fix: resolve esbuild vulnerability via npm override (#16) #17

Merged

maximus merged 1 commit from fix/simpl-liste-16-esbuild-vulnerability into master

2026-03-08 15:25:15 +00:00

Author	SHA1	Message	Date
medic-bot	ce21337042	Add npm override to force esbuild ^0.25.0 across all dependencies The transitive dependency chain drizzle-kit -> @esbuild-kit/esm-loader -> @esbuild-kit/core-utils pulled in esbuild@0.18.20 which is vulnerable to GHSA-67mh-4wv8-2f99. Adding an npm override forces all nested esbuild instances to use ^0.25.0, resolving all 4 moderate audit findings. Ref: simpl-liste#16 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-08 11:02:46 -04:00

Author

SHA1

Message

Date

medic-bot

ce21337042

Add npm override to force esbuild ^0.25.0 across all dependencies

The transitive dependency chain drizzle-kit -> @esbuild-kit/esm-loader ->
@esbuild-kit/core-utils pulled in esbuild@0.18.20 which is vulnerable to
GHSA-67mh-4wv8-2f99. Adding an npm override forces all nested esbuild
instances to use ^0.25.0, resolving all 4 moderate audit findings.

Ref: simpl-liste#16

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-08 11:02:46 -04:00