Skip to content

update outdated vitest devDependency from ^3.1.0 to ^3.2.0 to fix CVE-2026-47429#534

Open
akoweicollinxx wants to merge 1 commit into
Egonex-AI:mainfrom
akoweicollinxx:main
Open

update outdated vitest devDependency from ^3.1.0 to ^3.2.0 to fix CVE-2026-47429#534
akoweicollinxx wants to merge 1 commit into
Egonex-AI:mainfrom
akoweicollinxx:main

Conversation

@akoweicollinxx

Copy link
Copy Markdown

Updates vitest across all 4 package.json files to address the UI-server arbitrary file read/execute vulnerability (CVE-2026-47429). This resolves false-alarm security scan warnings without functional changes since vitest is a devDependency only.

Fixes #533

Summary

Linked issue(s)

How I tested this

  • pnpm lint
  • pnpm --filter @understand-anything/core test
  • pnpm test
  • Manual smoke test (describe above)

Versioning

  • Version bumped in all five manifests, OR
  • N/A — internal/docs-only change

Updates vitest across all 4 package.json files to address the UI-server
arbitrary file read/execute vulnerability (CVE-2026-47429). This resolves
false-alarm security scan warnings without functional changes since vitest
is a devDependency only.

Fixes Egonex-AI#533
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Outdated vitest devDependency (^3.1.0) vulnerable to CVE-2026-47429

1 participant