Skip to content

fix: upgrade vitest package to ^4.1.8#2048

Merged
marrouchi merged 20 commits into
mainfrom
fix/security-upgrade-vitest-package-version
Jun 12, 2026
Merged

fix: upgrade vitest package to ^4.1.8#2048
marrouchi merged 20 commits into
mainfrom
fix/security-upgrade-vitest-package-version

Conversation

@yassinedorbozgithub

@yassinedorbozgithub yassinedorbozgithub commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

This PR upgrades the vitest dependency to version ^4.1.8.

Changes

  • Updated vitest from the previous version to ^4.1.8.
  • Incorporated upstream security fixes and dependency updates included in the latest release.

Security Benefits

This upgrade addresses a security issue related to CWE-862: Missing Authorization, where insufficient authorization checks could potentially allow unintended access to protected functionality under certain conditions.

By upgrading to vitest ^4.1.8, we benefit from:

  • Improved authorization and access-control handling in affected code paths.
  • Reduced risk of unauthorized operations during test execution or related tooling workflows.
  • Alignment with the latest security recommendations and dependency maintenance practices.
  • Reduced exposure to known vulnerabilities reported against older versions.

Testing

  • Existing test suite passes successfully with vitest ^4.1.8.
  • No application code changes were required beyond the dependency update.

@yassinedorbozgithub yassinedorbozgithub self-assigned this Jun 12, 2026
@yassinedorbozgithub yassinedorbozgithub added security Vulnerabilities, exploits, sensitive data WIP Work in progress labels Jun 12, 2026
@yassinedorbozgithub yassinedorbozgithub marked this pull request as draft June 12, 2026 09:33
@yassinedorbozgithub yassinedorbozgithub removed the WIP Work in progress label Jun 12, 2026
@yassinedorbozgithub yassinedorbozgithub marked this pull request as ready for review June 12, 2026 09:58
yassinedorbozgithub and others added 17 commits June 12, 2026 11:14
@yassinedorbozgithub
fix: upgrade vite package to ^6.4.3
8ebaec9
@yassinedorbozgithub
fix: upgrade concurrently package to ^10.0.3
74f11e6
@yassinedorbozgithub
fix: upgrade turbo package to ^2.9.18
c0b85e2
@yassinedorbozgithub
fix: upgrade hono package to 4.12.25
4b154e3
@yassinedorbozgithub
fix: upgrade react-router-dom package to ^6.30.4
19195ef
@yassinedorbozgithub
fix: upgrade qs package to 6.15.2
c6442a8
@yassinedorbozgithub
fix: upgrade protobufjs package to 7.6.3
f3804ea
@yassinedorbozgithub
fix: upgrade @grpc/grpc-js package to 1.14.4
a2fd7a7
@marrouchi
Merge pull request #2057 from hexabot-ai/fix/security-updgrade-grpc-p…
5317906 
…ackage-version

fix: upgrade @grpc/grpc-js package to 1.14.4
@marrouchi
Merge pull request #2056 from hexabot-ai/fix/security-updgrade-protob…
f6b03c8 
…ufjs-package-version

fix: upgrade protobufjs package to 7.6.3
@marrouchi
Merge pull request #2055 from hexabot-ai/fix/security-updgrade-qs-pac…
3ea3fa4 
…kage-version

fix: upgrade qs package to 6.15.2
@marrouchi
Merge pull request #2054 from hexabot-ai/fix/security-updgrade-react-…
05dddc4 
…router-dom-package-version

fix: upgrade react-router-dom package to ^6.30.4
@marrouchi
Merge pull request #2053 from hexabot-ai/fix/security-updgrade-hono-p…
812491b 
…ackage-version

fix: upgrade hono package to 4.12.25
@marrouchi
Merge pull request #2052 from hexabot-ai/fix/security-updgrade-turbo-…
673a4cc 
…package-version

fix: upgrade turbo package to ^2.9.18
@marrouchi
Merge pull request #2051 from hexabot-ai/fix/security-updgrade-concur…
001c55f 
…rently-package-version

fix: upgrade concurrently package to ^10.0.3
@marrouchi
Merge pull request #2050 from hexabot-ai/fix/security-updgrade-vite-p…
62b2f5c 
…ackage-version

fix: upgrade vite package to ^6.4.3
@marrouchi
Merge pull request #2049 from hexabot-ai/fix/security-updgrade-axios-…
d45052a 
…package-version

fix: upgrade axios package to ^1.17.0
@marrouchi marrouchi merged commit dbd2d41 into main Jun 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marrouchi marrouchi Awaiting requested review from marrouchi

Assignees

@yassinedorbozgithub yassinedorbozgithub

Labels

security Vulnerabilities, exploits, sensitive data

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yassinedorbozgithub @marrouchi