Bump vite from 5.2.2 to 5.2.6 in /skyvern-frontend in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /skyvern-frontend directory: vite.

Updates vite from 5.2.2 to 5.2.6

Release notes

Sourced from vite's releases.

create-vite@5.2.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.2.6 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (ba5269c), closes #16250

5.2.5 (2024-03-24)

• fix: avoid SSR requests in waitForRequestIdle (#16246) (7093f77), closes #16246
• docs: clarify enforce vs hook.order (#16226) (3a73e48), closes #16226

5.2.4 (2024-03-23)

• fix: dont resolve imports with malformed URI (#16244) (fbf69d5), closes #16244

5.2.3 (2024-03-22)

• fix: handle warmup request error correctly (#16223) (d7c5256), closes #16223
• fix: skip encode if is data uri (#16233) (8617e76), closes #16233
• fix(optimizer): fix optimizeDeps.include glob syntax for ./* exports (#16230) (f184c80), closes #16230
• fix(runtime): fix sourcemap with prepareStackTrace (#16220) (dad7f4f), closes #16220
• chore: utf8 replaced with utf-8 (#16232) (9800c73), closes #16232

Commits

• 7369016 release: v5.2.6
• ba5269c fix: fs.deny with globs with directories (#16250)
• 7a2791c release: v5.2.5
• 7093f77 fix: avoid SSR requests in waitForRequestIdle (#16246)
• 3a73e48 docs: clarify enforce vs hook.order (#16226)
• 6a07243 release: v5.2.4
• fbf69d5 fix: dont resolve imports with malformed URI (#16244)
• a67f9f6 release: v5.2.3
• 8617e76 fix: skip encode if is data uri (#16233)
• f184c80 fix(optimizer): fix optimizeDeps.include glob syntax for ./* exports (#16...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	2 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request are focused on updating the dependency versions in the skyvern-frontend project. Specifically, the Vite package has been updated from version 5.1.6 to 5.2.6 in both the package.json and package-lock.json files.

From an application security perspective, this type of dependency update is generally a positive change, as it helps address known vulnerabilities and security issues in the dependencies. Keeping dependencies up-to-date is a recommended security practice, as it ensures that the application is running on the latest versions with the most recent bug fixes and security patches.

However, it's important to review the changelog or release notes of the updated dependency to understand the changes and ensure that there are no breaking changes or new security vulnerabilities introduced. In this case, the Vite update from 5.1.6 to 5.2.6 is a minor version update, which typically includes bug fixes and improvements rather than significant architectural changes.

Files Changed:

1. skyvern-frontend/package.json: The vite dependency has been updated from version 5.1.6 to 5.2.6.
2. skyvern-frontend/package-lock.json: The vite dependency version has been updated from 5.1.6 to 5.2.6 to match the change in the package.json file.

Overall, this pull request appears to be a routine update to keep the Skyvern frontend up-to-date with the latest version of Vite. Unless there are any known issues or concerns with the specific version being upgraded to, this change can likely be safely merged.

Powered by DryRun Security