Remove esbuild from dependencies

[OEvgeny]

Is it an issue related to Adaptive Cards?

No

Is this an accessibility issue?

No

What version of Web Chat are you using?

Unrelated

Which distribution are you using Web Chat from?

NPM

Which hosting environment does this issue primarily affect?

Web apps

Which browsers and platforms do the issue happened?

Others or unrelated

Which area does this issue affect?

Development experience

Which theme pack does this issue affect?

N/A

What is the public URL for the website?

N/A

Please describe the bug

Follow the log from https://pkg-size.dev/esbuild@latest%20botframework-webchat and verify that aside from the latest esbuild there is an older version (v 0.14.54 at the moment) which gets installed thanks to:

• markdown-it-attrs-es5
• abort-controller-es5
• p-defer-es5

Not only this is an additional dependency, but this also prevents Web Chat from working in environments that don't run postinstall scripts such as WebContainers or bun/deno.

This also causes false-positive reports in various dependency monitoring software saying Web Chat is not secure due to the dependency on the older esbuild versions.

The rest of our packages come pre-bundled.

Do you see any errors in console log?

N/A

How to reproduce the issue?

See https://pkg-size.dev/esbuild@latest%20botframework-webchat as a reproduction:

• wait until packages are installed
• verify multiple esbuild versions are installed

What do you expect?

A single (esbuild@latest) version is installed.

What actually happened?

Instead of only the esbuild@latest being installed, there are multiple esbuild versions, including the very outdated one.

Do you have any screenshots or recordings to repro the issue?

N/A

Adaptive Card JSON

Additional context

No response