Bump esbuild, drizzle-kit and tsx

[dependabot]

Bumps esbuild to 0.27.1 and updates ancestor dependencies esbuild, drizzle-kit and tsx. These dependencies need to be updated together.

Updates esbuild from 0.18.20 to 0.27.1

Release notes

Sourced from esbuild's releases.

v0.27.1

• Fix bundler bug with var nested inside if (#4348)

  This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

• Fix minifier bug with for inside try inside label (#4351)

  This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

  // Original code
  d: {
    e: {
      try {
        while (1) { break d }
      } catch { break e; }
    }
  }
  // Old output (with --minify)
  a:try{e:for(;;)break a}catch{break e}
  // New output (with --minify)
  a:e:try{for(;;)break a}catch{break e}

• Inline IIFEs containing a single expression (#4354)

  Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

  // Original code
  const foo = () => {
    const cb = () => {
      console.log(x())
    }
    return cb()
  }
  // Old output (with --minify)
  const foo=()=>(()=>{console.log(x())})();
  // New output (with --minify)
  const foo=()=>{console.log(x())};

• The minifier now strips empty finally clauses (#4353)

  This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• 5e0e56d publish 0.27.1 to npm
• 5a89732 fix #4354: improve IIFE inlining for expressions
• b940218 minify: move unused expr simplification later
• c46d498 fix #4353: remove empty try/finally clauses
• 7a72735 fix #4348: bundler bug with var inside if
• 4e4e177 fix #4351: label + try + for minifier bug
• d6427c9 fix: deno release url wrong comment (#4326)
• 48e3e19 calling Symbol.for with a primitive never throws
• 4ff88d0 update decorator-tests.js snapshot
• 1877e60 calling Symbol with a primitive will never throw
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates drizzle-kit from 0.24.2 to 0.31.7

Release notes

Sourced from drizzle-kit's releases.

drizzle-kit@0.31.6

Bug fixes

• [BUG]: Importing drizzle-kit/api fails in ESM modules

drizzle-kit@0.31.5

• Add casing support to studio configuration and related functions

drizzle-kit@0.31.4

• Fixed halfvec, bit and sparsevec type generation bug in drizzle-kit

drizzle-kit@0.31.3

• Internal changes to Studio context. Added databaseName and packageName properties for Studio

drizzle-kit@0.31.2

Bug fixes

• Fixed relations extraction to not interfere with Drizzle Studio.

drizzle-kit@0.31.1

Fixed drizzle-kit pull bugs when using Gel extensions.

Because Gel extensions create schema names containing :: (for example, ext::auth), Drizzle previously handled these names incorrectly. Starting with this release, you can use Gel extensions without any problems. Here’s what you should do:

1. Enable extensions schemas in drizzle.config.ts

import  { defineConfig } from "drizzle-kit";
export default defineConfig({
dialect: 'gel',
schemaFilter: ['ext::auth', 'public']
});

2. Run drizzle-kit pull

3. Done!

drizzle-kit@0.31.0

Features and improvements

Enum DDL improvements

For situations where you drop an enum value or reorder values in an enum, there is no native way to do this in PostgreSQL. To handle these cases, drizzle-kit used to:

• Change the column data types from the enum to text
• Drop the old enum
• Add the new enum
• Change the column data types back to the new enum

... (truncated)

Commits

• 47ba9c8 Merge remote-tracking branch 'origin/main'
• 4e61887 +
• c66862c Merge pull request #5036 from drizzle-team/kit-checks
• 391d33b Merge branch 'main' into kit-checks
• 97f9a45 fix: Update permissions and streamline npm configuration in release workflows
• 0dfed1b Merge pull request #5035 from drizzle-team/kit-checks
• b6a6aac fix: Add environment variables for npm authentication in release workflow
• b9d7199 fix: Fix release-latest
• c314c8d Merge pull request #5034 from drizzle-team/kit-checks
• 64f4c79 +
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for drizzle-kit since your current version.

Updates tsx from 4.19.2 to 4.21.0

Release notes

Sourced from tsx's releases.

v4.21.0

4.21.0 (2025-11-30)

Features

• upgrade esbuild (#748) (048fb62)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.20.6

4.20.6 (2025-09-26)

Bug Fixes

• properly hide relaySignal from process.listeners() (#741) (710a424)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.20.5

4.20.5 (2025-08-24)

Bug Fixes

• handle ambiguous packages (796053a)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.20.4

4.20.4 (2025-08-12)

Bug Fixes

... (truncated)

Commits

• f6284cd ci: lock in semantic-release v24
• 048fb62 feat: upgrade esbuild (#748)
• 710a424 fix: properly hide relaySignal from process.listeners() (#741)
• 20b91c4 docs: make sponsors dynamic
• 08dcd59 chore: move vercel settings to root
• e6d1a47 docs: obfuscate aside classname
• de2719d style: remove unused variable
• 13f2954 chore: upgrade docs deps
• 0504525 chore: upgrade manten
• 132fdd8 test: assert require.cache
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.