From d7c995d435c647b314e553d914d46f4fcbdecc66 Mon Sep 17 00:00:00 2001 From: Fatih Tokus Date: Wed, 17 Jun 2026 21:36:56 +0100 Subject: [PATCH] fix: update vite to 5.5.0+ to patch Rollup path traversal vulnerability - Upgraded vite from 5.4.14 to 5.5.0+ which includes patched Rollup version - Fixes CVE: Arbitrary File Write via Path Traversal in Rollup - Rollup now properly sanitizes filenames to prevent path traversal sequences (../) - This prevents attackers from writing files outside the intended output directory Resolves: https://github.com/fatihtokus/scan2html/security/dependabot/37 --- src/frontend-app/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/frontend-app/package.json b/src/frontend-app/package.json index f1bb1c2..0f4b62c 100644 --- a/src/frontend-app/package.json +++ b/src/frontend-app/package.json @@ -31,7 +31,7 @@ "prettier": "3.2.5", "raw-loader": "^4.0.2", "typescript": "^5.2.2", - "vite": "^5.4.14", + "vite": "^5.5.0", "vite-plugin-css-injected-by-js": "^3.4.0" } }