Skip to content

chore: ensure vite's dev server is loopback bound#619

Merged
asanehisa merged 1 commit into
mainfrom
vuln
Jun 17, 2026
Merged

chore: ensure vite's dev server is loopback bound#619
asanehisa merged 1 commit into
mainfrom
vuln

Conversation

@asanehisa

@asanehisa asanehisa commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This vuln requires either a vite upgrade or that the vulnerability isn't reachable.

This PR ensures our dev server is loopback bound and therefore the vulnerability isn't reachable

@coderabbitai

coderabbitai Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e615de0b-7c34-4932-a059-addb5cdb4cfd

📥 Commits

Reviewing files that changed from the base of the PR and between 5c75399 and 24c89f5.

📒 Files selected for processing (1)
  • packages/pages/src/dev/server/server.ts

Walkthrough

server.ts introduces a DEV_SERVER_HOST constant set to "localhost". This constant is then used in two places: the module-specific dev server startup now passes DEV_SERVER_HOST to app.listen, formats the console log as http://localhost:<port>, and constructs the browser-open URL as http://localhost:<port>/modules/<moduleName>; and the default dev server startup similarly passes DEV_SERVER_HOST to app.listen and updates the log from on :<port> to on http://localhost:<port>.

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title 'chore: ensure vite's dev server is loopback bound' directly and clearly describes the main change—configuring the dev server to bind to localhost only.
Description check ✅ Passed The description references a vulnerability (VULN-45051) and explains the security rationale for ensuring the dev server is loopback bound, which aligns with the changeset.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch vuln

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@asanehisa asanehisa marked this pull request as ready for review June 17, 2026 17:56
@asanehisa asanehisa requested a review from a team as a code owner June 17, 2026 17:56
@asanehisa asanehisa merged commit f5b8058 into main Jun 17, 2026
32 checks passed
@asanehisa asanehisa deleted the vuln branch June 17, 2026 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkilpatrick mkilpatrick mkilpatrick approved these changes

@benlife5 benlife5 benlife5 approved these changes

@briantstephan briantstephan Awaiting requested review from briantstephan

@jwartofsky-yext jwartofsky-yext Awaiting requested review from jwartofsky-yext

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asanehisa @mkilpatrick @benlife5