Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump esbuild from 0.8.48 to 0.8.49 #13149

Merged
merged 1 commit into from
Feb 19, 2021
Merged

chore(deps-dev): bump esbuild from 0.8.48 to 0.8.49 #13149

merged 1 commit into from
Feb 19, 2021

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps esbuild from 0.8.48 to 0.8.49.

Release notes

Sourced from esbuild's releases.

v0.8.49

  • Work around a problem with pnpm and NODE_PATH (#816)

    In version 0.8.43, esbuild added support for node's NODE_PATH environment variable which contains a list of global folders to use during path resolution. However, this causes a problem when esbuild is installed with pnpm, an alternative JavaScript package manager. Specifically pnpm adds a bogus path to NODE_PATH that doesn't exist but that has a file as a parent directory. Previously this caused esbuild to fail with the error not a directory. Now with this release, esbuild will ignore this bogus path instead of giving an error.

  • Add more names to the global no-side-effect list (#842)

    This release adds almost all known globals from the browser and node to the list of known globals. Membership in this list means accessing the global is assumed to have no side effects. That means tree shaking is allowed to remove unused references to these globals. For example, since HTMLElement is now in the known globals list, the following class will now be removed when unused:

    class MyElement extends HTMLElement {
}

    In addition, membership in this list relaxes ordering constraints for the purposes of minification. It allows esbuild to reorder references to these globals past other expressions. For example, since console.log is now in the known globals list, the following simplification will now be performed during minification:

    // Original
export default (a) => {
  if (a) console.log(b); else console.log(c)
}
// Minified (previous release)
export default (a) => {
a ? console.log(b) : console.log(c);
};
// Minified (this release)
export default (a) => {
console.log(a ? b : c);
};

    This transformation is not generally safe because the console.log property access might evaluate code which could potentially change the value of a. This is only considered safe in this instance because console.log is now in the known globals list.

    Note that membership in this list does not say anything about whether the function has side effects when called. It only says that the identifier has no side effects when referenced. So console.log() is still considered to have side effects even though console.log is now considered to be free of side effects.

    The following globals are not on the list and are considered to have side effects:

    • scrollX
    • scrollY
    • innerWidth
    • innerHeight
    • pageXOffset
    • pageYOffset
    • localStorage
    • sessionStorage

    Accessing layout-related properties can trigger a layout and accessing storage-related properties can throw an exception if certain privacy settings are enabled. Both of these behaviors are considered side effects.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.8.49

  • Work around a problem with pnpm and NODE_PATH (#816)

    In version 0.8.43, esbuild added support for node's NODE_PATH environment variable which contains a list of global folders to use during path resolution. However, this causes a problem when esbuild is installed with pnpm, an alternative JavaScript package manager. Specifically pnpm adds a bogus path to NODE_PATH that doesn't exist but that has a file as a parent directory. Previously this caused esbuild to fail with the error not a directory. Now with this release, esbuild will ignore this bogus path instead of giving an error.

  • Add more names to the global no-side-effect list (#842)

    This release adds almost all known globals from the browser and node to the list of known globals. Membership in this list means accessing the global is assumed to have no side effects. That means tree shaking is allowed to remove unused references to these globals. For example, since HTMLElement is now in the known globals list, the following class will now be removed when unused:

    class MyElement extends HTMLElement {
}

    In addition, membership in this list relaxes ordering constraints for the purposes of minification. It allows esbuild to reorder references to these globals past other expressions. For example, since console.log is now in the known globals list, the following simplification will now be performed during minification:

    // Original
export default (a) => {
  if (a) console.log(b); else console.log(c)
}
// Minified (previous release)
export default (a) => {
a ? console.log(b) : console.log(c);
};
// Minified (this release)
export default (a) => {
console.log(a ? b : c);
};

    This transformation is not generally safe because the console.log property access might evaluate code which could potentially change the value of a. This is only considered safe in this instance because console.log is now in the known globals list.

    Note that membership in this list does not say anything about whether the function has side effects when called. It only says that the identifier has no side effects when referenced. So console.log() is still considered to have side effects even though console.log is now considered to be free of side effects.

    The following globals are not on the list and are considered to have side effects:

    • scrollX
    • scrollY
    • innerWidth
    • innerHeight
    • pageXOffset
    • pageYOffset
    • localStorage
    • sessionStorage

    Accessing layout-related properties can trigger a layout and accessing storage-related properties can throw an exception if certain privacy settings are enabled. Both of these behaviors are considered side effects.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview dependabot-preview bot added the dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. label Feb 19, 2021
@gitpod-io
Copy link

gitpod-io bot commented Feb 19, 2021

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: dbcdc6e
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Feb 19, 2021

Thanks Dependabot!

@mergify mergify bot merged commit 0c90693 into master Feb 19, 2021
@mergify mergify bot deleted the dependabot/npm_and_yarn/esbuild-0.8.49 branch February 19, 2021 09:55
eladb pushed a commit that referenced this pull request Feb 22, 2021
@dependabot-preview
chore(deps-dev): bump esbuild from 0.8.48 to 0.8.49 (#13149)
e8c8fae 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.8.48 to 0.8.49.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/master/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.8.48...v0.8.49)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
dependencies This issue is a problem in a dependency or a pull request that updates a dependency file.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aws-cdk-automation