Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump vite from 6.0.7 to 6.0.11 #3259

Merged
merged 1 commit into from
Jan 27, 2025
Merged

chore(deps-dev): bump vite from 6.0.7 to 6.0.11 #3259

merged 1 commit into from
Jan 27, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 27, 2025
edited
Loading

Bumps vite from 6.0.7 to 6.0.11.

Release notes

Sourced from vite's releases.

v6.0.11

Please refer to CHANGELOG.md for details.

v6.0.10

Please refer to CHANGELOG.md for details.

v6.0.9

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.0.11 (2025-01-21)

6.0.10 (2025-01-20)

6.0.9 (2025-01-20)

  • fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
  • fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
  • fix: verify token for HMR WebSocket connection (029dcd6)

6.0.8 (2025-01-20)

Commits
  • a0ed405 release: v6.0.11
  • 3d03899 fix: allow CORS from loopback addresses by default (#19249)
  • aeb3ec8 fix: preview.allowedHosts with specific values was not respected (#19246)
  • 9654348 release: v6.0.10
  • 2495022 fix: try parse server.origin URL (#19241)
  • a55f8ba release: v6.0.9
  • bd896fb fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
  • 029dcd6 fix: verify token for HMR WebSocket connection
  • b09572a fix!: default server.cors: false to disallow fetching from untrusted origins
  • c0f72a6 release: v6.0.8
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @csouchet.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency (dev or runtime) javascript Pull requests that update Javascript code skip-changelog Do not include in Changelog and Release Notes labels Jan 27, 2025
@dependabot dependabot bot requested review from a team, csouchet and tbouffard and removed request for a team January 27, 2025 14:08
@csouchet csouchet added the skip CI e2e tests GitHub Actions do not run e2e tests (for Pull Requests) label Jan 27, 2025
@csouchet
Copy link
Member

@dependabot rebase
@dependabot squash and merge

@dependabot
chore(deps-dev): bump vite from 6.0.7 to 6.0.11
2f60a01 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.7 to 6.0.11.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.11/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/vite-6.0.11 branch from 9ca29f2 to 2f60a01 Compare January 27, 2025 14:25
@dependabot dependabot bot merged commit a4e3dc2 into master Jan 27, 2025
11 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/vite-6.0.11 branch January 27, 2025 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csouchet csouchet csouchet approved these changes

@tbouffard tbouffard Awaiting requested review from tbouffard tbouffard was automatically assigned from process-analytics/pa-collaborators

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency (dev or runtime) javascript Pull requests that update Javascript code skip CI e2e tests GitHub Actions do not run e2e tests (for Pull Requests) skip-changelog Do not include in Changelog and Release Notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@csouchet