[Snyk] Upgrade vite from 7.0.6 to 7.1.12

[DysektAI]

Snyk has created this PR to upgrade vite from 7.0.6 to 7.1.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 17 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Directory Traversal SNYK-JS-VITE-13644406	51	Proof of Concept
	Relative Path Traversal SNYK-JS-VITE-12558116	51	Proof of Concept

Release notes

Package name: vite

• 7.1.12 - 2025-10-23
  

  Please refer to CHANGELOG.md for details.

• 7.1.11 - 2025-10-20
  

  Please refer to CHANGELOG.md for details.

• 7.1.10 - 2025-10-14
  

  Please refer to CHANGELOG.md for details.

• 7.1.9 - 2025-10-03
  

  Please refer to CHANGELOG.md for details.

• 7.1.8 - 2025-10-02
  

  Please refer to CHANGELOG.md for details.

• 7.1.7 - 2025-09-22
• 7.1.6 - 2025-09-18
• 7.1.5 - 2025-09-08
• 7.1.4 - 2025-09-01
• 7.1.3 - 2025-08-19
• 7.1.2 - 2025-08-12
• 7.1.1 - 2025-08-08
• 7.1.0 - 2025-08-07
• 7.1.0-beta.1 - 2025-08-05
• 7.1.0-beta.0 - 2025-07-30
• 7.0.8 - 2025-10-20
  

  Please refer to CHANGELOG.md for details.

• 7.0.7 - 2025-09-08
• 7.0.6 - 2025-07-24

from vite GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-4fa4d7feb12fbe68aa80c1265c7f4c1b

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR upgrades Vite from version 7.0.6 to 7.1.12 to address two security vulnerabilities: a medium-severity Directory Traversal issue (SNYK-JS-VITE-13644406) and a low-severity Relative Path Traversal issue (SNYK-JS-VITE-12558116). The upgrade also includes updates to several transitive dependencies including rollup (4.41.0 → 4.53.3), fdir (6.4.6 → 6.5.0), tinyglobby (0.2.14 → 0.2.15), and @types/estree (1.0.7 → 1.0.8).

Key changes:

• Security fix: Upgrades vite to patch directory traversal vulnerabilities
• Dependency updates: Updates rollup and related platform-specific binaries
• Architecture support: Adds new platform support (OpenHarmony ARM64, Windows x64 GNU) and renames some architecture packages

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
frontend/package.json	Updates vite version constraint from ^7.0.6 to ^7.1.12
frontend/package-lock.json	Updates vite, rollup, and transitive dependencies with new versions and integrity hashes; adds new platform-specific rollup binaries

Files not reviewed (1)

• frontend/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Update root lockfile for Vite upgrade

The workspace manifest now requires vite ^7.1.12 (frontend/package.json), but the root workspace lockfile still locks vite to 7.0.6 (see package-lock.json entries under packages.frontend and node_modules/vite). npm ci expects package.json and package-lock.json to stay in sync, so the root workflows that run npm ci from the repository root (e.g., .github/workflows/firebase-hosting-merge.yml) will either abort or continue installing the older 7.0.6 build instead of the patched version. Please regenerate the root lockfile alongside the dependency bump to keep deployments installable and on the intended version.

Useful? React with 👍 / 👎.