Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update non-major #1326

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore(deps): update non-major #1326

wants to merge 2 commits into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 1, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@babel/cli (source) ^7.23.0 -> ^7.23.9 age adoption passing confidence devDependencies patch
@babel/core (source) ^7.23.0 -> ^7.23.9 age adoption passing confidence devDependencies patch
@babel/eslint-parser (source) ^7.22.15 -> ^7.23.9 age adoption passing confidence devDependencies minor
@babel/preset-env (source) ^7.22.20 -> ^7.23.9 age adoption passing confidence devDependencies minor
@babel/register (source) ^7.22.15 -> ^7.23.7 age adoption passing confidence devDependencies minor
@sanity/semantic-release-preset (source) ^4.1.4 -> ^4.1.6 age adoption passing confidence devDependencies patch
EndBug/add-and-commit 1bad3ab -> a94899b age adoption passing confidence action digest
esbuild ^0.19.4 -> ^0.19.12 age adoption passing confidence devDependencies patch
eslint (source) ^8.50.0 -> ^8.56.0 age adoption passing confidence devDependencies minor
eslint-config-prettier ^9.0.0 -> ^9.1.0 age adoption passing confidence devDependencies minor
eslint-plugin-import ^2.28.1 -> ^2.29.1 age adoption passing confidence devDependencies minor
eslint-plugin-jest ^27.4.0 -> ^27.6.3 age adoption passing confidence devDependencies minor
ls-engines ^0.9.0 -> ^0.9.1 age adoption passing confidence devDependencies patch
prettier (source) ^3.0.3 -> ^3.2.4 age adoption passing confidence devDependencies minor
prettier-plugin-packagejson ^2.4.6 -> ^2.4.9 age adoption passing confidence devDependencies patch

Release Notes

babel/babel (@​babel/cli)

v7.23.9

Compare Source

🐛 Bug Fix
  • babel-helper-transform-fixture-test-runner, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-preset-env
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-runtime, babel-preset-env
  • babel-traverse
  • Other
🏠 Internal
🏃‍♀️ Performance
🔬 Output optimization
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-new-target, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-preset-env
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

v7.23.4

Compare Source

🐛 Bug Fix
sanity-io/semantic-release-preset (@​sanity/semantic-release-preset)

v4.1.6

Compare Source

Bug Fixes
  • deps: update dependency semantic-release to v22 (e67b045)

v4.1.5

Compare Source

Bug Fixes
  • deps: Update dependency conventional-changelog-conventionalcommits to v7 (#​104) (2614d5c)
  • deps: update dependency semantic-release to v22 (#​106) (0439f36)
evanw/esbuild (esbuild)

v0.19.12

Compare Source

  • The "preserve" JSX mode now preserves JSX text verbatim (#​3605)

    The JSX specification deliberately doesn't specify how JSX text is supposed to be interpreted and there is no canonical way to interpret JSX text. Two most popular interpretations are Babel and TypeScript. Yes they are different (esbuild deliberately follows TypeScript by the way).

    Previously esbuild normalized text to the TypeScript interpretation when the "preserve" JSX mode is active. However, "preserve" should arguably reproduce the original JSX text verbatim so that whatever JSX transform runs after esbuild is free to interpret it however it wants. So with this release, esbuild will now pass JSX text through unmodified:

    // Original code
    let el =
      <a href={'/'} title='&apos;&quot;'> some text
        {foo}
          more text </a>
    
    // Old output (with --loader=jsx --jsx=preserve)
    let el = <a href="/" title={`'"`}>
      {" some text"}
      {foo}
      {"more text "}
    </a>;
    
    // New output (with --loader=jsx --jsx=preserve)
    let el = <a href={"/"} title='&apos;&quot;'> some text
        {foo}
          more text </a>;
  • Allow JSX elements as JSX attribute values

    JSX has an obscure feature where you can use JSX elements in attribute position without surrounding them with {...}. It looks like this:

    let el = <div data-ab=<><a/><b/></>/>;

    I think I originally didn't implement it even though it's part of the JSX specification because it previously didn't work in TypeScript (and potentially also in Babel?). However, support for it was silently added in TypeScript 4.8 without me noticing and Babel has also since fixed their bugs regarding this feature. So I'm adding it to esbuild too now that I know it's widely supported.

    Keep in mind that there is some ongoing discussion about removing this feature from JSX. I agree that the syntax seems out of place (it does away with the elegance of "JSX is basically just XML with {...} escapes" for something arguably harder to read, which doesn't seem like a good trade-off), but it's in the specification and TypeScript and Babel both implement it so I'm going to have esbuild implement it too. However, I reserve the right to remove it from esbuild if it's ever removed from the specification in the future. So use it with caution.

  • Fix a bug with TypeScript type parsing (#​3574)

    This release fixes a bug with esbuild's TypeScript parser where a conditional type containing a union type that ends with an infer type that ends with a constraint could fail to parse. This was caused by the "don't parse a conditional type" flag not getting passed through the union type parser. Here's an example of valid TypeScript code that previously failed to parse correctly:

    type InferUnion<T> = T extends { a: infer U extends number } | infer U extends number ? U : never

v0.19.11

Compare Source

  • Fix TypeScript-specific class transform edge case (#​3559)

    The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

    // Original code
    class Foo extends Bar {
      #private = 1;
      public: any;
      constructor() {
        super();
      }
    }
    
    // Old output (with esbuild v0.19.9)
    class Foo extends Bar {
      constructor() {
        super();
        this.#private = 1;
      }
      #private;
    }
    
    // Old output (with esbuild v0.19.10)
    class Foo extends Bar {
      constructor() {
        this.#private = 1;
        super();
      }
      #private;
    }
    
    // New output
    class Foo extends Bar {
      #private = 1;
      constructor() {
        super();
      }
    }
  • Minifier: allow reording a primitive past a side-effect (#​3568)

    The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

    // Original code
    function f() {
      let x = false;
      let y = x;
      const boolean = y;
      let frag = $.template(`<p contenteditable="${boolean}">hello world</p>`);
      return frag;
    }
    
    // Old output (with --minify)
    function f(){const e=!1;return $.template(`<p contenteditable="${e}">hello world</p>`)}
    
    // New output (with --minify)
    function f(){return $.template('<p contenteditable="false">hello world</p>')}
  • Minifier: consider properties named using known Symbol instances to be side-effect free (#​3561)

    Many things in JavaScript can have side effects including property accesses and ToString operations, so using a symbol such as Symbol.iterator as a computed property name is not obviously side-effect free. This release adds a special case for known Symbol instances so that they are considered side-effect free when used as property names. For example, this class declaration will now be considered side-effect free:

    class Foo {
      *[Symbol.iterator]() {
      }
    }
  • Provide the stop() API in node to exit esbuild's child process (#​3558)

    You can now call stop() in esbuild's node API to exit esbuild's child process to reclaim the resources used. It only makes sense to do this for a long-lived node process when you know you will no longer be making any more esbuild API calls. It is not necessary to call this to allow node to exit, and it's advantageous to not call this in between calls to esbuild's API as sharing a single long-lived esbuild child process is more efficient than re-creating a new esbuild child process for every API call. This API call used to exist but was removed in version 0.9.0. This release adds it back due to a user request.

v0.19.10

Compare Source

  • Fix glob imports in TypeScript files (#​3319)

    This release fixes a problem where bundling a TypeScript file containing a glob import could emit a call to a helper function that doesn't exist. The problem happened because esbuild's TypeScript transformation removes unused imports (which is required for correctness, as they may be type-only imports) and esbuild's glob import transformation wasn't correctly marking the imported helper function as used. This wasn't caught earlier because most of esbuild's glob import tests were written in JavaScript, not in TypeScript.

  • Fix require() glob imports with bundling disabled (#​3546)

    Previously require() calls containing glob imports were incorrectly transformed when bundling was disabled. All glob imports should only be transformed when bundling is enabled. This bug has been fixed.

  • Fix a panic when transforming optional chaining with define (#​3551, #​3554)

    This release fixes a case where esbuild could crash with a panic, which was triggered by using define to replace an expression containing an optional chain. Here is an example:

    // Original code
    console.log(process?.env.SHELL)
    
    // Old output (with --define:process.env={})
    /* panic: Internal error (while parsing "<stdin>") */
    
    // New output (with --define:process.env={})
    var define_process_env_default = {};
    console.log(define_process_env_default.SHELL);

    This fix was contributed by @​hi-ogawa.

  • Work around a bug in node's CommonJS export name detector (#​3544)

    The export names of a CommonJS module are dynamically-determined at run time because CommonJS exports are properties on a mutable object. But the export names of an ES module are statically-determined at module instantiation time by using import and export syntax and cannot be changed at run time.

    When you import a CommonJS module into an ES module in node, node scans over the source code to attempt to detect the set of export names that the CommonJS module will end up using. That statically-determined set of names is used as the set of names that the ES module is allowed to import at module instantiation time. However, this scan appears to have bugs (or at least, can cause false positives) because it doesn't appear to do any scope analysis. Node will incorrectly consider the module to export something even if the assignment is done to a local variable instead of to the module-level exports object. For example:

    // confuseNode.js
    exports.confuseNode = function(exports) {
      // If this local is called "exports", node incorrectly
      // thinks this file has an export called "notAnExport".
      exports.notAnExport = function() {
      };
    };

    You can see that node incorrectly thinks the file confuseNode.js has an export called notAnExport when that file is loaded in an ES module context:

    $ node -e 'import("./confuseNode.js").then(console.log)'
    [Module: null prototype] {
      confuseNode: [Function (anonymous)],
      default: { confuseNode: [Function (anonymous)] },
      notAnExport: undefined
    }

    To avoid this, esbuild will now rename local variables that use the names exports and module when generating CommonJS output for the node platform.

  • Fix the return value of esbuild's super() shim (#​3538)

    Some people write constructor methods that use the return value of super() instead of using this. This isn't too common because TypeScript doesn't let you do that but it can come up when writing JavaScript. Previously esbuild's class lowering transform incorrectly transformed the return value of super() into undefined. With this release, the return value of super() will now be this instead:

    // Original code
    class Foo extends Object {
      field
      constructor() {
        console.log(typeof super())
      }
    }
    new Foo
    
    // Old output (with --target=es6)
    class Foo extends Object {
      constructor() {
        var __super = (...args) => {
          super(...args);
          __publicField(this, "field");
        };
        console.log(typeof __super());
      }
    }
    new Foo();
    
    // New output (with --target=es6)
    class Foo extends Object {
      constructor() {
        var __super = (...args) => {
          super(...args);
          __publicField(this, "field");
          return this;
        };
        console.log(typeof __super());
      }
    }
    new Foo();
  • Terminate the Go GC when esbuild's stop() API is called (#​3552)

    If you use esbuild with WebAssembly and pass the worker: false flag to esbuild.initialize(), then esbuild will run the WebAssembly module on the main thread. If you do this within a Deno test and that test calls esbuild.stop() to clean up esbuild's resources, Deno may complain that a setTimeout() call lasted past the end of the test. This happens when the Go is in the middle of a garbage collection pass and has scheduled additional ongoing garbage collection work. Normally calling esbuild.stop() will terminate the web worker that the WebAssembly module runs in, which will terminate the Go GC, but that doesn't happen if you disable the web worker with worker: false.

    With this release, esbuild will now attempt to terminate the Go GC in this edge case by calling clearTimeout() on these pending timeouts.

  • Apply /* @&#8203;__NO_SIDE_EFFECTS__ */ on tagged template literals (#​3511)

    Tagged template literals that reference functions annotated with a @__NO_SIDE_EFFECTS__ comment are now able to be removed via tree-shaking if the result is unused. This is a convention from Rollup. Here is an example:

    // Original code
    const html = /* @&#8203;__NO_SIDE_EFFECTS__ */ (a, ...b) => ({ a, b })
    html`<a>remove</a>`
    x = html`<b>keep</b>`
    
    // Old output (with --tree-shaking=true)
    const html = /* @&#8203;__NO_SIDE_EFFECTS__ */ (a, ...b) => ({ a, b });
    html`<a>remove</a>`;
    x = html`<b>keep</b>`;
    
    // New output (with --tree-shaking=true)
    const html = /* @&#8203;__NO_SIDE_EFFECTS__ */ (a, ...b) => ({ a, b });
    x = html`<b>keep</b>`;

    Note that this feature currently only works within a single file, so it's not especially useful. This feature does not yet work across separate files. I still recommend using @__PURE__ annotations instead of this feature, as they have wider tooling support. The drawback of course is that @__PURE__ annotations need to be added at each call site, not at the declaration, and for non-call expressions such as template literals you need to wrap the expression in an IIFE (immediately-invoked function expression) to create a call expression to apply the @__PURE__ annotation to.

  • Publish builds for IBM AIX PowerPC 64-bit (#​3549)

    This release publishes a binary executable to npm for IBM AIX PowerPC 64-bit, which means that in theory esbuild can now be installed in that environment with npm install esbuild. This hasn't actually been tested yet. If you have access to such a system, it would be helpful to confirm whether or not doing this actually works.

v0.19.9

Compare Source

  • Add support for transforming new CSS gradient syntax for older browsers

    The specification called CSS Images Module Level 4 introduces new CSS gradient syntax for customizing how the browser interpolates colors in between color stops. You can now control the color space that the interpolation happens in as well as (for "polar" color spaces) control whether hue angle interpolation happens clockwise or counterclockwise. You can read more about this in Mozilla's blog post about new CSS gradient features.

    With this release, esbuild will now automatically transform this syntax for older browsers in the target list. For example, here's a gradient that should appear as a rainbow in a browser that supports this new syntax:

    /* Original code */
    .rainbow-gradient {
      width: 100px;
      height: 100px;
      background: linear-gradient(in hsl longer hue, #&#8203;7ff, #&#8203;77f);
    }
    
    /* New output (with --target=chrome99) */
    .rainbow-gradient {
      width: 100px;
      height: 100px;
      background:
        linear-gradient(
          #&#8203;77ffff,
          #&#8203;77ffaa 12.5%,
          #&#8203;77ff80 18.75%,
          #&#8203;84ff77 21.88%,
          #&#8203;99ff77 25%,
          #eeff77 37.5%,
          #fffb77 40.62%,
          #ffe577 43.75%,
          #ffbb77 50%,
          #ff9077 56.25%,
          #ff7b77 59.38%,
          #ff7788 62.5%,
          #ff77dd 75%,
          #ff77f2 78.12%,
          #f777ff 81.25%,
          #cc77ff 87.5%,
          #&#8203;7777ff);
    }

    You can now use this syntax in your CSS source code and esbuild will automatically convert it to an equivalent gradient for older browsers. In addition, esbuild will now also transform "double position" and "transition hint" syntax for older browsers as appropriate:

    /* Original code */
    .stripes {
      width: 100px;
      height: 100px;
      background: linear-gradient(#e65 33%, #ff2 33% 67%, #&#8203;99e 67%);
    }
    .glow {
      width: 100px;
      height: 100px;
      background: radial-gradient(white 10%, 20%, black);
    }
    
    /* New output (with --target=chrome33) */
    .stripes {
      width: 100px;
      height: 100px;
      background:
        linear-gradient(
          #e65 33%,
          #ff2 33%,
          #ff2 67%,
          #&#8203;99e 67%);
    }
    .glow {
      width: 100px;
      height: 100px;
      background:
        radial-gradient(
          #ffffff 10%,
          #aaaaaa 12.81%,
          #&#8203;959595 15.62%,
          #&#8203;7b7b7b 21.25%,
          #&#8203;5a5a5a 32.5%,
          #&#8203;444444 43.75%,
          #&#8203;323232 55%,
          #&#8203;161616 77.5%,
          #&#8203;000000);
    }

    You can see visual examples of these new syntax features by looking at esbuild's gradient transformation tests.

    If necessary, esbuild will construct a new gradient that approximates the original gradient by recursively splitting the interval in between color stops until the approximation error is within a small threshold. That is why the above output CSS contains many more color stops than the input CSS.

    Note that esbuild deliberately replaces the original gradient with the approximation instead of inserting the approximation before the original gradient as a fallback. The latest version of Firefox has multiple gradient rendering bugs (including incorrect interpolation of partially-transparent colors and interpolating non-sRGB colors using the incorrect color space). If esbuild didn't replace the original gradient, then Firefox would use the original gradient instead of the fallback the appearance would be incorrect in Firefox. In other words, the latest version of Firefox supports modern gradient syntax but interprets it incorrectly.

  • Add support for color(), lab(), lch(), oklab(), oklch(), and hwb() in CSS

    CSS has recently added lots of new ways of specifying colors. You can read more about this in Chrome's blog post about CSS color spaces.

    This release adds support for minifying colors that use the color(), lab(), lch(), oklab(), oklch(), or hwb() syntax and/or transforming these colors for browsers that don't support it yet:

    /* Original code */
    div {
      color: hwb(90deg 20% 40%);
      background: color(display-p3 1 0 0);
    }
    
    /* New output (with --target=chrome99) */
    div {
      color: #&#8203;669933;
      background: #ff0f0e;
      background: color(display-p3 1 0 0);
    }

    As you can see, colors outside of the sRGB color space such as color(display-p3 1 0 0) are mapped back into the sRGB gamut and inserted as a fallback for browsers that don't support the new color syntax.

  • Allow empty type parameter lists in certain cases (#​3512)

    TypeScript allows interface declarations and type aliases to have empty type parameter lists. Previously esbuild didn't handle this edge case but with this release, esbuild will now parse this syntax:

    interface Foo<> {}
    type Bar<> = {}

    This fix was contributed by @​magic-akari.

v0.19.8

Compare Source

  • Add a treemap chart to esbuild's bundle analyzer (#​2848)

    The bundler analyzer on esbuild's website (https://esbuild.github.io/analyze/) now has a treemap chart type in addition to the two existing chart types (sunburst and flame). This should be more familiar for people coming from other similar tools, as well as make better use of large screens.

  • Allow decorators after the export keyword (#​104)

    Previously esbuild's decorator parser followed the original behavior of TypeScript's experimental decorators feature, which only allowed decorators to come before the export keyword. However, the upcoming JavaScript decorators feature also allows decorators to come after the export keyword. And with TypeScript 5.0, TypeScript now also allows experimental decorators to come after the export keyword too. So esbuild now allows this as well:

    // This old syntax has always been permitted:
    @&#8203;decorator export class Foo {}
    @&#8203;decorator export default class Foo {}
    
    // This new syntax is now permitted too:
    export @&#8203;decorator class Foo {}
    export default @&#8203;decorator class Foo {}

    In addition, esbuild's decorator parser has been rewritten to fix several subtle and likely unimportant edge cases with esbuild's parsing of exports and decorators in TypeScript (e.g. TypeScript apparently does automatic semicolon insertion after interface and export interface but not after export default interface).

  • Pretty-print decorators using the same whitespace as the original

    When printing code containing decorators, esbuild will now try to respect whether the original code contained newlines after the decorator or not. This can make generated code containing many decorators much more compact to read:

    // Original code
    class Foo {
      @&#8203;a @&#8203;b @&#8203;c abc
      @&#8203;x @&#8203;y @&#8203;z xyz
    }
    
    // Old output
    class Foo {
      @&#8203;a
      @&#8203;b
      @&#8203;c
      abc;
      @&#8203;x
      @&#8203;y
      @&#8203;z
      xyz;
    }
    
    // New output
    class Foo {
      @&#8203;a @&#8203;b @&#8203;c abc;
      @&#8203;x @&#8203;y @&#8203;z xyz;
    }

v0.19.7

Compare Source

  • Add support for bundling code that uses import attributes (#​3384)

    JavaScript is gaining new syntax for associating a map of string key-value pairs with individual ESM imports. The proposal is still a work in progress and is still undergoing significant changes before being finalized. However, the first iteration has already been shipping in Chromium-based browsers for a while, and the second iteration has landed in V8 and is now shipping in node, so it makes sense for esbuild to support it. Here are the two major iterations of this proposal (so far):

    1. Import assertions (deprecated, will not be standardized)

      • Uses the assert keyword
      • Does not affect module resolution
      • Causes an error if the assertion fails
      • Shipping in Chrome 91+ (and in esbuild 0.11.22+)
    2. Import attributes (currently set to become standardized)

      • Uses the with keyword
      • Affects module resolution
      • Unknown attributes cause an error
      • Shipping in node 21+

    You can already use esbuild to bundle code that uses import assertions (the first iteration). However, this feature is mostly useless for bundlers because import assertions are not allowed to affect module resolution. It's basically only useful as an annotation on external imports, which esbuild will then preserve in the output for use in a browser (which would otherwise refuse to load certain imports).

    With this release, esbuild now supports bundling code that uses import attributes (the second iteration). This is much more useful for bundlers because they are allowed to affect module resolution, which means the key-value pairs can be provided to plugins. Here's an example, which uses esbuild's built-in support for the upcoming JSON module standard:

    // On static imports
    import foo from './package.json' with { type: 'json' }
    console.log(foo)
    
    // On dynamic imports
    const bar = await import('./package.json', { with: { type: 'json' } })
    console.log(bar)

    One important consequence of the change in semantics between import assertions and import attributes is that two imports with identical paths but different import attributes are now considered to be different modules. This is because the import attributes are provided to the loader, which might then use those attributes during loading. For example, you could imagine an image loader that produces an image of a different size depending on the import attributes.

    Import attributes are now reported in the metafile and are now provided to on-load plugins as a map in the with property. For example, here's an esbuild plugin that turns all imports with a type import attribute equal to 'cheese' into a module that exports the cheese emoji:

    const cheesePlugin = {
      name: 'cheese',
      setup(build) {
        build.onLoad({ filter: /.*/ }, args => {
          if (args.with.type === 'cheese') return {
            contents: `export default "🧀"`,
          }
        })
      }
    }
    
    require('esbuild').build({
      bundle: true,
      write: false,
      stdin: {
        contents: `
          import foo from 'data:text/javascript,' with { type: 'cheese' }
          console.log(foo)
        `,
      },
      plugins: [cheesePlugin],
    }).then(result => {
      const code = new Function(result.outputFiles[0].text)
      code()
    })

    Warning: It's possible that the second iteration of this feature may change significantly again even though it's already shipping in real JavaScript VMs (since it has already happened once before). In that case, esbuild may end up adjusting its implementation to match the eventual standard behavior. So keep in mind that by using this, you are using an unstable upcoming JavaScript feature that may undergo breaking changes in the future.

  • Adjust TypeScript experimental decorator behavior (#​3230, #​3326, #​3394)

    With this release, esbuild will now allow TypeScript experimental decorators to access both static class properties and #private class names. For example:

    const check =
      <T,>(a: T, b: T): PropertyDecorator =>
        () => console.log(a === b)
    
    async function test() {
      class Foo {
        static #foo = 1
        static bar = 1 + Foo.#foo
        @&#8203;check(Foo.#foo, 1) a: any
        @&#8203;check(Foo.bar, await Promise.resolve(2)) b: any
      }
    }
    
    test().then(() => console.log('pass'))

    This will now print true true pass when compiled by esbuild. Previously esbuild evaluated TypeScript decorators outside of the class body, so it didn't allow decorators to access Foo or #foo. Now esbuild does something different, although it's hard to concisely explain exactly what esbuild is doing now (see the background section below for more information).

    Note that TypeScript's experimental decorator support is currently buggy: TypeScript's compiler passes this test if only the first @check is present or if only the second @check is present, but TypeScript's compiler fails this test if both checks are present together. I haven't changed esbuild to match TypeScript's behavior exactly here because I'm waiting for TypeScript to fix these bugs instead.

    Some background: TypeScript experimental decorators don't have consistent semantics regarding the context that the decorators are evaluated in. For example, TypeScript will let you use await within a decorator, which implies that the decorator runs outside the class body (since await isn't supported inside a class body), but TypeScript will also let you use #private names, which implies that the decorator runs inside the class body (since #private names are only supported inside a class body). The value of this in a decorator is also buggy (the run-time value of this changes if any decorator in the class uses a #private name but the type of this doesn't change, leading to the type checker no longer matching reality). These inconsistent semantics make it hard for esbuild to implement this feature as decorator evaluation happens in some superposition of both inside and outside the class body that is particular to the internal implementation details of the TypeScript compiler.

  • Forbid --keep-names when targeting old browsers (#​3477)

    The --keep-names setting needs to be able to assign to the name property on functions and classes. However, before ES6 this property was non-configurable, and attempting to assign to it would throw an error. So with this release, esbuild will no longer allow you to enable this setting while also targeting a really old browser.

v0.19.6

Compare Source

  • Fix a constant folding bug with bigint equality

    This release fixes a bug where esbuild incorrectly checked for bigint equality by checking the equality of the bigint literal text. This is correct if the bigint doesn't have a radix because bigint literals without a radix are always in canonical form (since leading zeros are not allowed). However, this is incorrect if the bigint has a radix (e.g. 0x123n) because the canonical form is not enforced when a radix is present.

    // Original code
    console.log(!!0n, !!1n, 123n === 123n)
    console.log(!!0x0n, !!0x1n, 123n === 0x7Bn)
    
    // Old output
    console.log(false, true, true);
    console.log(true, true, false);
    
    // New output
    console.log(false, true, true);
    console.log(!!0x0n, !!0x1n, 123n === 0x7Bn);
  • Add some improvements to the JavaScript minifier

    This release adds more cases to the JavaScript minifier, including support for inlining String.fromCharCode and String.prototype.charCodeAt when possible:

    // Original code
    document.onkeydown = e => e.keyCode === 'A'.charCodeAt(0) && console.log(String.fromCharCode(55358, 56768))
    
    // Old output (with --minify)
    document.onkeydown=o=>o.keyCode==="A".charCodeAt(0)&&console.log(String.fromCharCode(55358,56768));
    
    // New output (with --minify)
    document.onkeydown=o=>o.keyCode===65&&console.log("🧀");

    In addition, immediately-invoked function expressions (IIFEs) that return a single expression are now inlined when minifying. This makes it possible to use IIFEs in combination with @__PURE__ annotations to annotate arbitrary expressions as side-effect free without the IIFE wrapper impacting code size. For example:

    // Original code
    const sideEffectFreeOffset = /* @&#8203;__PURE__ */ (() => computeSomething())()
    use(sideEffectFreeOffset)
    
    // Old output (with --minify)
    const e=(()=>computeSomething())();use(e);
    
    // New output (with --minify)
    const e=computeSomething();use(e);
  • Automatically prefix the mask-composite CSS property for WebKit (#​3493)

    The mask-composite property will now be prefixed as -webkit-mask-composite for older WebKit-based browsers. In addition to prefixing the property name, handling older browsers also requires rewriting the values since WebKit uses non-standard names for the mask composite modes:

    /* Original code */
    div {
      mask-composite: add, subtract, intersect, exclude;
    }
    
    /* New output (with --target=chrome100) */
    div {
      -webkit-mask-composite:
        source-over,
        source-out,
        source-in,
        xor;
      mask-composite:
        add,
        subtract,
        intersect,
        exclude;
    }
  • Avoid referencing this from JSX elements in derived class constructors (#​3454)

    When you enable --jsx=automatic and --jsx-dev, the JSX transform is supposed to insert this as the last argument to the jsxDEV function. I'm not sure exactly why this is and I can't find any specification for it, but in any case this causes the generated code to crash when you use a JSX element in a derived class constructor before the call to super() as this is not allowed to be accessed at that point. For example

    // Original code
    class ChildComponent extends ParentComponent {
      constructor() {
        super(<div />)
      }
    }
    
    // Problematic output (with --loader=jsx --jsx=automatic --jsx-dev)
    import { jsxDEV } from "react/jsx-dev-runtime";
    class ChildComponent extends ParentComponent {
      constructor() {
        super(/* @&#8203;__PURE__ */ jsxDEV("div", {}, void 0, false, {
          fileName: "<stdin>",
          lineNumber: 3,
          columnNumber: 15
        }, this)); // The reference to "this" crashes here
      }
    }

    The TypeScript compiler doesn't handle this at all while the Babel compiler just omits this for the entire constructor (even after the call to super()). There seems to be no specification so I can't be sure that this change doesn't break anything important. But given that Babel is pretty loose with this and TypeScript doesn't handle this at all, I'm guessing this value isn't too important. React's blog post seems to indicate that this value was intended to be used for a React-specific migration warning at some point, so it could even be that this value is irrelevant now. Anyway the crash in this case should now be fixed.

  • Allow package subpath imports to map to node built-ins (#​3485)

    You are now able to use a subpath import in your package to resolve to a node built-in module. For example, with a package.json file like this:

    {
      "type": "module",
      "imports": {
        "#stream": {
          "node": "stream",
          "default": "./stub.js"
        }
      }
    }

    You can now import from node's stream module like this:

    import * as stream from '#stream';
    console.log(Object.keys(stream));

    This will import from node's stream module when the platform is node and from ./stub.js otherwise.

  • No longer throw an error when a Symbol is missing (#​3453)

    Certain JavaScript syntax features use special properties on the global Symbol object. For example, the asynchronous iteration syntax uses Symbol.asyncIterator. Previously esbuild's generated code for older browsers required this symbol to be polyfilled. However, starting with this release esbuild will use Symbol.for() to construct these symbols if they are missing instead of throwing an error about a missing polyfill. This means your code no longer needs to include a polyfill for missing symbols as long as your code also uses Symbol.for() for missing symbols.

  • Parse upcoming changes to TypeScript syntax (#​3490, #​3491)

    With this release, you can now use from as the name of a default type-only import in TypeScript code, as well as of as the name of an await using loop iteration variable:

    import type from from 'from'
    for (await using of of of) ;

    This matches similar changes in the TypeScript compiler (#​56376 and #​55555) which will start allowing this syntax in an upcoming version of TypeScript. Please never actually write code like this.

    The type-only import syntax change was contributed by @​magic-akari.

v0.19.5

Compare Source

  • Fix a regression in 0.19.0 regarding paths in tsconfig.json (#​3354)

    The fix in esbuild version 0.19.0 to process tsconfig.json aliases before the --packages=external setting unintentionally broke an edge case in esbuild's handling of certain tsconfig.json aliases where there are multiple files with the same name in different directories. This release adjusts esbuild's behavior for this edge case so that it passes while still processing aliases before --packages=external. Please read the linked issue for more details.

  • Fix a CSS font property minification bug (#​3452)

    This release fixes a bug where esbuild's CSS minifier didn't insert a space between the font size and the font family in the font CSS shorthand property in the edge case where the original source code didn't already have a space and the leading string token was shortened to an identifier:

    /* Original code */
    .foo { font: 16px"Menlo"; }
    
    /* Old output (with --minify) */
    .foo{font:16pxMenlo}
    
    /* New output (with --minify) */
    .foo{font:16px Menlo}
  • Fix bundling CSS with asset names containing spaces (#​3410)

    Assets referenced via CSS url() tokens may cause esbuild to generate invalid output when bundling if the file name contains spaces (e.g. url(image 2.png)). With this release, esbuild will now quote all bundled asset references in url() tokens to avoid this problem. This only affects assets loaded using the file and copy loaders.

  • Fix invalid CSS url() tokens in @import rules (#​3426)

    In the future, CSS url() tokens may contain additional stuff after the URL. This is irrelevant today as no CSS specification does this. But esbuild previously had a bug where using these tokens in an @import rule resulted in malformed output. This bug has been fixed.

  • Fix browser + false + type: module in package.json (#​3367)

    The browser field in package.json allows you to map a file to false to have it


Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by Sanity. View repository job log here

@socket-security
Copy link

socket-security bot commented Oct 1, 2023

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/cli@7.23.9 Transitive: environment, eval, filesystem, network, shell, unsafe +86 12.4 MB existentialism, hzoo, jlhwung, ...1 more
npm/@babel/core@7.23.9 environment, filesystem, unsafe Transitive: shell +52 10.8 MB nicolo-ribaudo
npm/@babel/eslint-parser@7.23.9 unsafe Transitive: environment, eval, filesystem, shell +146 21.1 MB nicolo-ribaudo
npm/@babel/preset-env@7.23.9 environment Transitive: filesystem, shell, unsafe +161 15.1 MB nicolo-ribaudo
npm/@babel/register@7.23.7 environment, filesystem, unsafe Transitive: shell +72 11.9 MB nicolo-ribaudo
npm/@sanity/semantic-release-preset@4.1.6 Transitive: environment, eval, filesystem, network, shell, unsafe +266 29.2 MB sanity-io
npm/esbuild@0.19.12 environment, filesystem, network, shell +23 224 MB evanw
npm/eslint-config-prettier@9.1.0 Transitive: environment, eval, filesystem, shell, unsafe +91 10.1 MB lydell
npm/eslint-plugin-import@2.29.1 filesystem, unsafe Transitive: environment, eval, shell +169 16.5 MB ljharb
npm/eslint-plugin-jest@27.6.3 filesystem Transitive: environment, eval, network, shell, unsafe +357 74.4 MB simenb
npm/eslint@8.56.0 environment, filesystem Transitive: eval, shell, unsafe +90 10.1 MB eslintbot
npm/ls-engines@0.9.1 Transitive: environment, eval, filesystem, network, shell, unsafe +346 18.4 MB ljharb
npm/prettier-plugin-packagejson@2.4.9 Transitive: environment, filesystem, unsafe +34 9.19 MB matzkoh
npm/prettier@3.2.4 environment, filesystem, unsafe 0 8.38 MB prettier-bot

🚮 Removed packages: npm/@babel/cli@7.23.0, npm/@babel/core@7.23.0, npm/@babel/eslint-parser@7.22.15, npm/@babel/preset-env@7.22.20, npm/@babel/register@7.22.15, npm/@sanity/semantic-release-preset@4.1.4, npm/esbuild@0.19.4, npm/eslint-config-prettier@9.0.0, npm/eslint-plugin-import@2.28.1, npm/eslint-plugin-jest@27.4.0, npm/eslint@8.50.0, npm/ls-engines@0.9.0, npm/prettier-plugin-packagejson@2.4.6, npm/prettier@3.0.3

View full report↗︎

@renovate renovate bot changed the title chore(deps): update dependency eslint-plugin-jest to ^27.4.2 chore(deps): update non-major Oct 6, 2023
@renovate renovate bot force-pushed the renovate/non-major branch 2 times, most recently from 35a2299 to c8e4144 Compare October 12, 2023 03:28
@renovate renovate bot force-pushed the renovate/non-major branch 5 times, most recently from 0327aab to d2058d5 Compare October 23, 2023 15:50
@renovate renovate bot force-pushed the renovate/non-major branch 2 times, most recently from 2008946 to 4767efd Compare October 26, 2023 22:18
@renovate renovate bot force-pushed the renovate/non-major branch 2 times, most recently from b559434 to 848f540 Compare November 9, 2023 10:01
@renovate renovate bot force-pushed the renovate/non-major branch 4 times, most recently from 609c1f2 to fe82eda Compare November 19, 2023 09:33
@renovate renovate bot force-pushed the renovate/non-major branch 3 times, most recently from 75b3d8b to 3e3fb2a Compare November 27, 2023 01:42
@renovate renovate bot force-pushed the renovate/non-major branch 4 times, most recently from 642770d to 1184494 Compare December 3, 2023 04:12
@renovate renovate bot force-pushed the renovate/non-major branch 4 times, most recently from 5986111 to 1941a39 Compare December 14, 2023 19:47
@renovate renovate bot force-pushed the renovate/non-major branch 2 times, most recently from 5bb45be to 4ff6576 Compare December 19, 2023 03:58
@renovate renovate bot force-pushed the renovate/non-major branch 3 times, most recently from 1280b36 to 3aed00c Compare January 1, 2024 21:58
@renovate renovate bot force-pushed the renovate/non-major branch 3 times, most recently from 6afce21 to 354239c Compare January 10, 2024 09:07
@renovate renovate bot force-pushed the renovate/non-major branch 4 times, most recently from 7ee231a to 1a84e16 Compare January 17, 2024 03:47
Copy link

socket-security bot commented Jan 17, 2024

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Potential typo squat npm/array.prototype.some@1.1.5

View full report↗︎

Next steps

What is a potential typo squat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/array.prototype.some@1.1.5

@renovate renovate bot force-pushed the renovate/non-major branch 2 times, most recently from 26f759b to d493305 Compare January 23, 2024 20:06
Copy link
Contributor Author

renovate bot commented Jan 26, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants