trigger.dev icon indicating copy to clipboard operation
trigger.dev copied to clipboard
Published 2 weeks ago verified publisher icon triggerdotdev

[CLI] upgrade esbuild to `0.25.0` (GHSA-67mh-4wv8-2f99)

Open madebyfabian opened this issue 10 months ago • 1 comments

I got a dependabot security alert, that the trigger.dev npm cli package uses [email protected], which has a vulnerability (see https://github.com/advisories/GHSA-67mh-4wv8-2f99)

Even though it's a CLI and (in my understanding) will not be facing network, I think it would be good to still upgrade esbuild to 0.25.0 or higher.

If you feel this is not important, you can of course close this. Just wanted to bring this to attention :)

madebyfabian avatar Mar 06 '25 09:03 madebyfabian

@madebyfabian Do we need that because i was trying to upgrade it and it shows unmet peer dependencies react18

Image

Rudra-Sankha-Sinhamahapatra avatar Mar 08 '25 20:03 Rudra-Sankha-Sinhamahapatra