Commit 0931e2c
NVIDIA Security Bot
fix(security): vitest/react-router/ws/vite CVE cluster — bump Node deps
Fix 10 advisories across 4 packages:
- vitest 3.2.4 → 3.2.6: GHSA-5xrq-8626-4rwp (Critical: arbitrary file exec)
- react-router-dom 7.12.0 → 7.18.0: 7 GHSAs (XSS/CSRF/DoS cluster, worst >=7.15.1)
- ws override >=8.21.0: GHSA-58qx + GHSA-96hv (memory disclosure + DoS)
- vite 6.4.2 → 6.4.3: GHSA-fx2h-pf6j-xcff (server.fs.deny bypass)
pnpm-lock.yaml regenerated; pnpm audit confirms 0 critical/high remaining.
Refs: NSPECT-S62Q-PZUD (collection)
Refs: NSPECT-UV6I-R3V9 (child)
Generated-by: agentic-cve-fix
Signed-off-by: NVIDIA Security Bot <security-bot@nvidia.com>1 parent 45e211b commit 0931e2c
2 files changed
Lines changed: 349 additions & 211 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
24 | | - | |
| 24 | + | |
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
| |||
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
39 | | - | |
40 | | - | |
| 39 | + | |
| 40 | + | |
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
| |||
46 | 46 | | |
47 | 47 | | |
48 | 48 | | |
49 | | - | |
50 | | - | |
| 49 | + | |
| 50 | + | |
51 | 51 | | |
52 | 52 | | |
53 | 53 | | |
| |||
58 | 58 | | |
59 | 59 | | |
60 | 60 | | |
61 | | - | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
62 | 64 | | |
63 | 65 | | |
64 | 66 | | |
0 commit comments