Skip to content

chore: dev audit moderates -- esbuild, undici (wrangler), next Image Optimizer #383

@jithinraj

Description

@jithinraj

Context

After v0.10.12 release, the remaining audit findings are all dev-only in surfaces/ (private, non-published):

Severity Package Via Surface
moderate esbuild 0.17.19 wrangler surfaces/workers/cloudflare
moderate undici 5.29.0 wrangler > miniflare surfaces/workers/cloudflare
moderate next 15.5.12 (Image Optimizer DoS) direct surfaces/nextjs/middleware

These are all transitive dev dependencies in private surface packages. No production impact.

Action

  • Monitor Dependabot for upstream patches
  • esbuild and undici fixes depend on wrangler updating its bundled miniflare/esbuild
  • next Image Optimizer DoS is low-risk for a middleware-only package (no Image Optimizer usage)

Acceptance Criteria

  • All moderate findings resolved or explicitly accepted with rationale
  • pnpm audit returns only low or accepted findings

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesPull requests that update a dependency file

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions