chore: update esbuild

[asanehisa]

For this vuln, have esbuild be 0.28.1 everywhere.

Additionally removed some dependencies that weren't used in packages/visual-editor and moved others only used in dev to devDependencies.

And aligned all the nodes to "node": "^20.6.0 || ^22 || ^24" (already was done in other package.json files)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f3e835e2-5ab7-4c6a-bd6e-3a263f1666dc

📥 Commits

Reviewing files that changed from the base of the PR and between 03c53af and 1c8d79c.

⛔ Files ignored due to path filters (5)

• packages/visual-editor/src/components/testing/screenshots/PhotoGallerySection/[desktop] version 59 with showSectionHeading false.png is excluded by !**/*.png, !packages/visual-editor/src/components/testing/screenshots/**
• packages/visual-editor/src/components/testing/screenshots/VideoSection/[desktop] version 28 props with constant heading text and video.png is excluded by !**/*.png, !packages/visual-editor/src/components/testing/screenshots/**
• packages/visual-editor/src/components/testing/screenshots/VideoSection/[mobile] version 28 props with constant heading text and video.png is excluded by !**/*.png, !packages/visual-editor/src/components/testing/screenshots/**
• packages/visual-editor/src/components/testing/screenshots/VideoSection/[tablet] version 28 props with constant heading text and video.png is excluded by !**/*.png, !packages/visual-editor/src/components/testing/screenshots/**
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• package.json
• packages/visual-editor/THIRD-PARTY-NOTICES
• packages/visual-editor/package.json
• packages/visual-editor/vite.config.ts
• starter/package.json

💤 Files with no reviewable changes (1)

• packages/visual-editor/THIRD-PARTY-NOTICES

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/visual-editor/package.json

---

Walkthrough

This PR updates dependencies across the monorepo with structural changes to the visual-editor package. Root package.json updates @types/node to ^20.0.0 and tsx to ^4.22.4, while adding an esbuild 0.28.1 override to pnpm.overrides. Starter package.json also receives an @types/node update to ^20.0.0. In packages/visual-editor, dependencies are restructured: tsx moves from dependencies to devDependencies, the engines.node range is expanded to ^20.6.0 || ^22 || ^24, and minimist and semver are removed from dev dependencies. Microsoft API documentation packages (@microsoft/api-documenter, @microsoft/api-extractor, @microsoft/api-extractor-model) are updated to newer releases. The Vite configuration adds explicit es2022 transpilation targets for both dependency pre-bundling and library builds. License notices are regenerated to reflect the updated bundled dependency versions.

Suggested reviewers

• mkilpatrick
• briantstephan
• benlife5

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: update esbuild' accurately reflects the main objective of the PR, which is updating esbuild to version 0.28.1 to address a vulnerability. While other changes are included, the esbuild update is the primary focus.
Description check	✅ Passed	The description clearly explains the PR's purposes: addressing a vulnerability by updating esbuild, removing unused dependencies, and aligning Node.js version constraints. It is directly related to all aspects of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch vuln

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/visual-editor/package.json`:
- Line 98: Move the tsx dependency from the dependencies section to the
devDependencies section in packages/visual-editor/package.json. The tsx entry
with version ^4.22.4 is currently listed as a production dependency but should
only be listed as a development dependency since it is only used for development
scripting and tooling, not for runtime execution.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 87462486-d9f4-4588-ae9c-4590e816e844

📥 Commits

Reviewing files that changed from the base of the PR and between 196f5e1 and 03c53af.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• package.json
• packages/visual-editor/THIRD-PARTY-NOTICES
• packages/visual-editor/package.json
• packages/visual-editor/vite.config.ts
• starter/package.json