Skip to content

fix(FEA-1287): bump esbuild 0.27.4->0.28.1 via override#159

Open
clemos wants to merge 1 commit into
mainfrom
fix/FEA-1287-esbuild-0.28.1
Open

fix(FEA-1287): bump esbuild 0.27.4->0.28.1 via override#159
clemos wants to merge 1 commit into
mainfrom
fix/FEA-1287-esbuild-0.28.1

Conversation

@clemos

@clemos clemos commented Jun 15, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Adds esbuild: 0.28.1 npm override in typescript/package.json
  • Fixes GHSA-4824-cvh2-hcq4: esbuild missing binary integrity verification (< 0.28.1)
  • Esbuild was a transitive dep via tsx

Closes FEA-1287

Made with Cursor

Summary by CodeRabbit

  • Chores
    • Updated build dependency management configuration to ensure consistent builds across environments.

@clemos @cursoragent
fix(FEA-1287): bump esbuild 0.27.4->0.28.1 via override (GHSA-4824-cv…
7ff63f6 
…h2-hcq4)

Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d77757db-3d5a-4dc0-9f9d-cedcf5b882e0

📥 Commits

Reviewing files that changed from the base of the PR and between 5b72681 and 7ff63f6.

⛔ Files ignored due to path filters (1)
  • typescript/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • typescript/package.json
📝 Walkthrough

Walkthrough

The typescript/package.json file gains an overrides block that pins the esbuild dependency to version 0.28.1.

esbuild Version Pin

Layer / File(s) Summary
Add esbuild override
typescript/package.json		 Adds an overrides section pinning esbuild to 0.28.1.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A bunny hops in with a version in paw,
"esbuild at 0.28.1, without flaw!"
One override added, so tidy and neat,
No version drift here — the lock is complete.
🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically identifies the main change: bumping esbuild from 0.27.4 to 0.28.1 via npm override in response to a security vulnerability (FEA-1287).
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/FEA-1287-esbuild-0.28.1

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rpiotaix rpiotaix rpiotaix approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@clemos @rpiotaix