <li><a href="https://github.com/vitejs/vite/commit/c0f72a695c5308cba605e3db4f851f4f6692e50c"><code>c0f72a6</code></a> release: v6.0.8</li> <li><a href="https://github.com/vitejs/vite/commit/f2aed62d0bf1b66e870ee6b4aab80cd1702793ab"><code>f2aed62</code></a> fix: tree shake stringified JSON imports (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19189">#19189</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/db81c2dada961f40c0882b5182adf2f34bb5c178"><code>db81c2d</code></a> fix: ensure <code>server.close()</code> only called once (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19204">#19204</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/47039f4643179be31a8d7c7fbff83c5c13deb787"><code>47039f4</code></a> fix: use shared sigterm callback (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19203">#19203</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v6.0.10/packages/vite">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=6.0.7&new-version=6.0.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
BreizhHardware 2026-05-06 12:15:45 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/npm_and_yarn/i18next-http-backend-3.0.5
dependabot/npm_and_yarn/dev/react-i18next-17.0.4
dependabot/npm_and_yarn/dev/vite-8.0.9
dependabot/npm_and_yarn/dev/cypress-15.14.0
dependabot/npm_and_yarn/dev/tailwindcss/cli-4.2.3
dependabot/npm_and_yarn/dev/sass-1.99.0
dependabot/github_actions/dot-github/workflows/dev/pnpm/action-setup-6
dev
fix/security-audit
No results found.
Labels
Clear labels   
audit

   
audit

   
audit

   
pull-request
Mirrored from GitHub Pull Request

  
security

   
security

   
security
No labels
audit
audit
audit
pull-request
security
security
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
BreizhHardware/portfolio#184
No description provided.