Skip to content

fix: resolve GHSA-gv7w-rqvm-qjhr in esbuild#586

Merged
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/ghsa-gv7w-rqvm-qjhr-main
Jun 17, 2026
Merged

fix: resolve GHSA-gv7w-rqvm-qjhr in esbuild#586
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/ghsa-gv7w-rqvm-qjhr-main

Conversation

@benoitf

@benoitf benoitf commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

What does this PR do?

Fix high severity vulnerability GHSA-gv7w-rqvm-qjhr in esbuild.

Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
Vulnerable versions: >=0.17.0 <0.28.1
Patched versions: >=0.28.1
Advisory URL: GHSA-gv7w-rqvm-qjhr

Screenshot / video of UI

N/A - dependency update only.

What issues does this PR fix or reference?

Fixes GHSA-gv7w-rqvm-qjhr: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY

How to test this PR?

Run pnpm audit and verify GHSA-gv7w-rqvm-qjhr is no longer reported

Upgrade esbuild to satisfy >=0.28.1
Advisory: GHSA-gv7w-rqvm-qjhr

Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf merged commit 4086c28 into redhat-developer:main Jun 17, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants