Skip to content

security(deps): override esbuild to >=0.28.1#117

Merged
qnbs merged 2 commits into
mainfrom
security/esbuild-0.28.1
Jun 13, 2026
Merged

security(deps): override esbuild to >=0.28.1#117
qnbs merged 2 commits into
mainfrom
security/esbuild-0.28.1

Conversation

@qnbs

@qnbs qnbs commented Jun 12, 2026

Copy link
Copy Markdown
Owner

User description

Fixes Dependabot alerts #37 and #38 by adding esbuild override to pnpm-workspace.yaml. All transitive references now resolve to esbuild 0.28.1. Verified lint, typecheck and i18n locally.


CodeAnt-AI Description

Require a fixed esbuild version across the workspace

What Changed

  • The project now uses esbuild 0.28.1 or newer everywhere it is pulled in
  • The lockfile was refreshed so build, Storybook, Vite, testing, and tooling packages all resolve to the fixed esbuild release
  • The dependency note now records the security reason for the esbuild update

Impact

✅ Reduced exposure to esbuild security issues
✅ Safer local and CI builds
✅ Fewer vulnerable dependency alerts

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

Fixes Dependabot alerts:
- GHSA-67mh-4wv8-2f99 (high): missing binary integrity verification
- GHSA-9j49-mf9f-jxg2 (low): arbitrary file read on Windows dev server

Quality gates: lint ✓ typecheck ✓ i18n ✓
@codeant-ai

codeant-ai Bot commented Jun 12, 2026

Copy link
Copy Markdown

CodeAnt AI is reviewing your PR.


Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

@vercel

vercel Bot commented Jun 12, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
storycraft-studio Ready Ready Preview, Comment Jun 13, 2026 12:37am

@codeant-ai codeant-ai Bot added the size:L This PR changes 100-499 lines, ignoring generated files label Jun 12, 2026
@codeant-ai

codeant-ai Bot commented Jun 12, 2026

Copy link
Copy Markdown

CodeAnt AI finished reviewing your PR.

Fixes GHSA-q7cg-457f-vx79 (medium) and deduplicates joi to a single version.
@qnbs
qnbs merged commit ea25eec into main Jun 13, 2026
17 checks passed
@qnbs
qnbs deleted the security/esbuild-0.28.1 branch June 13, 2026 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:L This PR changes 100-499 lines, ignoring generated files

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant