Dependabot cannot update esbuild to a non-vulnerable version

[rdeavila]

Hello!

I didn't use any issue template since this is not a but nor a feature request 😃

I have this Dependabot alert on my repo, but he can't do any change since esbuild can't be updated to the mentioned version. I saw a PR #4558 which do this upgrade, but it was closed.

There's something I can do? Or just ignore this alert?

https://github.com/rdeavila/rda.run/security/dependabot/17

Dependabot cannot update esbuild to a non-vulnerable version
The latest possible version that can be installed is 0.21.5 because of the following conflicting dependencies:

vitepress@1.6.3 requires esbuild@^0.21.3 via vite@5.4.14
No patched version available for esbuild
The earliest fixed version is 0.25.0.

[brc-dd]

You can discard that vulnerability report. VitePress and Vite don't use the impacted functionality of esbuild. vitejs/vite#19412, vitejs/vite#19428