[Snyk] Upgrade wireit from 0.14.4 to 0.14.12

[nn6n]

Snyk has created this PR to upgrade wireit from 0.14.4 to 0.14.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.

• The recommended version was released 4 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	222	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	222	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	222	No Known Exploit
	Incorrect Authorization SNYK-JS-VITE-9653016	222	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	222	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	222	Proof of Concept
	Improper Access Control SNYK-JS-VITE-6531286	222	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	222	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	222	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	222	Mature
	Access Control Bypass SNYK-JS-VITE-9576207	222	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	222	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	222	Proof of Concept
	Missing Origin Validation in WebSockets SNYK-JS-VITEST-8688130	222	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	222	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	222	Proof of Concept

Release notes

Package name: wireit

• 0.14.12 - 2025-04-10
  

  Release 0.14.12 (#1304)

• 0.14.11 - 2025-02-07
  

  Release 0.14.11 and update dependencies

• 0.14.10 - 2025-01-28
  

  Also update dependencies

• 0.14.10-pre.0 - 2025-01-28
  

  0.14.10-pre.0

• 0.14.9 - 2024-09-03
  

  Release 0.14.9 (#1179)

• 0.14.9-pre.1 - 2024-08-31
• 0.14.8 - 2024-08-23
  

  Release 0.14.8 (#1170)

• 0.14.7 - 2024-08-05
• 0.14.7-pre.3 - 2024-08-05
• 0.14.7-pre.2 - 2024-08-05
• 0.14.7-pre.1 - 2024-08-05
• 0.14.6 - 2024-08-05
• 0.14.6-pre.1 - 2024-08-05
• 0.14.5 - 2024-07-09
• 0.14.4 - 2024-01-26

from wireit GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @nn6n, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs an essential security update by upgrading the wireit dependency. The primary goal is to mitigate a significant number of identified vulnerabilities, thereby enhancing the overall security posture of the project. This is a routine maintenance update to ensure the project remains secure against known exploits.

Highlights

• Dependency Upgrade: The wireit dependency has been upgraded from version 0.14.4 to 0.14.12.
• Security Fixes: This upgrade resolves 16 security vulnerabilities, including several high-severity issues such as 'Excessive Platform Resource Consumption within a Loop', 'Regular Expression Denial of Service (ReDoS)', 'Inefficient Regular Expression Complexity', and 'Incorrect Authorization'.
• Version Information: The new version of wireit was released approximately 4 months ago and covers 14 versions ahead of the current one.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades the wireit dependency from version 0.14.4 to 0.14.12, which is an important security update to patch several high and medium severity vulnerabilities. While the change in wasm/hello-world/package.json is correct, this PR is missing the corresponding update to wasm/hello-world/package-lock.json. This is a critical omission, as without the updated lock file, the old, vulnerable version of wireit may still be installed, defeating the purpose of this upgrade. Please update the lock file by running npm install within the wasm/hello-world directory and commit the changes.

[gemini-code-assist]

While updating the wireit version here is correct, the package-lock.json file for this sub-project (wasm/hello-world/package-lock.json) has not been updated in this pull request. To ensure that the new, secure version of the dependency is actually installed in all environments, the lock file must be updated and committed as well. Please run npm install in the wasm/hello-world directory and commit the updated package-lock.json.