Skip to content

fix(@angular/build): update esbuild to 0.28.0#33004

Merged
dgp1130 merged 1 commit intoangular:20.3.xfrom
dgp1130:esbuild-bump-v20
Apr 14, 2026
Merged

fix(@angular/build): update esbuild to 0.28.0#33004
dgp1130 merged 1 commit intoangular:20.3.xfrom
dgp1130:esbuild-bump-v20

Conversation

@dgp1130
Copy link
Copy Markdown
Collaborator

@dgp1130 dgp1130 commented Apr 14, 2026

This addresses some security vulnerabilities.

Refs #32975

@dgp1130
fix(@angular/build): update esbuild to 0.28.0
39cd08d 
This addresses some security vulnerabilities.
@dgp1130 dgp1130 requested a review from clydin April 14, 2026 21:25
@dgp1130 dgp1130 added action: review The PR is still awaiting reviews from at least one requested reviewer target: lts This PR is targeting a version currently in long-term support area: @angular/build labels Apr 14, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates esbuild and esbuild-wasm to version 0.28.0 across several packages and the root package.json. While the primary dependencies have been bumped, the lockfile reveals that older versions (0.25.9 and 0.27.7) persist in the dependency graph. It is recommended to unify these versions, possibly using pnpm.overrides, to ensure that security vulnerabilities are fully addressed throughout the workspace.

Comment thread package.json
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Apr 14, 2026
@alan-agius4 alan-agius4 linked an issue Apr 14, 2026 that may be closed by this pull request
CVE-2025-68121 @angular/build@20 uses a vulnerable version of "esbuild" - "0.25.9" #32975
Closed
@dgp1130 dgp1130 merged commit 10c09c7 into angular:20.3.x Apr 14, 2026
59 of 61 checks passed
@dgp1130
Copy link
Copy Markdown
Collaborator Author

dgp1130 commented Apr 14, 2026

This PR was merged into the repository. The changes were merged into the following branches:

@dgp1130 dgp1130 deleted the esbuild-bump-v20 branch April 14, 2026 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clydin clydin clydin approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: @angular/build target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2025-68121 @angular/build@20 uses a vulnerable version of "esbuild" - "0.25.9"

3 participants

@dgp1130 @clydin @alan-agius4