Dependabot cannot update esbuild to a non-vulnerable version #4580

rdeavila · 2025-02-25T12:52:35Z

Hello!

I didn't use any issue template since this is not a but nor a feature request 😃

I have this Dependabot alert on my repo, but he can't do any change since esbuild can't be updated to the mentioned version. I saw a PR #4558 which do this upgrade, but it was closed.

There's something I can do? Or just ignore this alert?

https://github.com/rdeavila/rda.run/security/dependabot/17

Dependabot cannot update esbuild to a non-vulnerable version
The latest possible version that can be installed is 0.21.5 because of the following conflicting dependencies:

[email protected] requires esbuild@^0.21.3 via [email protected]
No patched version available for esbuild
The earliest fixed version is 0.25.0.

The text was updated successfully, but these errors were encountered:

brc-dd · 2025-02-25T12:55:06Z

You can discard that vulnerability report. VitePress and Vite don't use the impacted functionality of esbuild. vitejs/vite#19412, vitejs/vite#19428

brc-dd closed this as not planned Won't fix, can't repro, duplicate, stale Feb 25, 2025

github-actions bot locked as resolved and limited conversation to collaborators Mar 5, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot cannot update esbuild to a non-vulnerable version #4580

Dependabot cannot update esbuild to a non-vulnerable version #4580

rdeavila commented Feb 25, 2025

brc-dd commented Feb 25, 2025 •

edited

Loading

Dependabot cannot update esbuild to a non-vulnerable version #4580

Dependabot cannot update esbuild to a non-vulnerable version #4580

Comments

rdeavila commented Feb 25, 2025

brc-dd commented Feb 25, 2025 • edited Loading

brc-dd commented Feb 25, 2025 •

edited

Loading