Skip to content

[codex] patch Vite security advisory#1

Draft
Vedasheersh wants to merge 37 commits intotheproteinbot:mainfrom
Vedasheersh:codex/vite-security-fix
Draft

[codex] patch Vite security advisory#1
Vedasheersh wants to merge 37 commits intotheproteinbot:mainfrom
Vedasheersh:codex/vite-security-fix

Conversation

@Vedasheersh
Copy link
Copy Markdown

@Vedasheersh Vedasheersh commented Apr 7, 2026

Summary

  • bump frontend vite from ^6.3.5 to ^6.4.2
  • refresh the frontend lockfile to install patched vite 6.4.2
  • pick up lockfile-only fixes for picomatch and brace-expansion

Why

GitHub flagged catpred/web/frontend/package-lock.json for CVE-2026-39363 / GHSA-p9ff-h696-f583, which affects Vite 6.0.0 through 6.4.1. This branch moves the frontend to the first patched 6.x release and clears the remaining frontend audit findings in the lockfile.

Impact

  • resolves the Vite Dependabot alert for the frontend dependency tree
  • keeps the change limited to frontend dependency metadata and lockfile updates
  • avoids pulling unrelated work from the current local feature branch

Validation

  • npm audit
  • npm run build

theproteinbot and others added 30 commits February 28, 2026 14:03
@theproteinbot
Fix prediction pipeline robustness and checkpoint compatibility
a22e475
@theproteinbot
Update setup and usage docs for resilient local workflows
00416bb
@theproteinbot
Phase 0: harden inference runtime and packaging entrypoints
56c15d4
@theproteinbot
Phase 1: extract reusable inference service core
89d6866
@theproteinbot
Phase 2: add web API and optional modal backend routing
968b549
@theproteinbot
Phase 3.1: harden API request surface and path guardrails
7d11672
@theproteinbot
Phase 3.2: unify packaging metadata via setup.cfg
cd6f22a
@theproteinbot
Phase 3.3: centralize deserialization policy and enforce trusted roots
84f3e42
@Vedasheersh
Merge pull request maranasgroup#33 from theproteinbot/codex/e2e-fixes
fbb5ef0 
Harden inference API and add secure backend/deserialization architecture
@theproteinbot
docs: align API checkpoint_dir guidance with current guardrails
919a863
@theproteinbot
feat: ship web UI refresh and vercel deployment support
135b9e4
@theproteinbot
docs+deploy: add modal endpoint scaffold for vercel backend
cd655e0
@theproteinbot
fix(modal): make prediction endpoint runtime-compatible and lazy-load…
db8a2bb 
… train package
@theproteinbot
chore(vercel): prefill env file with deployed modal endpoint
da7b867
@theproteinbot
fix(vercel): remove functions/builds conflict
0c902da
@theproteinbot
ci: add GitHub Actions validation and Modal auto-deploy
a89216c
@theproteinbot
fix(web): support modal-only deployments and backend-aware fallback
75fe7b5
@theproteinbot
fix(web): timeout long predict calls and cache-bust static assets
d8a095d
@theproteinbot
feat(web): streamline production landing and improve scrolling
39d6bdc
@theproteinbot
refactor(web): reduce landing page to prediction studio
eec74d5
@theproteinbot
style(web): highlight publication and repository links
52476d1
@theproteinbot
fix(ci): avoid secrets in deploy workflow conditionals
e382f93
@theproteinbot @claude
feat(web): redesign input form with multi-substrate support and Ki se…
3a35d0b 
…paration

Replace the 3-pill parameter selector with two top-level modes:
- Substrate kinetics (kcat/Km): per-entry multi-substrate inputs with
  primary marker — primary goes to Km, all joined for kcat
- Inhibition (Ki): single inhibitor SMILES input

Key changes:
- New SubstrateInputs component with radio primary selector
- ParameterSelector now shows mode pills + kcat/Km checkboxes
- usePrediction supports running multiple predictions in parallel
- ResultPanel displays grouped results per parameter
- Units render with Unicode superscripts (s⁻¹ instead of s^(-1))
- Header updated with Maranas Group link, field order: sequence first
- Sample data for both modes (glucokinase/glucose+ATP, coumaric acid/P11544)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
fix(web): remove legacy index.html fallback
2447ef7 
Stop silently falling back to static/index.html when the Vue
dist build is missing — surface a clear 404 instead so deployment
issues are visible rather than hidden behind the old page.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
style(web): move Maranas Group attribution to footer
c696216 
Move "Developed in Maranas Group at Penn State" with link to
maranasgroup.com into the footer. Keep only Paper and GitHub
links in the header.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
feat(web): add GoatCounter visit tracking with footer counter
4863d26 
Add GoatCounter analytics script (privacy-friendly, no cookies)
and display visit count in the footer via GoatCounter's public
JSON API. Counter gracefully hides if the API is unreachable.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
style(web): remove favicon from browser tab
b4d7b3b 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Vedasheersh
Merge pull request maranasgroup#35 from theproteinbot/feat/multi-subs…
ff1204d 
…trate-ki-separation

feat(web): multi-substrate input, Ki separation, and frontend improvements
@theproteinbot @claude
docs(readme): add web app section, frontend dev info, and update cita…
f889937 
…tion

Add www.catpred.com badge and Web App section highlighting the live
prediction tool. Document Vue 3 frontend location and dev/build
commands in the Web API section. Update citation from bioRxiv preprint
to published Nature Communications reference (2025, vol 16, art 2072).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
docs(readme): add web app announcement
8223db5 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
theproteinbot and others added 7 commits March 14, 2026 22:40
@theproteinbot @claude
docs(readme): use date instead of NEW for web app announcement
bbcc77a 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
docs(readme): remove TODO from announcements
daa3e61 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
docs(readme): update POST example with real glucokinase + glucose sample
f9c59c7 
Replace placeholder SMILES/sequence with the same human glucokinase
(GCK, UniProt P35557) + D-glucose example used on www.catpred.com.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@theproteinbot @claude
docs(readme): fix backtick typo, URL casing, add ToC entries & Docker…
e854d0a 
… section; remove favicon

- Fix 4-backtick code block closing to 3
- Fix git clone URL casing (catpred → CatPred)
- Add Fine-Tuning and Docker entries to Table of Contents
- Add Docker subsection under Local Installation
- Remove favicon SVG and its link tag from index.html

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Vedasheersh
Merge pull request maranasgroup#36 from theproteinbot/feat/multi-subs…
00163e1 
…trate-ki-separation

docs(readme): add web app section and update citation
@Vedasheersh
Remove CI/CD section and incorrect fine-tuning section from README
4c7149e
@theproteinbot
fix(frontend): patch vite security advisory
1786e0f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vedasheersh @theproteinbot