Skip to content

[Snyk] Security upgrade vite from 6.4.3 to 7.3.6#41

Open
uriagassi wants to merge 1 commit into
mainfrom
snyk-fix-6a1565f8856eada8a68693f4e2b624ab
Open

[Snyk] Security upgrade vite from 6.4.3 to 7.3.6#41
uriagassi wants to merge 1 commit into
mainfrom
snyk-fix-6a1565f8856eada8a68693f4e2b624ab

Conversation

@uriagassi

Copy link
Copy Markdown
Owner

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • client/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue
critical severity Resources Downloaded over Insecure Protocol
SNYK-JS-ESBUILD-17750822

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@uriagassi

Copy link
Copy Markdown
Owner Author

Merge Risk: High

This major upgrade from Vite v6 to v7 introduces significant breaking changes that require developer action, including updates to the required Node.js version and default browser targets.

Key Breaking Changes:

  • Node.js Requirement: Support for Node.js 18 has been dropped. Vite v7 requires Node.js version 20.19+ or 22.12+. Your development and deployment environments must be updated.

  • Default Browser Target Changed: The default for build.target has been changed from 'modules' to 'baseline-widely-available'. This increases the minimum browser versions for the production build, potentially dropping support for older browsers.

    • Chrome: 87 → 107
    • Firefox: 78 → 104
    • Safari: 14.0 → 16.0
  • Legacy Sass API Removed: In accordance with Sass's own deprecation, support for the legacy Sass JavaScript API has been removed. Vite will now only use the modern API.

  • Vitest Compatibility: If you use Vitest for testing, you must upgrade to Vitest version 3.2 or newer.

Recommendation:
Before merging, verify that your CI/CD and local development environments meet the new Node.js version requirement. Review your project's browser support policy to ensure the new default targets are acceptable; otherwise, explicitly configure build.target in your vite.config.js. If you are using Sass, confirm you are not relying on the legacy API.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants