chore(devdeps): update dependency vite to v6.2.7 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
vite (source)	6.2.6 -> 6.2.7

GitHub Vulnerability Alerts

GHSA-859w-5945-r5v3

Summary

The contents of files in the project root that are denied by a file matching pattern can be returned to the browser.

Impact

Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected.
Only files that are under project root and are denied by a file matching pattern can be bypassed.

• Examples of file matching patterns: .env, .env.*, *.{crt,pem}, **/.env
• Examples of other patterns: **/.git/**, .git/**, .git/**/*

Details

server.fs.deny can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns).
These patterns were able to bypass for files under root by using a combination of slash and dot (/.).

PoC

npm create vite@latest
cd vite-project/
cat "secret" > .env
npm install
npm run dev
curl --request-target /.env/. http://localhost:5173

---

Release Notes

vitejs/vite (vite)

v6.2.7

Compare Source

Please refer to CHANGELOG.md for details.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

🦋 Changeset detected

Latest commit: ce2d9a2

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit ce2d9a2.

Command	Status	Duration	Result
nx affected -t build typecheck lint test e2e-ci	✅ Succeeded	2m 27s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	2s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-04-30 18:03:39 UTC

[github-actions]

Deployed a5ea121 to https://ForgeRock.github.io/ping-javascript-sdk/pr-268/a5ea121c06ffa7dad98aca547cc9f6ea40e6ddec branch gh-pages in ForgeRock/ping-javascript-sdk

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.45%. Comparing base (87c200b) to head (45a8c8b).

❗ Current head 45a8c8b differs from pull request most recent head ce2d9a2

Please upload reports for the commit ce2d9a2 to get more accurate results.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #268   +/-   ##
=======================================
  Coverage   49.45%   49.45%           
=======================================
  Files          29       29           
  Lines        1567     1567           
  Branches      172      172           
=======================================
  Hits          775      775           
  Misses        792      792           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.