Infrastructure/astro
0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2025-03-31 23:31:30 -05:00
Code Issues Activity

fix: vite security issue (#9773)

Browse source
This commit is contained in:
Stefano 2024-01-23 12:48:20 +00:00 committed by GitHub
parent 3b5824a65d
commit 9aa7a5368c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 95 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/tricky-cobras-provide.md Normal file
View file

@ -0,0 +1,5 @@
---
"astro": patch
---
Raises the required vite version to address a vulnerability in `vite.server.fs.deny` that affected the dev mode.

2
packages/astro/package.json
View file

@ -172,7 +172,7 @@
"tsconfck": "^3.0.0",
"unist-util-visit": "^5.0.0",
"vfile": "^6.0.1",
"vite": "^5.0.10",
"vite": "^5.0.12",
"vitefu": "^0.2.5",
"which-pm": "^2.1.1",
"yargs-parser": "^21.1.1",

2
packages/integrations/markdoc/package.json
View file

@ -88,7 +88,7 @@
"devalue": "^4.3.2",
"linkedom": "^0.16.4",
"mocha": "^10.2.0",
"vite": "^5.0.10"
"vite": "^5.0.12"
},
"engines": {
"node": ">=18.14.1"

2
packages/integrations/mdx/package.json
View file

@ -75,7 +75,7 @@
"remark-shiki-twoslash": "^3.1.3",
"remark-toc": "^9.0.0",
"unified": "^11.0.4",
"vite": "^5.0.10"
"vite": "^5.0.12"
},
"engines": {
"node": ">=18.14.1"

4
packages/integrations/react/package.json
View file

@ -56,10 +56,10 @@
"astro-scripts": "workspace:*",
"chai": "^4.3.7",
"cheerio": "1.0.0-rc.12",
"mocha": "^10.2.0",
"react": "^18.1.0",
"react-dom": "^18.1.0",
"vite": "^5.0.10",
"mocha": "^10.2.0"
"vite": "^5.0.12"
},
"peerDependencies": {
"@types/react": "^17.0.50 || ^18.0.21",

2
packages/integrations/svelte/package.json
View file

@ -49,7 +49,7 @@
"astro": "workspace:*",
"astro-scripts": "workspace:*",
"svelte": "^4.2.5",
"vite": "^5.0.10"
"vite": "^5.0.12"
},
"peerDependencies": {
"astro": "^4.0.0",

2
packages/integrations/tailwind/package.json
View file

@ -43,7 +43,7 @@
"chai": "^4.3.7",
"mocha": "^10.2.0",
"tailwindcss": "^3.3.5",
"vite": "^5.0.10"
"vite": "^5.0.12"
},
"peerDependencies": {
"astro": "^3.0.0 || ^4.0.0",

2
packages/integrations/vue/package.json
View file

@ -53,7 +53,7 @@
"cheerio": "1.0.0-rc.12",
"linkedom": "^0.16.4",
"mocha": "^10.2.0",
"vite": "^5.0.10",
"vite": "^5.0.12",
"vue": "^3.3.8"
},
"peerDependencies": {

120
pnpm-lock.yaml generated
View file

@ -663,11 +663,11 @@ importers:
specifier: ^6.0.1
version: 6.0.1
vite:
specifier: ^5.0.10
version: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
specifier: ^5.0.12
version: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
vitefu:
specifier: ^0.2.5
version: 0.2.5(vite@5.0.10)
version: 0.2.5(vite@5.0.12)
which-pm:
specifier: ^2.1.1
version: 2.1.1
@ -3891,8 +3891,8 @@ importers:
specifier: ^10.2.0
version: 10.2.0
vite:
specifier: ^5.0.10
version: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
specifier: ^5.0.12
version: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
packages/integrations/markdoc/test/fixtures/content-collections:
dependencies:
@ -4123,8 +4123,8 @@ importers:
specifier: ^11.0.4
version: 11.0.4
vite:
specifier: ^5.0.10
version: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
specifier: ^5.0.12
version: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
packages/integrations/mdx/test/fixtures/css-head-mdx:
dependencies:
@ -4459,7 +4459,7 @@ importers:
dependencies:
'@vitejs/plugin-react':
specifier: ^4.2.0
version: 4.2.1(vite@5.0.10)
version: 4.2.1(vite@5.0.12)
ultrahtml:
specifier: ^1.3.0
version: 1.5.2
@ -4492,8 +4492,8 @@ importers:
specifier: ^18.1.0
version: 18.2.0(react@18.2.0)
vite:
specifier: ^5.0.10
version: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
specifier: ^5.0.12
version: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
packages/integrations/react/test/fixtures/react-component:
dependencies:
@ -4591,7 +4591,7 @@ importers:
dependencies:
'@sveltejs/vite-plugin-svelte':
specifier: ^3.0.0
version: 3.0.1(svelte@4.2.8)(vite@5.0.10)
version: 3.0.1(svelte@4.2.8)(vite@5.0.12)
svelte2tsx:
specifier: ^0.6.25
version: 0.6.27(svelte@4.2.8)(typescript@5.2.2)
@ -4606,8 +4606,8 @@ importers:
specifier: ^4.2.5
version: 4.2.8
vite:
specifier: ^5.0.10
version: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
specifier: ^5.0.12
version: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
packages/integrations/tailwind:
dependencies:
@ -4637,8 +4637,8 @@ importers:
specifier: ^3.3.5
version: 3.4.0
vite:
specifier: ^5.0.10
version: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
specifier: ^5.0.12
version: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
packages/integrations/tailwind/test/fixtures/basic:
dependencies:
@ -4873,10 +4873,10 @@ importers:
dependencies:
'@vitejs/plugin-vue':
specifier: ^4.5.0
version: 4.6.2(vite@5.0.10)(vue@3.4.3)
version: 4.6.2(vite@5.0.12)(vue@3.4.3)
'@vitejs/plugin-vue-jsx':
specifier: ^3.1.0
version: 3.1.0(vite@5.0.10)(vue@3.4.3)
version: 3.1.0(vite@5.0.12)(vue@3.4.3)
'@vue/babel-plugin-jsx':
specifier: ^1.1.5
version: 1.1.5(@babel/core@7.23.7)
@ -4906,8 +4906,8 @@ importers:
specifier: ^10.2.0
version: 10.2.0
vite:
specifier: ^5.0.10
version: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
specifier: ^5.0.12
version: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
vue:
specifier: ^3.3.8
version: 3.4.3(typescript@5.2.2)
@ -7137,7 +7137,7 @@ packages:
solid-js: 1.8.7
dev: false
/@sveltejs/vite-plugin-svelte-inspector@2.0.0(@sveltejs/vite-plugin-svelte@3.0.1)(svelte@4.2.8)(vite@5.0.10):
/@sveltejs/vite-plugin-svelte-inspector@2.0.0(@sveltejs/vite-plugin-svelte@3.0.1)(svelte@4.2.8)(vite@5.0.12):
resolution: {integrity: sha512-gjr9ZFg1BSlIpfZ4PRewigrvYmHWbDrq2uvvPB1AmTWKuM+dI1JXQSUu2pIrYLb/QncyiIGkFDFKTwJ0XqQZZg==}
engines: {node: ^18.0.0 || >=20}
peerDependencies:
@ -7148,15 +7148,15 @@ packages:
vite:
optional: true
dependencies:
'@sveltejs/vite-plugin-svelte': 3.0.1(svelte@4.2.8)(vite@5.0.10)
'@sveltejs/vite-plugin-svelte': 3.0.1(svelte@4.2.8)(vite@5.0.12)
debug: 4.3.4(supports-color@8.1.1)
svelte: 4.2.8
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vite: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
transitivePeerDependencies:
- supports-color
dev: false
/@sveltejs/vite-plugin-svelte@3.0.1(svelte@4.2.8)(vite@5.0.10):
/@sveltejs/vite-plugin-svelte@3.0.1(svelte@4.2.8)(vite@5.0.12):
resolution: {integrity: sha512-CGURX6Ps+TkOovK6xV+Y2rn8JKa8ZPUHPZ/NKgCxAmgBrXReavzFl8aOSCj3kQ1xqT7yGJj53hjcV/gqwDAaWA==}
engines: {node: ^18.0.0 || >=20}
peerDependencies:
@ -7166,15 +7166,15 @@ packages:
vite:
optional: true
dependencies:
'@sveltejs/vite-plugin-svelte-inspector': 2.0.0(@sveltejs/vite-plugin-svelte@3.0.1)(svelte@4.2.8)(vite@5.0.10)
'@sveltejs/vite-plugin-svelte-inspector': 2.0.0(@sveltejs/vite-plugin-svelte@3.0.1)(svelte@4.2.8)(vite@5.0.12)
debug: 4.3.4(supports-color@8.1.1)
deepmerge: 4.3.1
kleur: 4.1.5
magic-string: 0.30.5
svelte: 4.2.8
svelte-hmr: 0.15.3(svelte@4.2.8)
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vitefu: 0.2.5(vite@5.0.10)
vite: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
vitefu: 0.2.5(vite@5.0.12)
transitivePeerDependencies:
- supports-color
dev: false
@ -7734,7 +7734,7 @@ packages:
- supports-color
dev: false
/@vitejs/plugin-react@4.2.1(vite@5.0.10):
/@vitejs/plugin-react@4.2.1(vite@5.0.12):
resolution: {integrity: sha512-oojO9IDc4nCUUi8qIR11KoQm0XFFLIwsRBwHRR4d/88IWghn1y6ckz/bJ8GHDCsYEJee8mDzqtJxh15/cisJNQ==}
engines: {node: ^14.18.0 || >=16.0.0}
peerDependencies:
@ -7748,12 +7748,12 @@ packages:
'@babel/plugin-transform-react-jsx-source': 7.23.3(@babel/core@7.23.7)
'@types/babel__core': 7.20.5
react-refresh: 0.14.0
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vite: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
transitivePeerDependencies:
- supports-color
dev: false
/@vitejs/plugin-vue-jsx@3.1.0(vite@5.0.10)(vue@3.4.3):
/@vitejs/plugin-vue-jsx@3.1.0(vite@5.0.12)(vue@3.4.3):
resolution: {integrity: sha512-w9M6F3LSEU5kszVb9An2/MmXNxocAnUb3WhRr8bHlimhDrXNt6n6D2nJQR3UXpGlZHh/EsgouOHCsM8V3Ln+WA==}
engines: {node: ^14.18.0 || >=16.0.0}
peerDependencies:
@ -7766,13 +7766,13 @@ packages:
'@babel/core': 7.23.7
'@babel/plugin-transform-typescript': 7.23.6(@babel/core@7.23.7)
'@vue/babel-plugin-jsx': 1.1.5(@babel/core@7.23.7)
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vite: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
vue: 3.4.3(typescript@5.2.2)
transitivePeerDependencies:
- supports-color
dev: false
/@vitejs/plugin-vue@4.6.2(vite@5.0.10)(vue@3.4.3):
/@vitejs/plugin-vue@4.6.2(vite@5.0.12)(vue@3.4.3):
resolution: {integrity: sha512-kqf7SGFoG+80aZG6Pf+gsZIVvGSCKE98JbiWqcCV9cThtg91Jav0yvYFC9Zb+jKetNGF6ZKeoaxgZfND21fWKw==}
engines: {node: ^14.18.0 || >=16.0.0}
peerDependencies:
@ -7782,7 +7782,7 @@ packages:
vite:
optional: true
dependencies:
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vite: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
vue: 3.4.3(typescript@5.2.2)
dev: false
@ -13400,6 +13400,14 @@ packages:
picocolors: 1.0.0
source-map-js: 1.0.2
/postcss@8.4.33:
resolution: {integrity: sha512-Kkpbhhdjw2qQs2O2DGX+8m5OVqEcbB9HRBvuYM9pgrjEFUg30A9LmXNlTAUj4S9kgtGyrMbTzVjH7E+s5Re2yg==}
engines: {node: ^10 || ^12 || >=14}
dependencies:
nanoid: 3.3.7
picocolors: 1.0.0
source-map-js: 1.0.2
/preact-render-to-string@6.3.1(preact@10.19.3):
resolution: {integrity: sha512-NQ28WrjLtWY6lKDlTxnFpKHZdpjfF+oE6V4tZ0rTrunHrtZp6Dm0oFrcJalt/5PNeqJz4j1DuZDS0Y6rCBoqDA==}
peerDependencies:
@ -15588,7 +15596,7 @@ packages:
mlly: 1.4.2
pathe: 1.1.1
picocolors: 1.0.0
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vite: 5.0.10(@types/node@18.19.4)
transitivePeerDependencies:
- '@types/node'
- less
@ -15616,7 +15624,7 @@ packages:
merge-anything: 5.1.7
solid-js: 1.8.7
solid-refresh: 0.5.3(solid-js@1.8.7)
vitefu: 0.2.5(vite@5.0.10)
vitefu: 0.2.5(vite@5.0.12)
transitivePeerDependencies:
- supports-color
dev: false
@ -15644,7 +15652,7 @@ packages:
svgo: 3.2.0
dev: false
/vite@5.0.10(@types/node@18.19.4)(sass@1.69.6):
/vite@5.0.10(@types/node@18.19.4):
resolution: {integrity: sha512-2P8J7WWgmc355HUMlFrwofacvr98DAjoE52BfdbwQtyLH06XKwaL/FMnmKM2crF0iX4MpmMKoDlNCB1ok7zHCw==}
engines: {node: ^18.0.0 || >=20.0.0}
hasBin: true
@ -15676,11 +15684,47 @@ packages:
esbuild: 0.19.11
postcss: 8.4.32
rollup: 4.9.2
optionalDependencies:
fsevents: 2.3.3
dev: false
/vite@5.0.12(@types/node@18.19.4)(sass@1.69.6):
resolution: {integrity: sha512-4hsnEkG3q0N4Tzf1+t6NdN9dg/L3BM+q8SWgbSPnJvrgH2kgdyzfVJwbR1ic69/4uMJJ/3dqDZZE5/WwqW8U1w==}
engines: {node: ^18.0.0 || >=20.0.0}
hasBin: true
peerDependencies:
'@types/node': ^18.0.0 || >=20.0.0
less: '*'
lightningcss: ^1.21.0
sass: '*'
stylus: '*'
sugarss: '*'
terser: ^5.4.0
peerDependenciesMeta:
'@types/node':
optional: true
less:
optional: true
lightningcss:
optional: true
sass:
optional: true
stylus:
optional: true
sugarss:
optional: true
terser:
optional: true
dependencies:
'@types/node': 18.19.4
esbuild: 0.19.11
postcss: 8.4.33
rollup: 4.9.2
sass: 1.69.6
optionalDependencies:
fsevents: 2.3.3
/vitefu@0.2.5(vite@5.0.10):
/vitefu@0.2.5(vite@5.0.12):
resolution: {integrity: sha512-SgHtMLoqaeeGnd2evZ849ZbACbnwQCIwRH57t18FxcXoZop0uQu0uzlIhJBlF/eWVzuce0sHeqPcDo+evVcg8Q==}
peerDependencies:
vite: ^3.0.0 || ^4.0.0 || ^5.0.0
@ -15688,7 +15732,7 @@ packages:
vite:
optional: true
dependencies:
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vite: 5.0.12(@types/node@18.19.4)(sass@1.69.6)
dev: false
/vitest@0.34.6:
@ -15743,7 +15787,7 @@ packages:
strip-literal: 1.3.0
tinybench: 2.5.1
tinypool: 0.7.0
vite: 5.0.10(@types/node@18.19.4)(sass@1.69.6)
vite: 5.0.10(@types/node@18.19.4)
vite-node: 0.34.6(@types/node@18.19.4)
why-is-node-running: 2.2.2
transitivePeerDependencies: