marcel/familienarchiv

fix(deps): bump vite 7.3.3 → 7.3.5 to clear the high-severity audit gate #852

Merged

marcel merged 1 commits from devops/vite-audit-high-fix into main

2026-06-16 11:32:38 +02:00

Author	SHA1	Message	Date
Marcel	109202246e	fix(deps): bump vite 7.3.3 -> 7.3.5 to clear the high-severity audit gate Some checks failed CI / Unit & Component Tests (pull_request) Successful in 7m30s Details CI / OCR Service Tests (pull_request) Successful in 37s Details CI / Backend Unit Tests (pull_request) Failing after 12m40s Details CI / fail2ban Regex (pull_request) Successful in 1m46s Details CI / Semgrep Security Scan (pull_request) Successful in 35s Details CI / Compose Bucket Idempotency (pull_request) Successful in 1m49s Details SDD Gate / RTM Check (pull_request) Successful in 31s Details SDD Gate / Contract Validate (pull_request) Successful in 41s Details SDD Gate / Constitution Impact (pull_request) Successful in 29s Details CI / Unit & Component Tests (push) Successful in 7m5s Details CI / OCR Service Tests (push) Successful in 48s Details CI / Backend Unit Tests (push) Failing after 12m53s Details CI / fail2ban Regex (push) Successful in 1m44s Details CI / Semgrep Security Scan (push) Successful in 35s Details CI / Compose Bucket Idempotency (push) Successful in 1m48s Details vite 7.3.3 carries two high-severity advisories (GHSA-v6wh-96g9-6wx3 NTLMv2 UNC disclosure, GHSA-fx2h-pf6j-xcff server.fs.deny bypass), both flagged by the CI gate `npm audit --audit-level=high --omit=dev`. 7.3.5 is in-range of the existing `^7.3.3` constraint, so this is a lockfile-only patch with no package.json change. Gate now exits 0. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-16 09:16:58 +02:00