Update "esbuild" dependency to 0.25.1 to fix GHSA-67mh-4wv8-2f99 #13591

bestagi · 2025-03-16T22:02:47Z

Describe the bug

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ esbuild enables any website to send any requests to │
│ │ the development server and read the response │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ esbuild │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <=0.24.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=0.25.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ . > @sveltejs/adapter-vercel@5.6.3 > esbuild@0.24.2 │
│ │ │
│ │ . > drizzle-kit@0.30.5 > @esbuild-kit/esm-loader@2.6.5 │
│ │ > @esbuild-kit/core-utils@3.3.2 > esbuild@0.18.20 │
│ │ │
│ │ . > drizzle-kit@0.30.5 > esbuild@0.19.12 │
│ │ │
│ │ ... Found 4 paths, run pnpm why esbuild for more │
│ │ information │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ GHSA-67mh-4wv8-2f99 │
└─────────────────────┴────────────────────────────────────────────────────────┘

and see changelog for breaking change https://github.com/evanw/esbuild/releases/tag/v0.25.0

Reproduction

pnpm audit

Logs

System Info

System:
    OS: Linux 6.11 Ubuntu 24.04.2 LTS 24.04.2 LTS (Noble Numbat)
    CPU: (2) x64 AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G
    Memory: 3.02 GB / 6.66 GB
    Container: Yes
    Shell: 5.2.21 - /bin/bash
  Binaries:
    Node: 22.14.0 - ~/.local/share/mise/installs/node/22.14.0/bin/node
    npm: 11.2.0 - ~/.local/share/mise/installs/node/22.14.0/bin/npm
    pnpm: 10.6.3 - ~/.local/share/mise/installs/aqua-pnpm-pnpm/10.6.3/pnpm
    bun: 1.2.5 - ~/.local/share/mise/installs/bun/1.2.5/bin/bun
  Browsers:
    Chrome: 134.0.6998.88
  npmPackages:
    @sveltejs/adapter-vercel: ^5.6.3 => 5.6.3 
    @sveltejs/kit: ^2.19.2 => 2.19.2 
    @sveltejs/vite-plugin-svelte: ^5.0.3 => 5.0.3 
    svelte: ^5.23.0 => 5.23.0 
    vite: ^6.2.2 => 6.2.2

Severity

annoyance

Additional Information

No response

The text was updated successfully, but these errors were encountered:

Conduitry · 2025-03-24T19:10:30Z

FWIW, this warning can be safely ignored, as we do not use esbuild's dev server.

bestagi · 2025-03-25T13:00:29Z

okay, thanks for the information. sorry im to noob to know that kit not use esbuild dev server

Conduitry added the task label Mar 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update "esbuild" dependency to 0.25.1 to fix GHSA-67mh-4wv8-2f99 #13591

Update "esbuild" dependency to 0.25.1 to fix GHSA-67mh-4wv8-2f99 #13591

bestagi commented Mar 16, 2025 •

edited

Loading

Conduitry commented Mar 24, 2025

bestagi commented Mar 25, 2025 •

edited

Loading

Update "esbuild" dependency to 0.25.1 to fix GHSA-67mh-4wv8-2f99 #13591

Update "esbuild" dependency to 0.25.1 to fix GHSA-67mh-4wv8-2f99 #13591

Comments

bestagi commented Mar 16, 2025 • edited Loading

Describe the bug

Reproduction

Logs

System Info

Severity

Additional Information

Conduitry commented Mar 24, 2025

bestagi commented Mar 25, 2025 • edited Loading

bestagi commented Mar 16, 2025 •

edited

Loading

bestagi commented Mar 25, 2025 •

edited

Loading