From 54c58edd12ac53fc2e125d8712e8a22f5aabf1dd Mon Sep 17 00:00:00 2001
From: Parth Bansal <parth.bansal@databricks.com>
Date: Tue, 16 Jun 2026 12:21:49 +0000
Subject: [PATCH] Bump vite to 6.4.3 to resolve security alerts

Resolves two open Dependabot alerts on vite, both fixed in 6.4.3 (a patch from
the current 6.4.2): GHSA-fx2h-pf6j-xcff (high, server.fs.deny bypass on Windows
alternate paths) and GHSA-v6wh-96g9-6wx3 (medium, launch-editor NTLMv2 hash
disclosure via UNC paths on Windows). vite is a dev/test dependency and 6.4.3 is
well past the JFrog 7-day cooldown, so this is a clean, mergeable bump.

Co-authored-by: Isaac
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3b739df5..bd6fc4e8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,7 +25,7 @@
         "turbo": "2.9.14",
         "typedoc": "^0.28.19",
         "typescript": "^5.7.0",
-        "vite": "^6.4.0",
+        "vite": "^6.4.3",
         "vitest": "^3.2.6"
       },
       "engines": {
@@ -5125,9 +5125,9 @@
       }
     },
     "node_modules/vite": {
-      "version": "6.4.2",
-      "resolved": "https://npm-proxy.dev.databricks.com/vite/-/vite-6.4.2.tgz",
-      "integrity": "sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ==",
+      "version": "6.4.3",
+      "resolved": "https://npm-proxy.dev.databricks.com/vite/-/vite-6.4.3.tgz",
+      "integrity": "sha512-NTKlcQjlAK7MlQoyb6LgaqHc8sso/pVyUJYWMws3jg21uTJw/LddqIFPcPqP6PzpgbIcZyKI85sFE4HBrQDA8A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index c42d43ff..da240e8f 100644
--- a/package.json
+++ b/package.json
@@ -41,7 +41,7 @@
     "turbo": "2.9.14",
     "typedoc": "^0.28.19",
     "typescript": "^5.7.0",
-    "vite": "^6.4.0",
+    "vite": "^6.4.3",
     "vitest": "^3.2.6"
   },
   "overrides": {