Skip to content

Commit ebaa346

Browse files
scottschreckengaustscottschreckengaust
authored
fix(security): bump esbuild to >=0.28.1 to clear GHSA-gv7w-rqvm-qjhr and GHSA-g7r4-m6w7-qqqr (#333) (#334)
esbuild 0.27.7 is affected by GHSA-gv7w-rqvm-qjhr (high, CVSS 8.1) and GHSA-g7r4-m6w7-qqqr (low, CVSS 2.5), failing the OSV dependency scan on every PR. Bump the direct devDependency in cdk/package.json and add a root resolution so the transitive copy pulled in by vite (docs workspace) is also lifted to 0.28.1. Closes #333
1 parent 20c01e4 commit ebaa346

3 files changed

Lines changed: 161 additions & 160 deletions

File tree

cdk/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@
5555
"@typescript-eslint/eslint-plugin": "^8",
5656
"@typescript-eslint/parser": "^8",
5757
"aws-cdk": "^2",
58-
"esbuild": "^0.27.4",
58+
"esbuild": "^0.28.1",
5959
"eslint": "^10",
6060
"eslint-import-resolver-typescript": "^4",
6161
"eslint-plugin-import-x": "^4",

package.json

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

yarn.lock

Lines changed: 159 additions & 159 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)