chore(deps): update dependency vite to v5.1.7 [security] (#66)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.1.4` -> `5.1.7`](https://renovatebot.com/diffs/npm/vite/5.1.4/5.1.7) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.1.4/5.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.1.4/5.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

### GitHub Vulnerability Alerts

#### [CVE-2024-31207](https://togithub.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g)

### Summary
[Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/**/*`.

### Impact
Only apps setting a custom `server.fs.deny` that includes a pattern with directories, and explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.

### Patches
Fixed in vite@5.2.6, vite@5.1.7, vite@5.0.13, vite@4.5.3, vite@3.2.10, vite@2.9.18

### Details
`server.fs.deny` uses picomatch with the config of `{ matchBase: true }`. [matchBase](https://togithub.com/micromatch/picomatch/blob/master/README.md#options:~:text=Description-,basename,-boolean) only matches the basename of the file, not the path due to a bug ([micromatch/picomatch#89). The vite config docs read like you should be able to set fs.deny to glob with picomatch. Vite also does not set `{ dot: true }` and that causes [dotfiles not to be denied](https://togithub.com/micromatch/picomatch/blob/master/README.md#options:~:text=error%20is%20thrown.-,dot,-boolean) unless they are explicitly defined.

**Reproduction**

Set fs.deny to `['**/.git/**']` and then curl for `/.git/config`.

* with `matchBase: true`, you can get any file under  `.git/` (config, HEAD, etc).
* with `matchBase: false`, you cannot get any file under  `.git/` (config, HEAD, etc).

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

### [`v5.1.7`](https://togithub.com/vitejs/vite/releases/tag/v5.1.7)

[Compare Source](https://togithub.com/vitejs/vite/compare/v5.1.6...v5.1.7)

Please refer to [CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v5.1.7/packages/vite/CHANGELOG.md) for details.

### [`v5.1.6`](https://togithub.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small516-2024-03-11-small)

[Compare Source](https://togithub.com/vitejs/vite/compare/v5.1.5...v5.1.6)

-   chore(deps): update all non-major dependencies ([#&#8203;16131](https://togithub.com/vitejs/vite/issues/16131)) ([a862ecb](https://togithub.com/vitejs/vite/commit/a862ecb)), closes [#&#8203;16131](https://togithub.com/vitejs/vite/issues/16131)
-   fix: check for publicDir before checking if it is a parent directory ([#&#8203;16046](https://togithub.com/vitejs/vite/issues/16046)) ([b6fb323](https://togithub.com/vitejs/vite/commit/b6fb323)), closes [#&#8203;16046](https://togithub.com/vitejs/vite/issues/16046)
-   fix: escape single quote when relative base is used ([#&#8203;16060](https://togithub.com/vitejs/vite/issues/16060)) ([8f74ce4](https://togithub.com/vitejs/vite/commit/8f74ce4)), closes [#&#8203;16060](https://togithub.com/vitejs/vite/issues/16060)
-   fix: handle function property extension in namespace import ([#&#8203;16113](https://togithub.com/vitejs/vite/issues/16113)) ([f699194](https://togithub.com/vitejs/vite/commit/f699194)), closes [#&#8203;16113](https://togithub.com/vitejs/vite/issues/16113)
-   fix: server middleware mode resolve ([#&#8203;16122](https://togithub.com/vitejs/vite/issues/16122)) ([8403546](https://togithub.com/vitejs/vite/commit/8403546)), closes [#&#8203;16122](https://togithub.com/vitejs/vite/issues/16122)
-   fix(esbuild): update tsconfck to fix bug that could cause a deadlock  ([#&#8203;16124](https://togithub.com/vitejs/vite/issues/16124)) ([fd9de04](https://togithub.com/vitejs/vite/commit/fd9de04)), closes [#&#8203;16124](https://togithub.com/vitejs/vite/issues/16124)
-   fix(worker): hide "The emitted file overwrites" warning if the content is same ([#&#8203;16094](https://togithub.com/vitejs/vite/issues/16094)) ([60dfa9e](https://togithub.com/vitejs/vite/commit/60dfa9e)), closes [#&#8203;16094](https://togithub.com/vitejs/vite/issues/16094)
-   fix(worker): throw error when circular worker import is detected and support self referencing worker ([eef9da1](https://togithub.com/vitejs/vite/commit/eef9da1)), closes [#&#8203;16103](https://togithub.com/vitejs/vite/issues/16103)
-   style(utils): remove null check ([#&#8203;16112](https://togithub.com/vitejs/vite/issues/16112)) ([0d2df52](https://togithub.com/vitejs/vite/commit/0d2df52)), closes [#&#8203;16112](https://togithub.com/vitejs/vite/issues/16112)
-   refactor(runtime): share more code between runtime and main bundle ([#&#8203;16063](https://togithub.com/vitejs/vite/issues/16063)) ([93be84e](https://togithub.com/vitejs/vite/commit/93be84e)), closes [#&#8203;16063](https://togithub.com/vitejs/vite/issues/16063)

### [`v5.1.5`](https://togithub.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small515-2024-03-04-small)

[Compare Source](https://togithub.com/vitejs/vite/compare/v5.1.4...v5.1.5)

-   fix: `__vite__mapDeps` code injection ([#&#8203;15732](https://togithub.com/vitejs/vite/issues/15732)) ([aff54e1](https://togithub.com/vitejs/vite/commit/aff54e1)), closes [#&#8203;15732](https://togithub.com/vitejs/vite/issues/15732)
-   fix: analysing build chunk without dependencies ([#&#8203;15469](https://togithub.com/vitejs/vite/issues/15469)) ([bd52283](https://togithub.com/vitejs/vite/commit/bd52283)), closes [#&#8203;15469](https://togithub.com/vitejs/vite/issues/15469)
-   fix: import with query with imports field ([#&#8203;16085](https://togithub.com/vitejs/vite/issues/16085)) ([ab823ab](https://togithub.com/vitejs/vite/commit/ab823ab)), closes [#&#8203;16085](https://togithub.com/vitejs/vite/issues/16085)
-   fix: normalize literal-only entry pattern ([#&#8203;16010](https://togithub.com/vitejs/vite/issues/16010)) ([1dccc37](https://togithub.com/vitejs/vite/commit/1dccc37)), closes [#&#8203;16010](https://togithub.com/vitejs/vite/issues/16010)
-   fix: optimizeDeps.entries with literal-only pattern(s) ([#&#8203;15853](https://togithub.com/vitejs/vite/issues/15853)) ([49300b3](https://togithub.com/vitejs/vite/commit/49300b3)), closes [#&#8203;15853](https://togithub.com/vitejs/vite/issues/15853)
-   fix: output correct error for empty import specifier ([#&#8203;16055](https://togithub.com/vitejs/vite/issues/16055)) ([a9112eb](https://togithub.com/vitejs/vite/commit/a9112eb)), closes [#&#8203;16055](https://togithub.com/vitejs/vite/issues/16055)
-   fix: upgrade esbuild to 0.20.x ([#&#8203;16062](https://togithub.com/vitejs/vite/issues/16062)) ([899d9b1](https://togithub.com/vitejs/vite/commit/899d9b1)), closes [#&#8203;16062](https://togithub.com/vitejs/vite/issues/16062)
-   fix(runtime): runtime HMR affects only imported files ([#&#8203;15898](https://togithub.com/vitejs/vite/issues/15898)) ([57463fc](https://togithub.com/vitejs/vite/commit/57463fc)), closes [#&#8203;15898](https://togithub.com/vitejs/vite/issues/15898)
-   fix(scanner): respect  `experimentalDecorators: true` ([#&#8203;15206](https://togithub.com/vitejs/vite/issues/15206)) ([4144781](https://togithub.com/vitejs/vite/commit/4144781)), closes [#&#8203;15206](https://togithub.com/vitejs/vite/issues/15206)
-   revert: "fix: upgrade esbuild to 0.20.x" ([#&#8203;16072](https://togithub.com/vitejs/vite/issues/16072)) ([11cceea](https://togithub.com/vitejs/vite/commit/11cceea)), closes [#&#8203;16072](https://togithub.com/vitejs/vite/issues/16072)
-   refactor: share code with vite runtime ([#&#8203;15907](https://togithub.com/vitejs/vite/issues/15907)) ([b20d542](https://togithub.com/vitejs/vite/commit/b20d542)), closes [#&#8203;15907](https://togithub.com/vitejs/vite/issues/15907)
-   refactor(runtime): use functions from `pathe` ([#&#8203;16061](https://togithub.com/vitejs/vite/issues/16061)) ([aac2ef7](https://togithub.com/vitejs/vite/commit/aac2ef7)), closes [#&#8203;16061](https://togithub.com/vitejs/vite/issues/16061)
-   chore(deps): update all non-major dependencies ([#&#8203;16028](https://togithub.com/vitejs/vite/issues/16028)) ([7cfe80d](https://togithub.com/vitejs/vite/commit/7cfe80d)), closes [#&#8203;16028](https://togithub.com/vitejs/vite/issues/16028)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/mheob/changeset-changelog).