Pensar - Upgrade vite from 5.1.6 to 5.1.8

[pensarappdev]

Upgrading vite from 5.1.6 to 5.1.8

Fixes Summary

File	Fix Explanation
/package.json	While the initial patch in version 5.1.7 addressed vulnerabilities related mainly to the bypass techniques against server.fs.deny (including issues like improperly restricted file access and initial DOM clobbering concerns), subsequent testing revealed that version 5.1.7 still permitted bypasses — for example, through query parameters such as “?import&raw”, variants that use trailing separators (e.g. “?raw??”), file extension tricks with “.svg”, and even the DOM clobbering gadget itself remaining exploitable in bundled scripts. The detailed vulnerability report for version 5.1.7 indicates that these attacks remain feasible, leading to unauthorized file access or potential XSS. The minimal upgrade that fully addresses all these bypass vulnerabilities is version 5.1.8. Upgrading to version 5.1.8 ensures stricter query validation and improved security checks, mitigating all documented bypass risks.
/package-lock.json	While the initial patch in version 5.1.7 addressed vulnerabilities related mainly to the bypass techniques against server.fs.deny (including issues like improperly restricted file access and initial DOM clobbering concerns), subsequent testing revealed that version 5.1.7 still permitted bypasses — for example, through query parameters such as “?import&raw”, variants that use trailing separators (e.g. “?raw??”), file extension tricks with “.svg”, and even the DOM clobbering gadget itself remaining exploitable in bundled scripts. The detailed vulnerability report for version 5.1.7 indicates that these attacks remain feasible, leading to unauthorized file access or potential XSS. The minimal upgrade that fully addresses all these bypass vulnerabilities is version 5.1.8. Upgrading to version 5.1.8 ensures stricter query validation and improved security checks, mitigating all documented bypass risks.