Files
codex/package.json
T
pakrym-oai 7ce84e64d8 [codex] Update esbuild to 0.28.1 (#29489)
## Why

The TypeScript workspace resolved `esbuild` 0.25.10 transitively through
the SDK toolchain. `esbuild` 0.28.1 adds integrity verification to the
Deno binary download path addressed by
[GHSA-gv7w-rqvm-qjhr](https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr),
preventing an attacker-controlled npm registry from supplying an
executable without a content check.

## What changed

- Add a root workspace resolution for `esbuild` 0.28.1.
- Regenerate `pnpm-lock.yaml` so `tsup`, `bundle-require`, and `ts-jest`
all resolve the patched version.

## Validation

- Frozen pnpm install, including the SDK's `tsup` build
- `pnpm --filter @openai/codex-sdk exec jest tests/exec.test.ts
--runInBand`
- Confirmed the installed dependency graph contains only `esbuild`
0.28.1
2026-06-22 16:00:56 -07:00

38 lines
1.2 KiB
JSON

{
"name": "codex-monorepo",
"private": true,
"description": "Tools for repo-wide maintenance.",
"scripts": {
"format": "prettier --check *.json *.md docs/*.md .github/workflows/*.yml **/*.js",
"format:fix": "prettier --write *.json *.md docs/*.md .github/workflows/*.yml **/*.js",
"write-hooks-schema": "cargo run --manifest-path ./codex-rs/Cargo.toml -p codex-hooks --bin write_hooks_schema_fixtures"
},
"devDependencies": {
"prettier": "^3.5.3"
},
"resolutions": {
"@modelcontextprotocol/sdk": "1.26.0",
"braces": "^3.0.3",
"esbuild": "0.28.1",
"flatted": "3.4.2",
"glob@10.4.5": "10.5.0",
"handlebars": "4.7.9",
"micromatch": "^4.0.8",
"minimatch@3.1.2": "3.1.4",
"minimatch@9.0.5": "9.0.7",
"path-to-regexp": "8.4.0",
"picomatch@2.3.1": "2.3.2",
"picomatch@4.0.3": "4.0.4",
"rollup": "4.59.0",
"semver": "^7.7.1"
},
"overrides": {
"punycode": "^2.3.1"
},
"engines": {
"node": ">=22",
"pnpm": ">=10.33.0"
},
"packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319"
}