fix(deps): resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99)

## Problem

Dependabot alert #17: esbuild <= 0.24.2 enables any website to send requests to the development server and read responses due to `Access-Control-Allow-Origin: *` header on all requests including SSE.

- **Advisory:** GHSA-67mh-4wv8-2f99
- **Package:** esbuild (transitive via vite <- vitepress)
- **Vulnerable:** <= 0.24.2
- **Fix:** >= 0.25.0
- **Scope:** development dependency

## Solution

Add yarn resolution to force `esbuild@>=0.25.0`. Resolved to 0.27.2.

VitePress 1.6.4 uses vite@^5.4.14 which requires esbuild@^0.21.3, but esbuild 0.25+ is API-compatible and works without issues.

## Verification

- `yarn build` — OK
- `npx vitepress build` — OK
- `yarn test` — 3746 tests passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99) #151

Problem

Solution

Verification

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

fix(deps): resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99) #151

Description

Problem

Solution

Verification

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions