Skip to content

fix: bump modern.js to v2.68.0 to fix esbuild vulnerability #3880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: bump modern.js to v2.68.0 to fix esbuild vulnerability #3880

wants to merge 1 commit into from

Conversation

Julien-Marcou
Copy link

Description

Bump modern.js to fix esbuild vulnerability

Related Issue

Closes #3719

Types of changes

  • Docs change / refactoring / dependency upgrade
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have updated the documentation.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 3, 2025

🦋 Changeset detected

Latest commit: ceb0e15

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 33 packages
Name Type
create-module-federation Patch
@module-federation/devtools Patch
@module-federation/modern-js Patch
@module-federation/modernjsapp Patch
@module-federation/cli Patch
@module-federation/enhanced Patch
@module-federation/nextjs-mf Patch
@module-federation/node Patch
@module-federation/rsbuild-plugin Patch
@module-federation/rspress-plugin Patch
@module-federation/storybook-addon Patch
remote5 Patch
website-new Patch
@module-federation/runtime Patch
@module-federation/rspack Patch
@module-federation/webpack-bundler-runtime Patch
@module-federation/sdk Patch
@module-federation/runtime-tools Patch
@module-federation/managers Patch
@module-federation/manifest Patch
@module-federation/dts-plugin Patch
@module-federation/third-party-dts-extractor Patch
@module-federation/bridge-react Patch
@module-federation/bridge-vue3 Patch
@module-federation/bridge-shared Patch
@module-federation/bridge-react-webpack-plugin Patch
@module-federation/retry-plugin Patch
@module-federation/data-prefetch Patch
@module-federation/error-codes Patch
@module-federation/inject-external-runtime-core-plugin Patch
@module-federation/runtime-core Patch
@module-federation/esbuild Patch
@module-federation/utilities Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@netlify Netlify
Copy link

netlify bot commented Jul 3, 2025
edited
Loading

Deploy Preview for module-federation-docs ready!

Name Link
🔨 Latest commit ceb0e15
🔍 Latest deploy log https://app.netlify.com/projects/module-federation-docs/deploys/686652a1c8b66e0008c3d2fb
😎 Deploy Preview https://deploy-preview-3880--module-federation-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@cjz9032
Copy link

cjz9032 commented Jul 4, 2025

Curious why Dependabot is not introduced to the upgrading process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
change: fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerable esbuild version (<=0.24.2) introduced via @modern-js/node-bundle-require
2 participants
@Julien-Marcou @cjz9032