Skip to content

Upgrade build dependencies#27

Merged
aneshlya merged 6 commits intoispc:mainfrom
azwolski:fix-esbuild-bump
Apr 7, 2026
Merged

Upgrade build dependencies#27
aneshlya merged 6 commits intoispc:mainfrom
azwolski:fix-esbuild-bump

Conversation

@azwolski
Copy link
Copy Markdown
Collaborator

@azwolski azwolski commented Apr 1, 2026
edited
Loading

Upgrade build dependencies and GitHub Actions toolkit packages to their latest versions.
#23 #25

dependabot bot and others added 5 commits December 22, 2025 10:15
@dependabot
Bump esbuild from 0.25.4 to 0.27.2
7362988 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.25.4 to 0.27.2.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.25.4...v0.27.2)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.27.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@azwolski
Rebuild main.cjs with esbuild 0.27.2
0d3358b
@azwolski
update package.json
3549725
@azwolski
Upgrade @actions packages to ESM versions and fix vulnerabilities
ddc1208
@azwolski
Update build artifact after @actions package upgrades
3ce216e
@azwolski azwolski changed the title Fix esbuild bump Upgrade build dependencies Apr 1, 2026
@azwolski @claude
Exclude build directory from CodeQL scanning
a915225 
The CodeQL security alert about SHA-1 usage is a false positive.
The flagged code is in the bundled undici WebSocket implementation,
which uses SHA-1 as required by RFC 6455 for Sec-WebSocket-Accept
header calculation. This is protocol compliance, not a security issue.

Since build/ contains generated/bundled code that should not be
analyzed for security issues, exclude it from CodeQL scanning.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@azwolski azwolski marked this pull request as ready for review April 7, 2026 09:20
aneshlya
aneshlya approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@aneshlya aneshlya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@aneshlya aneshlya merged commit 77c92c3 into ispc:main Apr 7, 2026
9 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aneshlya aneshlya aneshlya approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@azwolski @aneshlya