Skip to content

chore: force vite >=7.3.2 to patch CVE-2026-39364#17723

Open
coolguyzone wants to merge 1 commit into
masterfrom
coolguyzone/chore/vite-update
Open

chore: force vite >=7.3.2 to patch CVE-2026-39364#17723
coolguyzone wants to merge 1 commit into
masterfrom
coolguyzone/chore/vite-update

Conversation

@coolguyzone
Copy link
Copy Markdown
Contributor

@coolguyzone coolguyzone commented May 11, 2026

Vite is a transitive dependency (via vitest) so dependabot can't auto-bump it. Adding a pnpm override to resolve to a patched version.

DESCRIBE YOUR PR

Tell us what you're changing and why. If your PR resolves an issue, please link it so it closes automatically.

IS YOUR CHANGE URGENT?

Help us prioritize incoming PRs by letting us know when the change needs to go live.

  • Urgent deadline (GA date, etc.):
  • Other deadline:
  • None: Not urgent, can wait up to 1 week+

SLA

  • Teamwork makes the dream work, so please add a reviewer to your PRs.
  • Please give the docs team up to 1 week to review your PR unless you've added an urgent due date to it.
    Thanks in advance for your help!

PRE-MERGE CHECKLIST

Make sure you've checked the following before merging your changes:

  • Checked Vercel preview for correctness, including links
  • PR was reviewed and approved by any necessary SMEs (subject matter experts)
  • PR was reviewed and approved by a member of the Sentry docs team

LEGAL BOILERPLATE

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

EXTRA RESOURCES

@vercel
Copy link
Copy Markdown

vercel Bot commented May 11, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
develop-docs Error Error May 11, 2026 11:24pm
sentry-docs Error Error May 11, 2026 11:24pm

Request Review

cursor[bot]
cursor Bot reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 3f4ef44. Configure here.

Comment thread package.json Outdated
@coolguyzone @claude
chore: force vite >=7.3.2 <8.0.0 to patch CVE-2026-39364
9123a43 
Vite is a transitive dependency (via vitest) so dependabot can't
auto-bump it. Adding a pnpm override to resolve to a patched 7.x
version. Constraining to <8.0.0 since vitest 3.x doesn't support Vite 8.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@coolguyzone coolguyzone force-pushed the coolguyzone/chore/vite-update branch from 3f4ef44 to 9123a43 Compare May 11, 2026 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@coolguyzone