Pin esbuild to patched version / 固定 esbuild 到安全版本

[SivanCola]

Summary

• Pin transitive esbuild resolution to 0.28.1 with npm/pnpm overrides for the site, crash report worker, and desktop frontend.
• Refresh npm and pnpm lockfiles so Dependabot resolves the patched esbuild release.
• Keep Astro, Wrangler, and Vite versions unchanged to avoid a broader framework upgrade while upstream dependency ranges catch up.

Related PRs

• build(deps): bump esbuild and vite in /desktop/frontend #4234 and build(deps-dev): bump vite from 6.4.3 to 8.0.16 in /desktop/frontend #3693 cover desktop/frontend Vite major-version bumps only. This PR keeps the blast radius smaller and also covers site and workers/crash-report.

Verification

• npm audit --json in site, workers/crash-report, and desktop/frontend
• pnpm audit --audit-level low in desktop/frontend
• npm run build in site
• npm run typecheck in workers/crash-report
• wails generate module followed by npm run build in desktop/frontend
• npm test in desktop/frontend

[SivanCola]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Can't wait for the next one!

Reviewed commit: 047411dedc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".