Update dependency vite to v5.0.13 [SECURITY] (#273)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [vite](https://vitejs.dev) ([source](https://github.com/vitejs/vite/tree/HEAD/packages/vite)) | devDependencies | patch | [`5.0.12` -> `5.0.13`](https://renovatebot.com/diffs/npm/vite/5.0.12/5.0.13) |

---

### Vite's `server.fs.deny` did not deny requests for patterns with directories.
[GHSA-8jhw-289h-jh2g](GHSA-8jhw-289h-jh2g)

<details>
<summary>More information</summary>

#### Details
##### Summary
[Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/**/*`.

##### Impact
Only apps setting a custom `server.fs.deny` that includes a pattern with directories, and explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.

##### Patches
Fixed in [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]

##### Details
`server.fs.deny` uses picomatch with the config of `{ matchBase: true }`. [matchBase](https://github.com/micromatch/picomatch/blob/master/README.md#options:~:text=Description-,basename,-boolean) only matches the basename of the file, not the path due to a bug (micromatch/picomatch#89). The vite config docs read like you should be able to set fs.deny to glob with picomatch. Vite also does not set `{ dot: true }` and that causes [dotfiles not to be denied](https://github.com/micromatch/picomatch/blob/master/README.md#options:~:text=error%20is%20thrown.-,dot,-boolean) unless they are explicitly defined.

**Reproduction**

Set fs.deny to `['**/.git/**']` and then curl for `/.git/config`.

* with `matchBase: true`, you can get any file under  `.git/` (config, HEAD, etc).
* with `matchBase: false`, you cannot get any file under  `.git/` (config, HEAD, etc).

#### Severity
- CVSS Score: 5.9 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`

#### References
- [https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g](https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g)
- [https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0](https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0)
- [https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48](https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48)
- [https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67](https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67)
- [https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9](https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9)
- [https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258](https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258)
- [https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649](https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649)
- [https://github.com/vitejs/vite](https://github.com/vitejs/vite)

This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-8jhw-289h-jh2g) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

### [`v5.0.13`](https://github.com/vitejs/vite/releases/tag/v5.0.13)

[Compare Source](vitejs/vite@v5.0.12...v5.0.13)

Please refer to [CHANGELOG.md](https://github.com/vitejs/vite/blob/v5.0.13/packages/vite/CHANGELOG.md) for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xODIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE4Mi4wIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCJ9-->

Reviewed-on: https://git.zzdats.lv/lx/demo/pulls/273
Co-authored-by: Renovate Bot <[email protected]>
Co-committed-by: Renovate Bot <[email protected]>

package.json

@@ -38,7 +38,7 @@
     "jest": "^29.7.0",
     "jsdom": "^24.0.0",
     "prettier": "^2.8.8",
-    "vite": "5.0.12",
+    "vite": "5.0.13",
     "vite-plugin-html": "^3.2.2",
     "vite-plugin-mkcert": "^1.17.3",
     "vite-plugin-mock-server": "^1.1.2",