Skip to content

fix(deps): resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99)#152

Merged
polaz merged 1 commit intomainfrom
fix/#151-esbuild-cors-vulnerability
Jan 23, 2026
Merged

fix(deps): resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99)#152
polaz merged 1 commit intomainfrom
fix/#151-esbuild-cors-vulnerability

Conversation

@polaz
Copy link
Copy Markdown
Member

@polaz polaz commented Jan 23, 2026

Summary

Verification

  • yarn build — OK
  • npx vitepress build — OK (2.11s)
  • yarn test — 3746 tests passed

Test plan

  • Main TypeScript build passes
  • VitePress docs build passes
  • All 123 test suites pass (3746 tests)
  • Dependabot alert auto-closes after merge

Closes #151

@polaz
fix(deps): resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99)
3508df0 
Add yarn resolution to force esbuild>=0.25.0, fixing the development
server CORS vulnerability that allowed cross-origin reads.

Closes #151
Copilot AI review requested due to automatic review settings January 23, 2026 20:06
@codecov
Copy link
Copy Markdown

codecov bot commented Jan 23, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 23, 2026

Test Coverage Report

Overall Coverage: 93.2%

Metric Percentage
Statements 92.72%
Branches 84.33%
Functions 82.57%
Lines 93.2%

View detailed coverage report

@polaz polaz merged commit b1e0c3a into main Jan 23, 2026
22 checks passed
@polaz polaz deleted the fix/#151-esbuild-cors-vulnerability branch January 23, 2026 20:14
sw-release-bot bot pushed a commit that referenced this pull request Jan 23, 2026
@semantic-release-bot
chore(release): 6.33.1 [skip ci]
b0b5308 
## [6.33.1](v6.33.0...v6.33.1) (2026-01-23)

### Bug Fixes

* **deps:** resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99) ([#152](#152)) ([b1e0c3a](b1e0c3a)), closes [#151](#151)
@sw-release-bot
Copy link
Copy Markdown

sw-release-bot bot commented Jan 23, 2026

🎉 This PR is included in version 6.33.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@polaz polaz review requested due to automatic review settings March 23, 2026 23:07
@sw-release-bot sw-release-bot bot mentioned this pull request Mar 29, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(deps): resolve esbuild CORS vulnerability (GHSA-67mh-4wv8-2f99)

1 participant

@polaz