fix(deps): override esbuild to 0.28.1 to resolve vulnerability

[utkarsh232005]

This PR overrides the transitive dependency esbuild to 0.28.1 to resolve the vulnerability where missing binary integrity verification in the Deno module enables remote code execution via NPM_CONFIG_REGISTRY. All tests pass successfully.

Summary by CodeRabbit

• Chores
  • Updated dependency version constraints to ensure consistent build tool versioning.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (2)

Validation error: Invalid input: expected string, received undefined at "reviews.path_instructions[3].path"; Invalid input: expected string, received undefined at "reviews.path_instructions[3].instructions"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: a060e125-5338-442b-809c-77a4f6043be4

📥 Commits

Reviewing files that changed from the base of the PR and between efcadd5 and eff8415.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

---

📝 Walkthrough

Walkthrough

This PR adds an overrides section to package.json that pins the esbuild dependency to version 0.28.1. This ensures a specific esbuild version is used regardless of transitive dependency version ranges.

Changes

Dependency Configuration

Layer / File(s)	Summary
esbuild version override package.json	An overrides block pins esbuild to 0.28.1 to enforce a specific version across the dependency tree.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A rabbit pins esbuild tight,
No version wars, just right!
0.28.1 locked in place,
Dependencies fall in line with grace. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: overriding esbuild to a specific version to resolve a vulnerability. It is concise, clear, and directly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codescene-delta-analysis]

No application code in the PR — skipped Code Health checks.

See analysis details in CodeScene

Quality Gate Profile: The Bare Minimum
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!