Fix: Vitest related security vulnerability#261
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses reported security vulnerabilities in the toolchain by upgrading Vitest (major version bump) and Babel presets, and by adding PNPM overrides for vulnerable transitive dependencies. It also adjusts the Vite/Vitest browser testing configuration to align with the Vitest upgrade.
Changes:
- Upgrade Vitest to
4.1.8and adjust the Vitest browser provider configuration invite.config.ts. - Upgrade Babel presets to
^7.29.5. - Add/adjust PNPM overrides (e.g.,
brace-expansion,vitest,ws) and updatepnpm-lock.yamlaccordingly.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
vite.config.ts |
Updates Vitest browser provider configuration for the Vitest major upgrade. |
package.json |
Bumps Vitest/Babel-related devDependencies and adds/updates PNPM override rules for vulnerable transitive deps. |
pnpm-lock.yaml |
Lockfile refresh reflecting the dependency upgrades and override-driven resolutions. |
ayushnirwal
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes Vitest and Babel-related security vulnerabilities by updating them to patched versions and overriding vulnerable transitive dependencies.
It also updates the Vite configuration to support the major version upgrade of Vitest.
Checklist
Fixes: