Skip to content

chore: dependency audit 2026-05 — fix high vite CVEs and moderate postcss XSS#155

Draft
Copilot wants to merge 2 commits into
masterfrom
copilot/chm-2026-05-dependency-audit
Draft

chore: dependency audit 2026-05 — fix high vite CVEs and moderate postcss XSS#155
Copilot wants to merge 2 commits into
masterfrom
copilot/chm-2026-05-dependency-audit

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 1, 2026
edited
Loading

Two security vulnerabilities found and patched via npm audit fix. No breaking changes; both are patch-level updates to indirect/dev dependencies.

Vulnerabilities Fixed

Severity Package CVEs Resolution
High vite 7.0.0–7.3.1 GHSA-4w7w-66w2-5vf9 (path traversal in .map), GHSA-v2wj-q39q-566r (server.fs.deny bypass), GHSA-p9ff-h696-f583 (arbitrary file read via dev server WebSocket) → 7.3.2
Moderate postcss <8.5.10 GHSA-qx2v-qp2m-jg93 (XSS via unescaped </style> in CSS Stringify) → 8.5.13

Audit State Post-Fix

  • npm audit: 0 vulnerabilities
  • npm outdated: nothing to update
  • Changelog entry added as Day 64 in both README.md and public/README.md

@vercel
Copy link
Copy Markdown

vercel Bot commented May 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
chimera Ready Ready Preview, Comment May 1, 2026 1:29pm

Copilot AI linked an issue May 1, 2026 that may be closed by this pull request
Chimera Dependency Audit - 2026-05 #154
Open
7 tasks
@RahilKothari9
chore: monthly dependency audit 2026-05 - fix vite and postcss vulner…
db75911 
…abilities

Agent-Logs-Url: https://github.com/RahilKothari9/chimera/sessions/28569106-81cd-4267-ae52-1b9574a19b10

Co-authored-by: RahilKothari9 <110282686+RahilKothari9@users.noreply.github.com>
Copilot AI changed the title [WIP] Audit and update project dependencies for security and updates chore: dependency audit 2026-05 — fix high vite CVEs and moderate postcss XSS May 1, 2026
Copilot AI requested a review from RahilKothari9 May 1, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RahilKothari9 RahilKothari9 Awaiting requested review from RahilKothari9

Assignees

@RahilKothari9 RahilKothari9

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Chimera Dependency Audit - 2026-05

2 participants

@RahilKothari9