René's URL Explorer Experiment


Title: chore(deps-dev): bump esbuild and tsx by dependabot[bot] · Pull Request #174 · lessweb/deepcode-cli · GitHub

Open Graph Title: chore(deps-dev): bump esbuild and tsx by dependabot[bot] · Pull Request #174 · lessweb/deepcode-cli

X Title: chore(deps-dev): bump esbuild and tsx by dependabot[bot] · Pull Request #174 · lessweb/deepcode-cli

Description: Bumps esbuild and tsx. These dependencies needed to be updated together. Updates esbuild from 0.28.0 to 0.28.1 Release notes Sourced from esbuild's releases. v0.28.1 Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr) This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed. Thanks to @​dellalibera for reporting this issue. Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr) The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content. Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content. Thanks to @​sondt99 for reporting this issue. Avoid inlining using and await using declarations (#4482) Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example: // Original code { using x = new Resource() x.activate() } // Old output (with --minify) new Resource().activate(); // New output (with --minify) {using e=new Resource;e.activate()} Fix module evaluation when an error is thrown (#4461, #4467) If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation. Fix some edge cases around the new operator (#4477) Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code: // Original code new (foo()`bar`)() new (foo()?.bar)() // Old output new foo()bar(); new (foo())?.bar(); ... (truncated) Changelog Sourced from esbuild's changelog. 0.28.1 Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr) This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed. Thanks to @​dellalibera for reporting this issue. Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr) The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content. Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content. Thanks to @​sondt99 for reporting this issue. Avoid inlining using and await using declarations (#4482) Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example: // Original code { using x = new Resource() x.activate() } // Old output (with --minify) new Resource().activate(); // New output (with --minify) {using e=new Resource;e.activate()} Fix module evaluation when an error is thrown (#4461, #4467) If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation. Fix some edge cases around the new operator (#4477) Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code: // Original code new (foo()`bar`)() new (foo()?.bar)() // Old output new foo()bar(); new (foo())?.bar(); ... (truncated) Commits bb9db84 publish 0.28.1 to npm 9ff053e security: add integrity checks to the Deno API 0a9bf21 enforce non-negative size in gzip parser e2a1a71 security: forbid \\ in local dev server requests 83a2cbf fix #4482: don't inline using declarations 308ad74 fix #4471: renaming of nested var declarations f013f5f fix some typos aafd6e4 chore: fix some minor issues in comments (#4462) 15300c3 follow up: cjs evaluation fixes 1bda0c3 fix #4461, fix #4467: esm evaluation fixes Additional commits viewable in compare view Updates tsx from 4.21.0 to 4.22.4 Release notes Sourced from tsx's releases. v4.22.4 4.22.4 (2026-05-31) Bug Fixes resolve CommonJS directory requires inside dependencies (#803) (1ce8463) This release is also available on: npm package (@​latest dist-tag) v4.22.3 4.22.3 (2026-05-19) Bug Fixes decode typed loader source (dce02fc) preserve entrypoint with TypeScript preload hooks (68f72f3) This release is also available on: npm package (@​latest dist-tag) v4.22.2 4.22.2 (2026-05-18) Bug Fixes preserve CJS JSON require in ESM hooks (35b700b) preserve named exports from CommonJS TypeScript (11de737) support module.exports require(esm) interop (cf8f199) This release is also available on: npm package (@​latest dist-tag) v4.22.1 4.22.1 (2026-05-17) Bug Fixes resolve tsconfig path aliases containing a colon (#780) (6979f28) This release is also available on: npm package (@​latest dist-tag) ... (truncated) Commits 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803) dce02fc fix: decode typed loader source 68f72f3 fix: preserve entrypoint with TypeScript preload hooks 69455cf test: cover package exports for ambiguous ESM reexports 35b700b fix: preserve CJS JSON require in ESM hooks ef807db chore: update testing dependencies 3917090 test: document compatibility test taxonomy de8113f refactor: centralize Node capability facts c1f62db test: consolidate tsconfig path edge coverage 4e08174 test: consolidate loader hook coverage Additional commits viewable in compare view Maintainer changes This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version. Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot show ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Open Graph Description: Bumps esbuild and tsx. These dependencies needed to be updated together. Updates esbuild from 0.28.0 to 0.28.1 Release notes Sourced from esbuild's releases. v0.28.1 Disallow \ in local dev...

X Description: Bumps esbuild and tsx. These dependencies needed to be updated together. Updates esbuild from 0.28.0 to 0.28.1 Release notes Sourced from esbuild's releases. v0.28.1 Disallow \ in local...

Opengraph URL: https://github.com/lessweb/deepcode-cli/pull/174

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:d8dae43d-5afb-0182-a02a-b478706a9456
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idE130:38FD49:C6EBF0:10C89E4:6A4D56D0
html-safe-nonce70d47f11c0c4a8c5f5d7eec2f56befd5275946952c200319bf86e71eb23bf970
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFMTMwOjM4RkQ0OTpDNkVCRjA6MTBDODlFNDo2QTRENTZEMCIsInZpc2l0b3JfaWQiOiI4NTEwMTg5NzIxMjUwMjU2NTkyIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmac8c13124539973bb6a6d7a69e5eb200ae41bdd80c72a96975aed31d9878051085
hovercard-subject-tagpull_request:3858252912
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/lessweb/deepcode-cli/pull/174/files
twitter:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
og:image:altBumps esbuild and tsx. These dependencies needed to be updated together. Updates esbuild from 0.28.0 to 0.28.1 Release notes Sourced from esbuild's releases. v0.28.1 Disallow \ in local dev...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None2a1443ff9733a3016431263ea73c93d8fe00c195eb4a7670ac30e7848f045441
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/lessweb/deepcode-cli git https://github.com/lessweb/deepcode-cli.git
octolytics-dimension-user_id118287711
octolytics-dimension-user_loginlessweb
octolytics-dimension-repository_id1223512305
octolytics-dimension-repository_nwolessweb/deepcode-cli
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id1223512305
octolytics-dimension-repository_network_root_nwolessweb/deepcode-cli
turbo-body-classeslogged-out env-production page-responsive
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releasef3bdd3157ea1f0fd738d408eceeead721acf1dc3
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/lessweb/deepcode-cli/pull/174/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Flessweb%2Fdeepcode-cli%2Fpull%2F174%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Flessweb%2Fdeepcode-cli%2Fpull%2F174%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=lessweb%2Fdeepcode-cli
Reloadhttps://github.com/lessweb/deepcode-cli/pull/174/files
Reloadhttps://github.com/lessweb/deepcode-cli/pull/174/files
Reloadhttps://github.com/lessweb/deepcode-cli/pull/174/files
Please reload this pagehttps://github.com/lessweb/deepcode-cli/pull/174/files
lessweb https://github.com/lessweb
deepcode-clihttps://github.com/lessweb/deepcode-cli
Notifications https://github.com/login?return_to=%2Flessweb%2Fdeepcode-cli
Fork 151 https://github.com/login?return_to=%2Flessweb%2Fdeepcode-cli
Star 1.7k https://github.com/login?return_to=%2Flessweb%2Fdeepcode-cli
Code https://github.com/lessweb/deepcode-cli
Issues 43 https://github.com/lessweb/deepcode-cli/issues
Pull requests 22 https://github.com/lessweb/deepcode-cli/pulls
Actions https://github.com/lessweb/deepcode-cli/actions
Projects https://github.com/lessweb/deepcode-cli/projects
Security and quality 0 https://github.com/lessweb/deepcode-cli/security
Insights https://github.com/lessweb/deepcode-cli/pulse
Code https://github.com/lessweb/deepcode-cli
Issues https://github.com/lessweb/deepcode-cli/issues
Pull requests https://github.com/lessweb/deepcode-cli/pulls
Actions https://github.com/lessweb/deepcode-cli/actions
Projects https://github.com/lessweb/deepcode-cli/projects
Security and quality https://github.com/lessweb/deepcode-cli/security
Insights https://github.com/lessweb/deepcode-cli/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Flessweb%2Fdeepcode-cli%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Flessweb%2Fdeepcode-cli%2Fissues%2Fnew%2Fchoose
qorzjhttps://github.com/qorzj
mainhttps://github.com/lessweb/deepcode-cli/tree/main
dependabot/npm_and_yarn/multi-c08e63791chttps://github.com/lessweb/deepcode-cli/tree/dependabot/npm_and_yarn/multi-c08e63791c
Conversation 0 https://github.com/lessweb/deepcode-cli/pull/174
Commits 1 https://github.com/lessweb/deepcode-cli/pull/174/commits
Checks 18 https://github.com/lessweb/deepcode-cli/pull/174/checks
Files changed https://github.com/lessweb/deepcode-cli/pull/174/files
Please reload this pagehttps://github.com/lessweb/deepcode-cli/pull/174/files
chore(deps-dev): bump esbuild and tsx https://github.com/lessweb/deepcode-cli/pull/174/files#top
Show all changes 1 commit https://github.com/lessweb/deepcode-cli/pull/174/files
1d5f6f3 chore(deps-dev): bump esbuild and tsx dependabot[bot] Jun 13, 2026 https://github.com/lessweb/deepcode-cli/pull/174/commits/1d5f6f36c8d775ab1fcb1247c49198aa542a9c11
Clear filters https://github.com/lessweb/deepcode-cli/pull/174/files
Please reload this pagehttps://github.com/lessweb/deepcode-cli/pull/174/files
Please reload this pagehttps://github.com/lessweb/deepcode-cli/pull/174/files
Please reload this pagehttps://github.com/lessweb/deepcode-cli/pull/174/files
Please reload this pagehttps://github.com/lessweb/deepcode-cli/pull/174/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.