Skip to content

[Snyk] Upgrade esbuild from 0.18.20 to 0.19.5#3

Open
patooworld wants to merge 1 commit intomasterfrom
snyk-upgrade-595d9c7a11462c9c8f22fbed0413841f
Open

[Snyk] Upgrade esbuild from 0.18.20 to 0.19.5#3
patooworld wants to merge 1 commit intomasterfrom
snyk-upgrade-595d9c7a11462c9c8f22fbed0413841f

Conversation

@patooworld
Copy link
Owner

@patooworld patooworld commented Nov 20, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade esbuild from 0.18.20 to 0.19.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 6 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-10-17.
Release notes
Package name: esbuild
  • 0.19.5 - 2023-10-17

    • Fix a regression in 0.19.0 regarding paths in tsconfig.json (#3354)

      The fix in esbuild version 0.19.0 to process tsconfig.json aliases before the --packages=external setting unintentionally broke an edge case in esbuild's handling of certain tsconfig.json aliases where there are multiple files with the same name in different directories. This release adjusts esbuild's behavior for this edge case so that it passes while still processing aliases before --packages=external. Please read the linked issue for more details.

    • Fix a CSS font property minification bug (#3452)

      This release fixes a bug where esbuild's CSS minifier didn't insert a space between the font size and the font family in the font CSS shorthand property in the edge case where the original source code didn't already have a space and the leading string token was shortened to an identifier:

      / Original code */
      .foo { font: 16px"Menlo"; }

      /* Old output (with --minify) */
      .foo{font:16pxMenlo}

      /* New output (with --minify) */
      .foo{font:16px Menlo}

    • Fix bundling CSS with asset names containing spaces (#3410)

      Assets referenced via CSS url() tokens may cause esbuild to generate invalid output when bundling if the file name contains spaces (e.g. url(image 2.png)). With this release, esbuild will now quote all bundled asset references in url() tokens to avoid this problem. This only affects assets loaded using the file and copy loaders.

    • Fix invalid CSS url() tokens in @ import rules (#3426)

      In the future, CSS url() tokens may contain additional stuff after the URL. This is irrelevant today as no CSS specification does this. But esbuild previously had a bug where using these tokens in an @ import rule resulted in malformed output. This bug has been fixed.

    • Fix browser + false + type: module in package.json (#3367)

      The browser field in package.json allows you to map a file to false to have it be treated as an empty file when bundling for the browser. However, if package.json contains "type": "module" then all .js files will be considered ESM, not CommonJS. Importing a named import from an empty CommonJS file gives you undefined, but importing a named export from an empty ESM file is a build error. This release changes esbuild's interpretation of these files mapped to false in this situation from ESM to CommonJS to avoid generating build errors for named imports.

    • Fix a bug in top-level await error reporting (#3400)

      Using require() on a file that contains top-level await is not allowed because require() must return synchronously and top-level await makes that impossible. You will get a build error if you try to bundle code that does this with esbuild. This release fixes a bug in esbuild's error reporting code for complex cases of this situation involving multiple levels of imports to get to the module containing the top-level await.

    • Update to Unicode 15.1.0

      The character tables that determine which characters form valid JavaScript identifiers have been updated from Unicode version 15.0.0 to the newly-released Unicode version 15.1.0. I'm not putting an example in the release notes because all of the new characters will likely just show up as little squares since fonts haven't been updated yet. But you can read https://www.unicode.org/versions/Unicode15.1.0/#Summary for more information about the changes.

      This upgrade was contributed by @ JLHwung.

  • 0.19.4 - 2023-09-28

    • Fix printing of JavaScript decorators in tricky cases (#3396)

      This release fixes some bugs where esbuild's pretty-printing of JavaScript decorators could incorrectly produced code with a syntax error. The problem happened because esbuild sometimes substitutes identifiers for other expressions in the pretty-printer itself, but the decision about whether to wrap the expression or not didn't account for this. Here are some examples:

      // Original code
      import { constant } from './constants.js'
      import { imported } from 'external'
      import { undef } from './empty.js'
      class Foo {
      @constant()
      @imported()
      @undef()
      foo
      }

      // Old output (with --bundle --format=cjs --packages=external --minify-syntax)
      var import_external = require("external");
      var Foo = class {
      @123()
      @(0, import_external.imported)()
      @(void 0)()
      foo;
      };

      // New output (with --bundle --format=cjs --packages=external --minify-syntax)
      var import_external = require("external");
      var Foo = class {
      @(123())
      @((0, import_external.imported)())
      @((void 0)())
      foo;
      };

    • Allow pre-release versions to be passed to target (#3388)

      People want to be able to pass version numbers for unreleased versions of node (which have extra stuff after the version numbers) to esbuild's target setting and have esbuild do something reasonable with them. These version strings are of course not present in esbuild's internal feature compatibility table because an unreleased version has not been released yet (by definition). With this release, esbuild will now attempt to accept these version strings passed to target and do something reasonable with them.

  • 0.19.3 - 2023-09-14
    Read more
  • 0.19.2 - 2023-08-14

    • Update how CSS nesting is parsed again

      CSS nesting syntax has been changed again, and esbuild has been updated to match. Type selectors may now be used with CSS nesting:

      .foo {
  div {
    color: red;
  }
}

      Previously this was disallowed in the CSS specification because it's ambiguous whether an identifier is a declaration or a nested rule starting with a type selector without requiring unbounded lookahead in the parser. It has now been allowed because the CSS working group has decided that requiring unbounded lookahead is acceptable after all.

      Note that this change means esbuild no longer considers any existing browser to support CSS nesting since none of the existing browsers support this new syntax. CSS nesting will now always be transformed when targeting a browser. This situation will change in the future as browsers add support for this new syntax.

    • Fix a scope-related bug with --drop-labels= (#3311)

      The recently-released --drop-labels= feature previously had a bug where esbuild's internal scope stack wasn't being restored properly when a statement with a label was dropped. This could manifest as a tree-shaking issue, although it's possible that this could have also been causing other subtle problems too. The bug has been fixed in this release.

    • Make renamed CSS names unique across entry points (#3295)

      Previously esbuild's generated names for local names in CSS were only unique within a given entry point (or across all entry points when code splitting was enabled). That meant that building multiple entry points with esbuild could result in local names being renamed to the same identifier even when those entry points were built simultaneously within a single esbuild API call. This problem was especially likely to happen with minification enabled. With this release, esbuild will now avoid renaming local names from two separate entry points to the same name if those entry points were built with a single esbuild API call, even when code splitting is disabled.

    • Fix CSS ordering bug with @ layer before @ import

      CSS lets you put @ layer rules before @ import rules to define the order of layers in a stylesheet. Previously esbuild's CSS bundler incorrectly ordered these after the imported files because before the introduction of cascade layers to CSS, imported files could be bundled by removing the @ import rules and then joining files together in the right order. But with @ layer, CSS files may now need to be split apart into multiple pieces in the bundle. For example:

      / Original code */
      @ layer start;
      @ import "data:text/css,@ layer inner.start;";
      @ import "data:text/css,@ layer inner.end;";
      @ layer end;

      /* Old output (with --bundle) */
      @ layer inner.start;
      @ layer inner.end;
      @ layer start;
      @ layer end;

      /* New output (with --bundle) */
      @ layer start;
      @ layer inner.start;
      @ layer inner.end;
      @ layer end;

    • Unwrap nested duplicate @ media rules (#3226)

      With this release, esbuild's CSS minifier will now automatically unwrap duplicate nested @ media rules:

      / Original code */
      @ media (min-width: 1024px) {
      .foo { color: red }
      @ media (min-width: 1024px) {
      .bar { color: blue }
      }
      }

      /* Old output (with --minify) */
      @ media (min-width: 1024px){.foo{color:red}@ media (min-width: 1024px){.bar{color:#00f}}}

      /* New output (with --minify) */
      @ media (min-width: 1024px){.foo{color:red}.bar{color:#00f}}

      These rules are unlikely to be authored manually but may result from using frameworks such as Tailwind to generate CSS.

  • 0.19.1 - 2023-08-11
    Read more
  • 0.19.0 - 2023-08-08
    Read more
  • 0.18.20 - 2023-08-08

    • Support advanced CSS @ import rules (#953, #3137)

      CSS @ import statements have been extended to allow additional trailing tokens after the import path. These tokens sort of make the imported file behave as if it were wrapped in a @ layer, @ supports, and/or @ media rule. Here are some examples:

      @ import url(foo.css);
@ import url(foo.css) layer;
@ import url(foo.css) layer(bar);
@ import url(foo.css) layer(bar) supports(display: flex);
@ import url(foo.css) layer(bar) supports(display: flex) print;
@ import url(foo.css) layer(bar) print;
@ import url(foo.css) supports(display: flex);
@ import url(foo.css) supports(display: flex) print;
@ import url(foo.css) print;

      You can read more about this advanced syntax here. With this release, esbuild will now bundle @ import rules with these trailing tokens and will wrap the imported files in the corresponding rules. Note that this now means a given imported file can potentially appear in multiple places in the bundle. However, esbuild will still only load it once (e.g. on-load plugins will only run once per file, not once per import).

from esbuild GitHub release notes
Commit messages
Package name: esbuild

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow adapters to pass in platform specific context Fail prerendering if a page is shadowed by an endpoint

2 participants

@patooworld @snyk-bot