[Security]: Vite middleware may serve files starting with the same name with the public directory

### Link zum Dependbot Alert

https://github.com/ncs-northware/northware/security/dependabot/31

### Schweregrad

Low

### Betroffenes Package

ultracite@5.3.4

### Abhängigkeiten

```bash
northware@ /workspaces/northware
├─┬ @changesets/cli@2.29.7 -> ./node_modules/.pnpm/@changesets+cli@2.29.7_@types+node@24.3.3/node_modules/@changesets/cli
│ └─┬ package-manager-detector@0.2.11 -> ./node_modules/.pnpm/package-manager-detector@0.2.11/node_modules/package-manager-detector
│   ├─┬ quansync@0.2.10 -> ./node_modules/.pnpm/quansync@0.2.10/node_modules/quansync
│   │ └── vite@7.0.2 invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
│   └─┬ vitest@3.2.4 invalid: "3.1.4" from node_modules/.pnpm/trpc-cli@0.10.2_typescript@5.9.2/node_modules/trpc-cli -> ./node_modules/.pnpm/vitest@3.2.4_@types+debug@4.1.12_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vitest
│     └── vite@7.0.2 deduped -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
├─┬ @commitlint/cli@19.8.1 -> ./node_modules/.pnpm/@commitlint+cli@19.8.1_@types+node@24.3.3_typescript@5.9.2/node_modules/@commitlint/cli
│ └─┬ yargs@17.7.2 -> ./node_modules/.pnpm/yargs@17.7.2/node_modules/yargs
│   └─┬ rollup@4.44.2 invalid: "^2.23.0" from node_modules/.pnpm/yargs@17.7.2/node_modules/yargs, "^1.23.1" from node_modules/.pnpm/deepmerge@4.3.1/node_modules/deepmerge, "^2.23.1" from node_modules/.pnpm/cliui@8.0.1/node_modules/cliui -> ./node_modules/.pnpm/rollup@4.44.2/node_modules/rollup
│     └── vite@7.0.2 deduped invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
├─┬ typescript@5.9.2 -> ./node_modules/.pnpm/typescript@5.9.2/node_modules/typescript
│ └─┬ source-map-support@0.5.21 -> ./node_modules/.pnpm/source-map-support@0.5.21/node_modules/source-map-support
│   └─┬ webpack@5.99.9 invalid: "^1.15.0" from node_modules/.pnpm/source-map-support@0.5.21/node_modules/source-map-support, "^4.31.0" from node_modules/.pnpm/rxjs@7.8.2/node_modules/rxjs, "^1.12.0" from node_modules/.pnpm/source-map@0.6.1/node_modules/source-map -> ./node_modules/.pnpm/webpack@5.99.9_esbuild@0.25.9/node_modules/webpack
│     └─┬ css-loader@6.11.0 invalid: "^7.1.2" from node_modules/.pnpm/webpack@5.99.9_esbuild@0.25.9/node_modules/webpack -> ./node_modules/.pnpm/css-loader@6.11.0_webpack@5.99.9_esbuild@0.25.9_/node_modules/css-loader
│       └─┬ postcss-loader@8.1.1 invalid: "^6.2.1" from node_modules/.pnpm/css-loader@6.11.0_webpack@5.99.9_esbuild@0.25.9_/node_modules/css-loader -> ./node_modules/.pnpm/postcss-loader@8.1.1_postcss@8.5.6_typescript@5.9.2_webpack@5.99.9_esbuild@0.25.9_/node_modules/postcss-loader
│         └─┬ jiti@1.21.7 -> ./node_modules/.pnpm/jiti@1.21.7/node_modules/jiti
│           └── vite@7.0.2 deduped invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.3" from node_modules/.pnpm/jiti@1.21.7/node_modules/jiti -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
└─┬ ultracite@5.3.4 -> ./node_modules/.pnpm/ultracite@5.3.4_@types+debug@4.1.12_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1_typescript@5.9.2/node_modules/ultracite
  ├─┬ trpc-cli@0.10.2 -> ./node_modules/.pnpm/trpc-cli@0.10.2_typescript@5.9.2/node_modules/trpc-cli
  │ └─┬ @trpc/server@11.4.4 -> ./node_modules/.pnpm/@trpc+server@11.4.4_typescript@5.9.2/node_modules/@trpc/server
  │   └─┬ next@15.5.3 -> ./node_modules/.pnpm/next@15.5.3_@babel+core@7.28.0_react-dom@19.1.1_react@19.1.1__react@19.1.1/node_modules/next
  │     └─┬ storybook@9.1.5 invalid: "8.6.0" from node_modules/.pnpm/next@15.5.3_@babel+core@7.28.0_react-dom@19.1.1_react@19.1.1__react@19.1.1/node_modules/next -> ./node_modules/.pnpm/storybook@9.1.5_@testing-library+dom@10.4.0_prettier@2.8.8_vite@7.0.2_@types+node@22.18_a40199458529514178c4bba99236bb07/node_modules/storybook
  │       ├─┬ @storybook/icons@1.4.0 -> ./node_modules/.pnpm/@storybook+icons@1.4.0_react-dom@19.1.1_react@19.1.1__react@19.1.1/node_modules/@storybook/icons
  │       │ └── vite@7.0.2 deduped invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.3" from node_modules/.pnpm/jiti@1.21.7/node_modules/jiti, "4.2.1" from node_modules/.pnpm/@storybook+icons@1.4.0_react-dom@19.1.1_react@19.1.1__react@19.1.1/node_modules/@storybook/icons -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
  │       └─┬ @vitest/mocker@3.2.4 -> ./node_modules/.pnpm/@vitest+mocker@3.2.4_vite@7.0.2_@types+node@22.18.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1_/node_modules/@vitest/mocker
  │         └─┬ vite@7.0.2 invalid: "^5.4.0" from node_modules/.pnpm/@vitest+mocker@3.2.4_vite@7.0.2_@types+node@22.18.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1_/node_modules/@vitest/mocker -> ./node_modules/.pnpm/vite@7.0.2_@types+node@22.18.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
  │           └─┬ rollup@4.44.2 -> ./node_modules/.pnpm/rollup@4.44.2/node_modules/rollup
  │             └── vite@7.0.2 deduped invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.3" from node_modules/.pnpm/jiti@1.21.7/node_modules/jiti, "4.2.1" from node_modules/.pnpm/@storybook+icons@1.4.0_react-dom@19.1.1_react@19.1.1__react@19.1.1/node_modules/@storybook/icons -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
  └─┬ vitest@3.2.4 -> ./node_modules/.pnpm/vitest@3.2.4_@types+debug@4.1.12_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vitest
    ├─┬ @vitest/mocker@3.2.4 -> ./node_modules/.pnpm/@vitest+mocker@3.2.4_vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1_/node_modules/@vitest/mocker
    │ └── vite@7.0.2 invalid: "^5.4.0" from node_modules/.pnpm/@vitest+mocker@3.2.4_vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1_/node_modules/@vitest/mocker -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
    ├─┬ @vitest/runner@3.2.4 -> ./node_modules/.pnpm/@vitest+runner@3.2.4/node_modules/@vitest/runner
    │ └─┬ strip-literal@3.0.0 -> ./node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal
    │   └── vite@7.0.2 deduped invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
    ├─┬ strip-literal@3.0.0 -> ./node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal
    │ └── vite@7.0.2 deduped invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
    ├─┬ vite-node@3.2.4 -> ./node_modules/.pnpm/vite-node@3.2.4_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite-node
    │ └── vite@7.0.2 -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
    └─┬ vite@7.0.2 -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
      └─┬ rollup@4.44.2 -> ./node_modules/.pnpm/rollup@4.44.2/node_modules/rollup
        └── vite@7.0.2 deduped invalid: "^6.2.2" from node_modules/.pnpm/quansync@0.2.10/node_modules/quansync, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal, "^6.0.7" from node_modules/.pnpm/strip-literal@3.0.0/node_modules/strip-literal -> ./node_modules/.pnpm/vite@7.0.2_@types+node@24.3.3_jiti@2.5.1_lightningcss@1.30.1_terser@5.43.1/node_modules/vite
```

### Beschreibung

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security]: Vite middleware may serve files starting with the same name with the public directory #570

Link zum Dependbot Alert

Schweregrad

Betroffenes Package

Abhängigkeiten

Beschreibung

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security]: Vite middleware may serve files starting with the same name with the public directory #570

Description

Link zum Dependbot Alert

Schweregrad

Betroffenes Package

Abhängigkeiten

Beschreibung

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions