-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update non-major #1326
base: main
Are you sure you want to change the base?
Conversation
35a2299
to
c8e4144
Compare
0327aab
to
d2058d5
Compare
2008946
to
4767efd
Compare
b559434
to
848f540
Compare
609c1f2
to
fe82eda
Compare
75b3d8b
to
3e3fb2a
Compare
642770d
to
1184494
Compare
5986111
to
1941a39
Compare
5bb45be
to
4ff6576
Compare
1280b36
to
3aed00c
Compare
6afce21
to
354239c
Compare
7ee231a
to
1a84e16
Compare
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is a potential typo squat?Package name is similar to other popular packages and may not be the package you want. Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
26f759b
to
d493305
Compare
d493305
to
2cdc444
Compare
2cdc444
to
dabcdda
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
This PR contains the following updates:
^7.23.0
->^7.23.9
^7.23.0
->^7.23.9
^7.22.15
->^7.23.9
^7.22.20
->^7.23.9
^7.22.15
->^7.23.7
^4.1.4
->^4.1.6
1bad3ab
->a94899b
^0.19.4
->^0.19.12
^8.50.0
->^8.56.0
^9.0.0
->^9.1.0
^2.28.1
->^2.29.1
^27.4.0
->^27.6.3
^0.9.0
->^0.9.1
^3.0.3
->^3.2.4
^2.4.6
->^2.4.9
Release Notes
babel/babel (@babel/cli)
v7.23.9
Compare Source
🐛 Bug Fix
babel-helper-transform-fixture-test-runner
,babel-plugin-transform-function-name
,babel-plugin-transform-modules-systemjs
,babel-preset-env
systemjs
re-traverses helpers (@liuxingbaoyu)babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
babel-plugin-proposal-decorators
,babel-plugin-transform-async-generator-functions
,babel-plugin-transform-runtime
,babel-preset-env
core-js@3
imports (@nicolo-ribaudo)babel-traverse
getTypeAnnotation
when using TS+inference (@liuxingbaoyu)no-use-before-define
for class ref in fields (@nicolo-ribaudo)🏠 Internal
babel-core
,babel-parser
,babel-template
eslint-parser
to cts (@liuxingbaoyu)babel-types
@babel/types
props that are not produced by the parser (@liuxingbaoyu)🏃♀️ Performance
babel-parser
🔬 Output optimization
babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
,babel-plugin-proposal-destructuring-private
,babel-plugin-proposal-pipeline-operator
,babel-plugin-transform-class-properties
,babel-plugin-transform-class-static-block
,babel-plugin-transform-new-target
,babel-plugin-transform-parameters
,babel-plugin-transform-private-methods
,babel-preset-env
babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
using
(@liuxingbaoyu)v7.23.4
Compare Source
🐛 Bug Fix
babel-generator
sanity-io/semantic-release-preset (@sanity/semantic-release-preset)
v4.1.6
Compare Source
Bug Fixes
v4.1.5
Compare Source
Bug Fixes
evanw/esbuild (esbuild)
v0.19.12
Compare Source
The "preserve" JSX mode now preserves JSX text verbatim (#3605)
The JSX specification deliberately doesn't specify how JSX text is supposed to be interpreted and there is no canonical way to interpret JSX text. Two most popular interpretations are Babel and TypeScript. Yes they are different (esbuild deliberately follows TypeScript by the way).
Previously esbuild normalized text to the TypeScript interpretation when the "preserve" JSX mode is active. However, "preserve" should arguably reproduce the original JSX text verbatim so that whatever JSX transform runs after esbuild is free to interpret it however it wants. So with this release, esbuild will now pass JSX text through unmodified:
Allow JSX elements as JSX attribute values
JSX has an obscure feature where you can use JSX elements in attribute position without surrounding them with
{...}
. It looks like this:I think I originally didn't implement it even though it's part of the JSX specification because it previously didn't work in TypeScript (and potentially also in Babel?). However, support for it was silently added in TypeScript 4.8 without me noticing and Babel has also since fixed their bugs regarding this feature. So I'm adding it to esbuild too now that I know it's widely supported.
Keep in mind that there is some ongoing discussion about removing this feature from JSX. I agree that the syntax seems out of place (it does away with the elegance of "JSX is basically just XML with
{...}
escapes" for something arguably harder to read, which doesn't seem like a good trade-off), but it's in the specification and TypeScript and Babel both implement it so I'm going to have esbuild implement it too. However, I reserve the right to remove it from esbuild if it's ever removed from the specification in the future. So use it with caution.Fix a bug with TypeScript type parsing (#3574)
This release fixes a bug with esbuild's TypeScript parser where a conditional type containing a union type that ends with an infer type that ends with a constraint could fail to parse. This was caused by the "don't parse a conditional type" flag not getting passed through the union type parser. Here's an example of valid TypeScript code that previously failed to parse correctly:
v0.19.11
Compare Source
Fix TypeScript-specific class transform edge case (#3559)
The previous release introduced an optimization that avoided transforming
super()
in the class constructor for TypeScript code compiled withuseDefineForClassFields
set tofalse
if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are#private
instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call tosuper()
(sincesuper()
is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:Minifier: allow reording a primitive past a side-effect (#3568)
The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:
Minifier: consider properties named using known
Symbol
instances to be side-effect free (#3561)Many things in JavaScript can have side effects including property accesses and ToString operations, so using a symbol such as
Symbol.iterator
as a computed property name is not obviously side-effect free. This release adds a special case for knownSymbol
instances so that they are considered side-effect free when used as property names. For example, this class declaration will now be considered side-effect free:Provide the
stop()
API in node to exit esbuild's child process (#3558)You can now call
stop()
in esbuild's node API to exit esbuild's child process to reclaim the resources used. It only makes sense to do this for a long-lived node process when you know you will no longer be making any more esbuild API calls. It is not necessary to call this to allow node to exit, and it's advantageous to not call this in between calls to esbuild's API as sharing a single long-lived esbuild child process is more efficient than re-creating a new esbuild child process for every API call. This API call used to exist but was removed in version 0.9.0. This release adds it back due to a user request.v0.19.10
Compare Source
Fix glob imports in TypeScript files (#3319)
This release fixes a problem where bundling a TypeScript file containing a glob import could emit a call to a helper function that doesn't exist. The problem happened because esbuild's TypeScript transformation removes unused imports (which is required for correctness, as they may be type-only imports) and esbuild's glob import transformation wasn't correctly marking the imported helper function as used. This wasn't caught earlier because most of esbuild's glob import tests were written in JavaScript, not in TypeScript.
Fix
require()
glob imports with bundling disabled (#3546)Previously
require()
calls containing glob imports were incorrectly transformed when bundling was disabled. All glob imports should only be transformed when bundling is enabled. This bug has been fixed.Fix a panic when transforming optional chaining with
define
(#3551, #3554)This release fixes a case where esbuild could crash with a panic, which was triggered by using
define
to replace an expression containing an optional chain. Here is an example:This fix was contributed by @hi-ogawa.
Work around a bug in node's CommonJS export name detector (#3544)
The export names of a CommonJS module are dynamically-determined at run time because CommonJS exports are properties on a mutable object. But the export names of an ES module are statically-determined at module instantiation time by using
import
andexport
syntax and cannot be changed at run time.When you import a CommonJS module into an ES module in node, node scans over the source code to attempt to detect the set of export names that the CommonJS module will end up using. That statically-determined set of names is used as the set of names that the ES module is allowed to import at module instantiation time. However, this scan appears to have bugs (or at least, can cause false positives) because it doesn't appear to do any scope analysis. Node will incorrectly consider the module to export something even if the assignment is done to a local variable instead of to the module-level
exports
object. For example:You can see that node incorrectly thinks the file
confuseNode.js
has an export callednotAnExport
when that file is loaded in an ES module context:To avoid this, esbuild will now rename local variables that use the names
exports
andmodule
when generating CommonJS output for thenode
platform.Fix the return value of esbuild's
super()
shim (#3538)Some people write
constructor
methods that use the return value ofsuper()
instead of usingthis
. This isn't too common because TypeScript doesn't let you do that but it can come up when writing JavaScript. Previously esbuild's class lowering transform incorrectly transformed the return value ofsuper()
intoundefined
. With this release, the return value ofsuper()
will now bethis
instead:Terminate the Go GC when esbuild's
stop()
API is called (#3552)If you use esbuild with WebAssembly and pass the
worker: false
flag toesbuild.initialize()
, then esbuild will run the WebAssembly module on the main thread. If you do this within a Deno test and that test callsesbuild.stop()
to clean up esbuild's resources, Deno may complain that asetTimeout()
call lasted past the end of the test. This happens when the Go is in the middle of a garbage collection pass and has scheduled additional ongoing garbage collection work. Normally callingesbuild.stop()
will terminate the web worker that the WebAssembly module runs in, which will terminate the Go GC, but that doesn't happen if you disable the web worker withworker: false
.With this release, esbuild will now attempt to terminate the Go GC in this edge case by calling
clearTimeout()
on these pending timeouts.Apply
/* @​__NO_SIDE_EFFECTS__ */
on tagged template literals (#3511)Tagged template literals that reference functions annotated with a
@__NO_SIDE_EFFECTS__
comment are now able to be removed via tree-shaking if the result is unused. This is a convention from Rollup. Here is an example:Note that this feature currently only works within a single file, so it's not especially useful. This feature does not yet work across separate files. I still recommend using
@__PURE__
annotations instead of this feature, as they have wider tooling support. The drawback of course is that@__PURE__
annotations need to be added at each call site, not at the declaration, and for non-call expressions such as template literals you need to wrap the expression in an IIFE (immediately-invoked function expression) to create a call expression to apply the@__PURE__
annotation to.Publish builds for IBM AIX PowerPC 64-bit (#3549)
This release publishes a binary executable to npm for IBM AIX PowerPC 64-bit, which means that in theory esbuild can now be installed in that environment with
npm install esbuild
. This hasn't actually been tested yet. If you have access to such a system, it would be helpful to confirm whether or not doing this actually works.v0.19.9
Compare Source
Add support for transforming new CSS gradient syntax for older browsers
The specification called CSS Images Module Level 4 introduces new CSS gradient syntax for customizing how the browser interpolates colors in between color stops. You can now control the color space that the interpolation happens in as well as (for "polar" color spaces) control whether hue angle interpolation happens clockwise or counterclockwise. You can read more about this in Mozilla's blog post about new CSS gradient features.
With this release, esbuild will now automatically transform this syntax for older browsers in the
target
list. For example, here's a gradient that should appear as a rainbow in a browser that supports this new syntax:You can now use this syntax in your CSS source code and esbuild will automatically convert it to an equivalent gradient for older browsers. In addition, esbuild will now also transform "double position" and "transition hint" syntax for older browsers as appropriate:
You can see visual examples of these new syntax features by looking at esbuild's gradient transformation tests.
If necessary, esbuild will construct a new gradient that approximates the original gradient by recursively splitting the interval in between color stops until the approximation error is within a small threshold. That is why the above output CSS contains many more color stops than the input CSS.
Note that esbuild deliberately replaces the original gradient with the approximation instead of inserting the approximation before the original gradient as a fallback. The latest version of Firefox has multiple gradient rendering bugs (including incorrect interpolation of partially-transparent colors and interpolating non-sRGB colors using the incorrect color space). If esbuild didn't replace the original gradient, then Firefox would use the original gradient instead of the fallback the appearance would be incorrect in Firefox. In other words, the latest version of Firefox supports modern gradient syntax but interprets it incorrectly.
Add support for
color()
,lab()
,lch()
,oklab()
,oklch()
, andhwb()
in CSSCSS has recently added lots of new ways of specifying colors. You can read more about this in Chrome's blog post about CSS color spaces.
This release adds support for minifying colors that use the
color()
,lab()
,lch()
,oklab()
,oklch()
, orhwb()
syntax and/or transforming these colors for browsers that don't support it yet:As you can see, colors outside of the sRGB color space such as
color(display-p3 1 0 0)
are mapped back into the sRGB gamut and inserted as a fallback for browsers that don't support the new color syntax.Allow empty type parameter lists in certain cases (#3512)
TypeScript allows interface declarations and type aliases to have empty type parameter lists. Previously esbuild didn't handle this edge case but with this release, esbuild will now parse this syntax:
This fix was contributed by @magic-akari.
v0.19.8
Compare Source
Add a treemap chart to esbuild's bundle analyzer (#2848)
The bundler analyzer on esbuild's website (https://esbuild.github.io/analyze/) now has a treemap chart type in addition to the two existing chart types (sunburst and flame). This should be more familiar for people coming from other similar tools, as well as make better use of large screens.
Allow decorators after the
export
keyword (#104)Previously esbuild's decorator parser followed the original behavior of TypeScript's experimental decorators feature, which only allowed decorators to come before the
export
keyword. However, the upcoming JavaScript decorators feature also allows decorators to come after theexport
keyword. And with TypeScript 5.0, TypeScript now also allows experimental decorators to come after theexport
keyword too. So esbuild now allows this as well:In addition, esbuild's decorator parser has been rewritten to fix several subtle and likely unimportant edge cases with esbuild's parsing of exports and decorators in TypeScript (e.g. TypeScript apparently does automatic semicolon insertion after
interface
andexport interface
but not afterexport default interface
).Pretty-print decorators using the same whitespace as the original
When printing code containing decorators, esbuild will now try to respect whether the original code contained newlines after the decorator or not. This can make generated code containing many decorators much more compact to read:
v0.19.7
Compare Source
Add support for bundling code that uses import attributes (#3384)
JavaScript is gaining new syntax for associating a map of string key-value pairs with individual ESM imports. The proposal is still a work in progress and is still undergoing significant changes before being finalized. However, the first iteration has already been shipping in Chromium-based browsers for a while, and the second iteration has landed in V8 and is now shipping in node, so it makes sense for esbuild to support it. Here are the two major iterations of this proposal (so far):
Import assertions (deprecated, will not be standardized)
assert
keywordImport attributes (currently set to become standardized)
with
keywordYou can already use esbuild to bundle code that uses import assertions (the first iteration). However, this feature is mostly useless for bundlers because import assertions are not allowed to affect module resolution. It's basically only useful as an annotation on external imports, which esbuild will then preserve in the output for use in a browser (which would otherwise refuse to load certain imports).
With this release, esbuild now supports bundling code that uses import attributes (the second iteration). This is much more useful for bundlers because they are allowed to affect module resolution, which means the key-value pairs can be provided to plugins. Here's an example, which uses esbuild's built-in support for the upcoming JSON module standard:
One important consequence of the change in semantics between import assertions and import attributes is that two imports with identical paths but different import attributes are now considered to be different modules. This is because the import attributes are provided to the loader, which might then use those attributes during loading. For example, you could imagine an image loader that produces an image of a different size depending on the import attributes.
Import attributes are now reported in the metafile and are now provided to on-load plugins as a map in the
with
property. For example, here's an esbuild plugin that turns all imports with atype
import attribute equal to'cheese'
into a module that exports the cheese emoji:Warning: It's possible that the second iteration of this feature may change significantly again even though it's already shipping in real JavaScript VMs (since it has already happened once before). In that case, esbuild may end up adjusting its implementation to match the eventual standard behavior. So keep in mind that by using this, you are using an unstable upcoming JavaScript feature that may undergo breaking changes in the future.
Adjust TypeScript experimental decorator behavior (#3230, #3326, #3394)
With this release, esbuild will now allow TypeScript experimental decorators to access both static class properties and
#private
class names. For example:This will now print
true true pass
when compiled by esbuild. Previously esbuild evaluated TypeScript decorators outside of the class body, so it didn't allow decorators to accessFoo
or#foo
. Now esbuild does something different, although it's hard to concisely explain exactly what esbuild is doing now (see the background section below for more information).Note that TypeScript's experimental decorator support is currently buggy: TypeScript's compiler passes this test if only the first
@check
is present or if only the second@check
is present, but TypeScript's compiler fails this test if both checks are present together. I haven't changed esbuild to match TypeScript's behavior exactly here because I'm waiting for TypeScript to fix these bugs instead.Some background: TypeScript experimental decorators don't have consistent semantics regarding the context that the decorators are evaluated in. For example, TypeScript will let you use
await
within a decorator, which implies that the decorator runs outside the class body (sinceawait
isn't supported inside a class body), but TypeScript will also let you use#private
names, which implies that the decorator runs inside the class body (since#private
names are only supported inside a class body). The value ofthis
in a decorator is also buggy (the run-time value ofthis
changes if any decorator in the class uses a#private
name but the type ofthis
doesn't change, leading to the type checker no longer matching reality). These inconsistent semantics make it hard for esbuild to implement this feature as decorator evaluation happens in some superposition of both inside and outside the class body that is particular to the internal implementation details of the TypeScript compiler.Forbid
--keep-names
when targeting old browsers (#3477)The
--keep-names
setting needs to be able to assign to thename
property on functions and classes. However, before ES6 this property was non-configurable, and attempting to assign to it would throw an error. So with this release, esbuild will no longer allow you to enable this setting while also targeting a really old browser.v0.19.6
Compare Source
Fix a constant folding bug with bigint equality
This release fixes a bug where esbuild incorrectly checked for bigint equality by checking the equality of the bigint literal text. This is correct if the bigint doesn't have a radix because bigint literals without a radix are always in canonical form (since leading zeros are not allowed). However, this is incorrect if the bigint has a radix (e.g.
0x123n
) because the canonical form is not enforced when a radix is present.Add some improvements to the JavaScript minifier
This release adds more cases to the JavaScript minifier, including support for inlining
String.fromCharCode
andString.prototype.charCodeAt
when possible:In addition, immediately-invoked function expressions (IIFEs) that return a single expression are now inlined when minifying. This makes it possible to use IIFEs in combination with
@__PURE__
annotations to annotate arbitrary expressions as side-effect free without the IIFE wrapper impacting code size. For example:Automatically prefix the
mask-composite
CSS property for WebKit (#3493)The
mask-composite
property will now be prefixed as-webkit-mask-composite
for older WebKit-based browsers. In addition to prefixing the property name, handling older browsers also requires rewriting the values since WebKit uses non-standard names for the mask composite modes:Avoid referencing
this
from JSX elements in derived class constructors (#3454)When you enable
--jsx=automatic
and--jsx-dev
, the JSX transform is supposed to insertthis
as the last argument to thejsxDEV
function. I'm not sure exactly why this is and I can't find any specification for it, but in any case this causes the generated code to crash when you use a JSX element in a derived class constructor before the call tosuper()
asthis
is not allowed to be accessed at that point. For exampleThe TypeScript compiler doesn't handle this at all while the Babel compiler just omits
this
for the entire constructor (even after the call tosuper()
). There seems to be no specification so I can't be sure that this change doesn't break anything important. But given that Babel is pretty loose with this and TypeScript doesn't handle this at all, I'm guessing this value isn't too important. React's blog post seems to indicate that this value was intended to be used for a React-specific migration warning at some point, so it could even be that this value is irrelevant now. Anyway the crash in this case should now be fixed.Allow package subpath imports to map to node built-ins (#3485)
You are now able to use a subpath import in your package to resolve to a node built-in module. For example, with a
package.json
file like this:You can now import from node's
stream
module like this:This will import from node's
stream
module when the platform isnode
and from./stub.js
otherwise.No longer throw an error when a
Symbol
is missing (#3453)Certain JavaScript syntax features use special properties on the global
Symbol
object. For example, the asynchronous iteration syntax usesSymbol.asyncIterator
. Previously esbuild's generated code for older browsers required this symbol to be polyfilled. However, starting with this release esbuild will useSymbol.for()
to construct these symbols if they are missing instead of throwing an error about a missing polyfill. This means your code no longer needs to include a polyfill for missing symbols as long as your code also usesSymbol.for()
for missing symbols.Parse upcoming changes to TypeScript syntax (#3490, #3491)
With this release, you can now use
from
as the name of a default type-only import in TypeScript code, as well asof
as the name of anawait using
loop iteration variable:This matches similar changes in the TypeScript compiler (#56376 and #55555) which will start allowing this syntax in an upcoming version of TypeScript. Please never actually write code like this.
The type-only import syntax change was contributed by @magic-akari.
v0.19.5
Compare Source
Fix a regression in 0.19.0 regarding
paths
intsconfig.json
(#3354)The fix in esbuild version 0.19.0 to process
tsconfig.json
aliases before the--packages=external
setting unintentionally broke an edge case in esbuild's handling of certaintsconfig.json
aliases where there are multiple files with the same name in different directories. This release adjusts esbuild's behavior for this edge case so that it passes while still processing aliases before--packages=external
. Please read the linked issue for more details.Fix a CSS
font
property minification bug (#3452)This release fixes a bug where esbuild's CSS minifier didn't insert a space between the font size and the font family in the
font
CSS shorthand property in the edge case where the original source code didn't already have a space and the leading string token was shortened to an identifier:Fix bundling CSS with asset names containing spaces (#3410)
Assets referenced via CSS
url()
tokens may cause esbuild to generate invalid output when bundling if the file name contains spaces (e.g.url(image 2.png)
). With this release, esbuild will now quote all bundled asset references inurl()
tokens to avoid this problem. This only affects assets loaded using thefile
andcopy
loaders.Fix invalid CSS
url()
tokens in@import
rules (#3426)In the future, CSS
url()
tokens may contain additional stuff after the URL. This is irrelevant today as no CSS specification does this. But esbuild previously had a bug where using these tokens in an@import
rule resulted in malformed output. This bug has been fixed.Fix
browser
+false
+type: module
inpackage.json
(#3367)The
browser
field inpackage.json
allows you to map a file tofalse
to have itConfiguration
📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here