Skip to content

fix!: fix GHSA-vg6x-rcgg-rjx6#19234

Merged
sapphi-red merged 3 commits intovitejs:mainfrom
sapphi-red:fix/ghsa-vg6x-rcgg-rjx6
Jan 20, 2025
Merged

fix!: fix GHSA-vg6x-rcgg-rjx6#19234
sapphi-red merged 3 commits intovitejs:mainfrom
sapphi-red:fix/ghsa-vg6x-rcgg-rjx6

Conversation

@sapphi-red
Copy link
Member

@sapphi-red sapphi-red commented Jan 20, 2025
edited
Loading

Description

See GHSA-vg6x-rcgg-rjx6

@sapphi-red
Copy link
Member Author

sapphi-red commented Jan 20, 2025

/ecosystem-ci run

@pkg-pr-new
Copy link

pkg-pr-new bot commented Jan 20, 2025
edited
Loading

Open in Stackblitz

npm i https://pkg.pr.new/vite@19234

commit: aed20f8

@vite-ecosystem-ci
Copy link

vite-ecosystem-ci bot commented Jan 20, 2025

📝 Ran ecosystem CI on ab748ee: Open

suite result latest scheduled
analogjs failure failure
astro failure success
histoire failure failure
nuxt success failure
redwoodjs failure failure
vite-plugin-svelte failure failure
vite-setup-catalogue failure success
vitest failure failure
waku failure failure

ladle, laravel, marko, previewjs, quasar, qwik, rakkas, react-router, storybook, sveltekit, unocss, vike, vite-environment-examples, vite-plugin-pwa, vite-plugin-react, vite-plugin-react-swc, vite-plugin-vue, vitepress, vuepress

@sapphi-red sapphi-red force-pushed the fix/ghsa-vg6x-rcgg-rjx6 branch from ab748ee to aed20f8 Compare January 20, 2025 08:56
@sapphi-red sapphi-red changed the title fix!: test fix!: GHSA-vg6x-rcgg-rjx6 Jan 20, 2025
@sapphi-red sapphi-red mentioned this pull request Jan 20, 2025
Merged
@sapphi-red sapphi-red changed the title fix!: GHSA-vg6x-rcgg-rjx6 fix!: fix GHSA-vg6x-rcgg-rjx6 Jan 20, 2025
@sapphi-red sapphi-red marked this pull request as ready for review January 20, 2025 09:16
@sapphi-red sapphi-red merged commit bd896fb into vitejs:main Jan 20, 2025
17 of 19 checks passed
@sapphi-red sapphi-red deleted the fix/ghsa-vg6x-rcgg-rjx6 branch January 20, 2025 09:21
@sapphi-red sapphi-red mentioned this pull request Jan 20, 2025
Merged
@jacksteamdev jacksteamdev mentioned this pull request Jan 21, 2025
Closed
2 tasks
@MakarMS
Copy link

MakarMS commented Feb 22, 2025
edited
Loading

Hi, my proxying is broken. I understand that after this PR. The same configuration on version 5.2 works fine, but when upgrading to 5.4.14 the connection is not established. If I just go to http://172.18.0.2:5173/ (the most recent log), everything works.


    location / {
        proxy_pass http://landing:5173$uri;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    server: {
        port: 5173,
        allowedHosts: true,
        cors: true
    }

image
image

nginx-1 | 172.18.0.1 - - [22/Feb/2025:10:07:13 +0000] "GET /?token=uGhpbKp8JT_D HTTP/1.1" 400 11 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" "-" 

landing-1     | 
landing-1     | up to date, audited 180 packages in 2s
landing-1     | 
landing-1     | 38 packages are looking for funding
landing-1     |   run npm fund for details
landing-1     | 
landing-1     | 3 moderate severity vulnerabilities
landing-1     | 
landing-1     | To address all issues (including breaking changes), run:
landing-1     |   npm audit fix --force
landing-1     | 
landing-1     | Run npm audit for details.
landing-1     | 
landing-1     | > vite --host
landing-1     | 
landing-1     | 
landing-1     |   VITE v5.4.14  ready in 394 ms
landing-1     | 
landing-1     |   ➜  Local:   http://localhost:5173/
landing-1     |   ➜  Network: http://172.18.0.2:5173/

@MakarMS MakarMS mentioned this pull request Feb 22, 2025
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

trigger: preview

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sapphi-red @MakarMS