chore(deps): update dependency vite to v6.4.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
vite (source)	6.3.6 → 6.4.1

GitHub Vulnerability Alerts

CVE-2025-62522

Summary

Files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows.

Impact

Only apps that match the following conditions are affected:

• explicitly exposes the Vite dev server to the network (using --host or server.host config option)
• running the dev server on Windows

Details

server.fs.deny can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass by using a back slash(\). The root cause is that fs.readFile('/foo.png/') loads /foo.png.

PoC

npm create vite@latest
cd vite-project/
cat "secret" > .env
npm install
npm run dev
curl --request-target /.env\ http://localhost:5173

---

Release Notes

vitejs/vite (vite)

v6.4.1

Compare Source

Please refer to CHANGELOG.md for details.

v6.4.0

Compare Source

Please refer to CHANGELOG.md for details.

v6.3.7

Compare Source

Please refer to CHANGELOG.md for details.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for vektorprogrammet-dashboard ready!

Name	Link
🔨 Latest commit	41257df
🔍 Latest deploy log	https://app.netlify.com/projects/vektorprogrammet-dashboard/deploys/691e57dfbe0dc700088753a4
😎 Deploy Preview	https://deploy-preview-38--vektorprogrammet-dashboard.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 99 Accessibility: 100 Best Practices: 100 SEO: 90 PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[cloudflare-workers-and-pages]

Deploying dashboard with    Cloudflare Pages

Latest commit:	81c2d2a
Status:	✅  Deploy successful!
Preview URL:	https://1821c637.dashboard-14q.pages.dev
Branch Preview URL:	https://renovate-npm-vite-vulnerabil.dashboard-14q.pages.dev

View logs

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[netlify]

✅ Deploy Preview for vektorprogrammet-dashboard ready!

Name	Link
🔨 Latest commit	81c2d2a
🔍 Latest deploy log	https://app.netlify.com/projects/vektorprogrammet-dashboard/deploys/69974ed3c57ec60008fe7221
😎 Deploy Preview	https://deploy-preview-38--vektorprogrammet-dashboard.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 99 Accessibility: 100 Best Practices: 100 SEO: 90 PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud