Update dependency terser to v5.37.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
terser (source)	5.10.0 -> 5.37.0

---

Release Notes

terser/terser (terser)

v5.37.0

Compare Source

• Reserved object properties from chrome extensions (domprops)
• Fix semicolon insertion between a class property without a semicolon a and a computed class property ["prop"]

v5.36.0

Compare Source

• Support import attributes with syntax

v5.35.0

Compare Source

• Ensure parent directory exists when using --output on CLI (#​1530)

v5.34.1

Compare Source

• bump the rollup devDependency to disable CVE warnings (Terser was not affected)

v5.34.0

Compare Source

• internal: stop assigning properties to objects they don't belong in
• internal: run compress tests in parallel
• drop_console: emit an empty function if the return value of console.METHOD(...) may be called.

v5.33.0

Compare Source

• reduce_vars improved when dealing with hoisted function definitions (#​1544)

v5.32.0

Compare Source

• import("module") can now be input and output from ESTree AST (#​1557)
• BigInt literals can now be input and output from ESTree AST (#​1555)
• typeof an object or array (typeof {} and typeof []) can now be statically evaluated. (#​1546)

v5.31.6

Compare Source

• Retain side effects in a case when the expression is a sequence (comma) expression

v5.31.5

Compare Source

• Revert v5.31.4, which created mysterious issues #​1548, #​1549

v5.31.4

Compare Source

• drop_unused: drop classes which only have side effects in the extends part

v5.31.3

Compare Source

• drop_unused: drop unused parameters from IIFEs in some more situations.

v5.31.2

Compare Source

• drop_unused: scan variables in self-referential class declarations that contain side effects.
• Don't add parens to arrow function when it's the default for an argument (#​1540)
• Update domprops (#​1538)

v5.31.1

Compare Source

• Allow drop-unused to drop the whole assignment (not just the assigned name) in more situations, in order to avoid duplication of long strings.

v5.31.0

Compare Source

• Sync up property mangler exceptions with current contents of Firefox and Chrome environments
• Add more webcomponent properties to property mangler exceptions (#​1525)
• Drop non-nullish constants in ...spreads in objects (#​1141)

v5.30.4

Compare Source

• Fix parsing #private in ... when next to other operators

v5.30.3

Compare Source

• Fix precedence of #private in ... operator

v5.30.2

Compare Source

• Avoid optimizations inside computed keys, because they can cause js-engine-specific bugs.

v5.30.1

Compare Source

• Removed useless \ escapes for non-ascii characters
• Make modern identifier characters quoted for older environments (#​1512)

v5.30.0

Compare Source

• Improve removal of classes referring to themselves

v5.29.2

Compare Source

• Make sure 'computed_props' creates string keys
• Take into account the evaluated size when inlining

v5.29.1

Compare Source

• fix optimisation of all-bits mask check

v5.29.0

Compare Source

• Re-releases previously reverted 5.28.0
• Fix crash while optimizing some bitwise ops
• (internal) Remove needless wrapper for from_moz (#​1499)

v5.28.1

Compare Source

(hotfix release)

• Reverts v5.28.0

v5.28.0

Compare Source

• Optimise redundant or shrinkable bitwise operations (|, ^, &, >>, <<)
• Evaluate some BigInt math operations

v5.27.2

Compare Source

• Recognise this as a reference to the surrounding class in drop_unused. Closes #​1472

v5.27.1

Compare Source

• Fixed case where collapse_vars inlines await expressions into non-async functions.

v5.27.0

Compare Source

• Created minify_sync() alternative to minify() since there's no async code left.

v5.26.0

Compare Source

• Do not take the /*#__PURE__*/ annotation into account when the side_effects compress option is off.
• The preserve_annotations option now automatically opts annotation comments in, instead of requiring the comments option to be configured for this.
• Refuse to parse empty parenthesized expressions (())

v5.25.0

Compare Source

• Regex properties added to reserved property mangler (#​1471)
• pure_new option added to drop unused new expressions.

v5.24.0

Compare Source

• Improve formatting performance in V8 by keeping a small work string and a large output string

v5.23.0

Compare Source

• When top_retain will keep a variable assignment around, inline the assignee when it's shorter than the name (#​1434)
• Remove empty class static {} blocks.

v5.22.0

Compare Source

• Do not unsafely shorten expressions like a?.toString() when they're conditional.
• Avoid running drop_unused in nodes that aren't scopes. Fixes a rare crash.
• When 'module' is enabled, assume strict mode when figuring out scopes.

v5.21.0

Compare Source

• Do not inline functions that would be retained in the toplevel (as this would cause code duplication).
• Fix precedence of arrow function and ternary operator when formatting output.

v5.20.0

Compare Source

• Passing minify() zero files will now throw a clean exception (#​1450)
• drop_console supports passing in an array of console.* method names (#​1445)
• New DOM properties from the WebGPU API have been added for use in the property mangler (#​1436)
• Internal code simplification (#​1437)

v5.19.4

Compare Source

• Prevent creating very deeply nested ternaries from a long list of if..return
• Prevent inlining classes into other functions, to avoid constructors being compared.

v5.19.3

Compare Source

• Fix side effect detection of optional?.chains.
• Add roundRect to domprops.js (#​1426)

v5.19.2

Compare Source

• fix performance hit from avoiding HTML comments in the output

v5.19.1

Compare Source

• Better avoid outputting </script> and HTML comments.
• Fix unused variables in class static blocks not being dropped correctly.
• Fix sourcemap names of methods that are async or static

v5.19.0

Compare Source

• Allow /*@​__MANGLE_PROP__*/ annotation in object.property, in addition to property declarations.

v5.18.2

Compare Source

• Stop using recursion in hoisted defuns fix.

v5.18.1

Compare Source

• Fix major performance issue caused by hoisted defuns' scopes bugfix.

v5.18.0

Compare Source

• Add new /*@​__MANGLE_PROP__*/ annotation, to mark properties that should be mangled.

v5.17.7

Compare Source

• Update some dependencies
• Add consistent sorting for v RegExp flag
• Add inert DOM attribute to domprops

v5.17.6

Compare Source

• Fixes to mozilla AST input and output, for class properties, private properties and static blocks
• Fix outputting a shorthand property in quotes when safari10 and ecma=2015 options are enabled
• configurable and enumerable, used in Object.defineProperty, added to domprops (#​1393)

v5.17.5

Compare Source

• Take into account the non-deferred bits of a class, such as static properties, while dropping unused code.

v5.17.4

Compare Source

• Fix crash when trying to negate a class (!class{})
• Avoid outputting comments between yield/await and its argument
• Fix detection of left-hand-side of assignment, to avoid optimizing it like any other expression in some edge cases

v5.17.3

Compare Source

• Fix issue with trimming a static class property's contents accessing the class as this.

v5.17.2

Compare Source

• Be less conservative when detecting use-before-definition of var in hoisted functions.
• Support unusual (but perfectly valid) initializers of for-in and for-of loops.
• Fix issue where hoisted function would be dropped if it was after a continue statement

v5.17.1

Compare Source

• Fix evaluating .length when the source array might've been mutated

v5.17.0

Compare Source

• Drop vestigial = undefined default argument in IIFE calls (#​1366)
• Evaluate known arrays' .length property when statically determinable
• Add @__KEY__ annotation to mangle string literals (#​1365)

v5.16.9

Compare Source

• Fix parentheses in output of optional chains (a?.b) (#​1374)
• More documentation on source maps (#​1368)
• New lhs_constants option, allowing to stop Terser from swapping comparison operands (#​1361)

v5.16.8

Compare Source

• Become even less conservative around function definitions for reduce_vars
• Fix parsing context of import.meta expressions such that method calls are allowed

v5.16.6

Compare Source

• Become less conservative with analyzing function definitions for reduce_vars
• Parse import.meta as a real AST node and not an object.property

v5.16.5

Compare Source

• Correctly handle AST transform functions that mutate children arrays
• Don't mutate the options object passed to Terser (#​1342)
• Do not treat BigInt like a number

v5.16.4

Compare Source

• Keep (defaultArg = undefined) => ..., because default args don't count for function length
• Prevent inlining variables into ?. optional chains
• Avoid removing unused arguments while transforming
• Optimize iterating AST node lists
• Make sure catch and finally aren't children of try in the AST
• Use modern unicode property escapes (\p{...}) to parse identifiers when available

v5.16.3

Compare Source

• Ensure function definitions, don't assume the values of variables defined after them.

v5.16.2

Compare Source

• Fix sourcemaps with non-ascii characters (#​1318)
• Support string module name and export * as (#​1336)
• Do not move let out of for initializers, as it can change scoping
• Fix a corner case that would generate the invalid syntax if (something) let x ("let" in braceless if body)
• Knowledge of more native object properties (#​1330)
• Got rid of Travis (#​1323)
• Added semi-secret asObject sourcemap option to typescript defs (#​1321)

v5.16.1

Compare Source

• Properly handle references in destructurings (const { [reference]: val } = ...)
• Allow parsing of .#privatefield in nested classes
• Do not evaluate operations that return large strings if that would make the output code larger
• Make collapse_vars handle block scope correctly
• Internal improvements: Typos (#​1311), more tests, small-scale refactoring

v5.16.0

Compare Source

• Disallow private fields in object bodies (#​1011)
• Parse #privatefield in object (#​1279)
• Compress #privatefield in object

v5.15.1

Compare Source

• Fixed missing parentheses around optional chains
• Avoid bare let or const as the bodies of if statements (#​1253)
• Small internal fixes (#​1271)
• Avoid inlining a class twice and creating two equivalent but !== classes.

v5.15.0

Compare Source

• Basic support for ES2022 class static initializer blocks.
• Add AudioWorkletNode constructor options to domprops list (#​1230)
• Make identity function inliner not inline id(...expandedArgs)

v5.14.2

Compare Source

• Security fix for RegExps that should not be evaluated (regexp DDOS)
• Source maps improvements (#​1211)
• Performance improvements in long property access evaluation (#​1213)

v5.14.1

Compare Source

• keep_numbers option added to TypeScript defs (#​1208)
• Fixed parsing of nested template strings (#​1204)

v5.14.0

Compare Source

• Switched to @​jridgewell/source-map for sourcemap generation (#​1190, #​1181)
• Fixed source maps with non-terminated segments (#​1106)
• Enabled typescript types to be imported from the package (#​1194)
• Extra DOM props have been added (#​1191)
• Delete the AST while generating code, as a means to save RAM

v5.13.1

Compare Source

• Removed self-assignments (varname=varname) (closes #​1081)
• Separated inlining code (for inlining things into references, or removing IIFEs)
• Allow multiple identifiers with the same name in var destructuring (eg var { a, a } = x) (#​1176)

v5.13.0

Compare Source

• All calls to eval() were removed (#​1171, #​1184)
• source-map was updated to 0.8.0-beta.0 (#​1164)
• NavigatorUAData was added to domprops to avoid property mangling (#​1166)

v5.12.1

Compare Source

• Fixed an issue with function definitions inside blocks (#​1155)
• Fixed parens of new in some situations (closes #​1159)

v5.12.0

Compare Source

• TERSER_DEBUG_DIR environment variable
• @​copyright comments are now preserved with the comments="some" option (#​1153)

v5.11.0

Compare Source

• Unicode code point escapes (\u{abcde}) are not emitted inside RegExp literals anymore (#​1147)
• acorn is now a regular dependency

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[socket-security]

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: npm/terser@5.10.0

View full report↗︎

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The recent updates involve upgrading the terser package in the package.json file from version 5.10.0 to 5.31.6. This change enhances JavaScript minification capabilities, likely introducing performance improvements, bug fixes, and new features beneficial to the overall project. The upgrade reflects a commitment to optimizing project dependencies and ensuring that the most recent enhancements are utilized.

Changes

Files	Change Summary
package.json	Updated terser version from 5.10.0 to 5.31.6.

Poem

🐇 In the garden, changes bloom,
Terser’s magic clears the gloom.
From five-ten to five-thirty-six,
Our code now glimmers, what a fix!
With every line, a leap so spry,
Let’s hop along, oh my, oh my! 🌼✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 5fda122 and 9b8ec12.

Files selected for processing (1)

• package.json (1 hunks)

Additional comments not posted (1)

package.json (1)

66-66: Verify the compatibility of the updated terser package version.

The terser package version has been updated from 5.10.0 to 5.31.4. Ensure that the new version does not introduce any breaking changes or issues with the existing codebase.

Verification successful

---

The compatibility of the updated terser package version has been verified.

The options -c, --compress, -m, --mangle, and --source-map used in the build script are still valid and supported in the latest version of terser. Therefore, the update from version 5.10.0 to 5.31.4 should not introduce any breaking changes related to these options.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the compatibility of the updated `terser` package version.

# Test: Run the build script to ensure that the new `terser` version works as expected.
# Expect: The build should complete successfully without errors.

pnpm run build

Length of output: 88

---

Script:

#!/bin/bash
# Search for any usage of `terser` in the codebase to verify compatibility with the updated version.

# Find all JavaScript and TypeScript files that might use `terser`.
files=$(fd -e js -e ts)

# Search for `terser` usage in the found files.
for file in $files; do
  rg 'terser' "$file"
done

Length of output: 408

---

Script:

#!/bin/bash
# Search for any usage of `terser` in common build configuration files to verify compatibility with the updated version.

# Find all common build configuration files.
config_files=$(fd -e js -e json -e ts -e config)

# Search for `terser` usage in the found configuration files.
for file in $config_files; do
  rg 'terser' "$file"
done

Length of output: 984

---

Script:

#!/bin/bash
# Check the `terser` documentation for any changes to the options used in the build script.

# Fetch the changelog for `terser` versions between 5.10.0 and 5.31.4.
curl -s https://raw.githubusercontent.com/terser/terser/master/CHANGELOG.md | awk '/## \[5.31.4\]/,0' | awk '/## \[5.10.0\]/,0' | head -n -1

Length of output: 142

---

Script:

#!/bin/bash
# Fetch the `terser` documentation for the options used in the build script.

# Fetch the latest `terser` documentation.
curl -s https://raw.githubusercontent.com/terser/terser/master/README.md > terser_latest.md

# Check for the options `-c`, `-m`, and `--source-map` in the documentation.
grep -E '(-c|--compress|-m|--mangle|--source-map)' terser_latest.md

Length of output: 4904

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 9b8ec12 and a417f08.

Files selected for processing (1)

• package.json (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• package.json

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between a417f08 and 879b3a8.

Files selected for processing (1)

• package.json (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• package.json