[Snyk] Upgrade esbuild from 0.17.18 to 0.17.19 #6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade esbuild from 0.17.18 to 0.17.19. See this package in npm: https://www.npmjs.com/package/esbuild See this project in Snyk: https://app.snyk.io/org/sarvex/project/4019457e-35b6-4311-b461-1fffc4132cab?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Kudos, SonarCloud Quality Gate passed!
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade esbuild from 0.17.18 to 0.17.19.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: esbuild
-
0.17.19 - 2023-05-13
-
/ Original code */
-
Original code
TypeScript
esbuild 0.17.18
esbuild 0.17.19
Sucrase
Babel
Invalid left-hand side in assignment expression
-
// Original code
-
// Original code
-
0.17.18 - 2023-04-22
-
-
from esbuild GitHub release notesFix CSS transform bugs with nested selectors that start with a combinator (#3096)
This release fixes several bugs regarding transforming nested CSS into non-nested CSS for older browsers. The bugs were due to lack of test coverage for nested selectors with more than one compound selector where they all start with the same combinator. Here's what some problematic cases look like before and after these fixes:
.foo {
> &a,
> &b {
color: red;
}
}
.bar {
> &a,
+ &b {
color: green;
}
}
/* Old output (with --target=chrome90) */
.foo :is(> .fooa, > .foob) {
color: red;
}
.bar :is(> .bara, + .barb) {
color: green;
}
/* New output (with --target=chrome90) */
.foo > :is(a.foo, b.foo) {
color: red;
}
.bar > a.bar,
.bar + b.bar {
color: green;
}
Fix bug with TypeScript parsing of instantiation expressions followed by
=(#3111)This release fixes esbuild's TypeScript-to-JavaScript conversion code in the case where a potential instantiation expression is followed immediately by a
=token (such that the trailing>becomes a>=token). Previously esbuild considered that to still be an instantiation expression, but the official TypeScript compiler considered it to be a>=operator instead. This release changes esbuild's interpretation to match TypeScript. This edge case currently appears to be problematic for other TypeScript-to-JavaScript converters as well:x<y>=a<b<c>>()x<y>=a();x=a();x<y>=a();x=a()Avoid removing unrecognized directives from the directive prologue when minifying (#3115)
The directive prologue in JavaScript is a sequence of top-level string expressions that come before your code. The only directives that JavaScript engines currently recognize are
use strictand sometimesuse asm. However, the people behind React have made up their own directive for their own custom dialect of JavaScript. Previously esbuild only preserved theuse strictdirective when minifying, although you could still write React JavaScript with esbuild using something like--banner:js="'your directive here';". With this release, you can now put arbitrary directives in the entry point and esbuild will preserve them in its minified output:'use wtf'; console.log(123)
// Old output (with --minify)
console.log(123);
// New output (with --minify)
"use wtf";console.log(123);
Note that this means esbuild will no longer remove certain stray top-level strings when minifying. This behavior is an intentional change because these stray top-level strings are actually part of the directive prologue, and could potentially have semantics assigned to them (as was the case with React).
Improved minification of binary shift operators
With this release, esbuild's minifier will now evaluate the
<<and>>>operators if the resulting code would be shorter:console.log(10 << 10, 10 << 20, -123 >>> 5, -123 >>> 10);
// Old output (with --minify)
console.log(10<<10,10<<20,-123>>>5,-123>>>10);
// New output (with --minify)
console.log(10240,10<<20,-123>>>5,4194303);
Fix non-default JSON import error with
export {} from(#3070)This release fixes a bug where esbuild incorrectly identified statements of the form
export { default as x } from "y" assert { type: "json" }as a non-default import. The bug did not affect code of the formimport { default as x } from ...(only code that used theexportkeyword).Fix a crash with an invalid subpath import (#3067)
Previously esbuild could crash when attempting to generate a friendly error message for an invalid subpath import (i.e. an import starting with
#). This happened because esbuild originally only supported theexportsfield and the code for that error message was not updated when esbuild later added support for theimportsfield. This crash has been fixed.Commit messages
Package name: esbuild
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs