Attention for Issue: Dependency to deprecated package @esbuild-kit/esm-loader
Given that there are currently vulnerabilities being reported in the terminal when running
npm audit, as well as an advisory that was published here https://github.com/advisories/GHSA-67mh-4wv8-2f99 it is quite odd to notice that this issue has been unnoticed or so it seems by the Drizzle Team. Making me wonder about the current way dependencies and especially vulnerabilities inside these dependencies are being managed.
The issue as mentioned in the title, as well as a pull-request that already addresses the issue can be found here.
Issue: https://github.com/drizzle-team/drizzle-orm/issues/3067
PR: https://github.com/drizzle-team/drizzle-orm/pull/4250
Last time I brought attention to a seemingly unnoticed issue like this it was resolved rather quickly, and I am thankful for that, but I am going to have to ask you again if it is in any way possible to escalate this issue. @AngelelzGitHub
GHSA-67mh-4wv8-2f99 - GitHub Advisory Database
esbuild enables any website to send any requests to the development server and read the response
GitHub
[FEATURE]: Dependency to deprecated package `@esbuild-kit/esm-loade...
Describe what you want @esbuild-kit/esm-loader was recently marked as deprecated. It might be a good time to update the dependencies to this library.
GitHub
[drizzle-kit] remove @esbuild-kit/esm-loader by Kenzo-Wada · Pull ...
closes: #3067
removed deprecated dependency
2 Replies