Skip to content

Security warning: esbuild #2006

New issue
New issue
Open
Open
Security warning: esbuild#2006
@zachbogart

Description

@zachbogart
zachbogart
opened on Jul 13, 2025

I'm getting a security warning from Dependabot via esbuild. Looks like Framework uses esbuild and there is a dependency in Framework that may be patched with a recent update.

The latest possible version that can be installed is 0.20.2 because of the following conflicting dependencies:

@observablehq/[email protected] requires esbuild@^0.20.1
@observablehq/[email protected] requires esbuild@~0.23.0 via [email protected]
No patched version available for esbuild
The earliest fixed version is 0.25.0.

Transitive dependency esbuild 0.20.2 is introduced via
@observablehq/framework 1.13.2 esbuild 0.20.2

Could this be updated internally?

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions