Skip to content

Bump esbuild to ^0.28.1 (GHSA-gv7w-rqvm-qjhr)#197

Merged
zalo merged 1 commit into
masterfrom
fix/esbuild-GHSA-gv7w-rqvm-qjhr
Jun 16, 2026
Merged

Bump esbuild to ^0.28.1 (GHSA-gv7w-rqvm-qjhr)#197
zalo merged 1 commit into
masterfrom
fix/esbuild-GHSA-gv7w-rqvm-qjhr

Conversation

@zalo

@zalo zalo commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Bumps esbuild to ^0.28.1 to resolve GHSA-gv7w-rqvm-qjhr (High, CVSS 8.1) — missing binary integrity verification in the Deno module enables RCE via NPM_CONFIG_REGISTRY. Affected range >=0.17.0 <0.28.1, patched in 0.28.1.

Lockfile regenerated and npm run build verified passing.

🤖 Generated with Claude Code

Fixes the High-severity advisory "Missing binary integrity
verification in Deno module enables RCE via NPM_CONFIG_REGISTRY".
Affected range >=0.17.0 <0.28.1; patched in 0.28.1.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@vercel

vercel Bot commented Jun 16, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cascade-studio Ready Ready Preview, Comment Jun 16, 2026 5:05pm

@zalo zalo merged commit 4fabeeb into master Jun 16, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant