Skip to content

Fix: Vitest related security vulnerability#261

Merged
mohdsayed merged 1 commit into
mainfrom
fix/security-vuls-vitest
Jun 8, 2026
Merged

Fix: Vitest related security vulnerability#261
mohdsayed merged 1 commit into
mainfrom
fix/security-vuls-vitest

Conversation

@b1ink0

@b1ink0 b1ink0 commented Jun 4, 2026

Copy link
Copy Markdown
Collaborator

Description

This PR fixes Vitest and Babel-related security vulnerabilities by updating them to patched versions and overriding vulnerable transitive dependencies.

It also updates the Vite configuration to support the major version upgrade of Vitest.


Checklist

  • I have thoroughly tested this code to the best of my abilities.
  • I have reviewed the code myself before requesting a review.
  • This code is covered by unit tests to verify that it works as intended.
  • The QA of this PR is done by a member of the QA team (to be checked by QA).

Fixes:

@b1ink0 b1ink0 marked this pull request as ready for review June 4, 2026 10:11
Copilot AI review requested due to automatic review settings June 4, 2026 10:11

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses reported security vulnerabilities in the toolchain by upgrading Vitest (major version bump) and Babel presets, and by adding PNPM overrides for vulnerable transitive dependencies. It also adjusts the Vite/Vitest browser testing configuration to align with the Vitest upgrade.

Changes:

  • Upgrade Vitest to 4.1.8 and adjust the Vitest browser provider configuration in vite.config.ts.
  • Upgrade Babel presets to ^7.29.5.
  • Add/adjust PNPM overrides (e.g., brace-expansion, vitest, ws) and update pnpm-lock.yaml accordingly.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File Description
vite.config.ts Updates Vitest browser provider configuration for the Vitest major upgrade.
package.json Bumps Vitest/Babel-related devDependencies and adds/updates PNPM override rules for vulnerable transitive deps.
pnpm-lock.yaml Lockfile refresh reflecting the dependency upgrades and override-driven resolutions.

Comment thread vite.config.ts
Comment thread package.json
@b1ink0 b1ink0 requested review from ayushnirwal and mohdsayed June 4, 2026 10:27
@mohdsayed mohdsayed merged commit 013a1c0 into main Jun 8, 2026
5 checks passed
@mohdsayed mohdsayed deleted the fix/security-vuls-vitest branch June 8, 2026 04:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants