Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade esbuild from 0.15.18 to 0.17.17 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ilovera-woolworthslimited
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade esbuild from 0.15.18 to 0.17.17.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 36 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-04-16.
Release notes
Package name: esbuild
  • 0.17.17 - 2023-04-16
    • Fix CSS nesting transform for top-level & (#3052)

      Previously esbuild could crash with a stack overflow when lowering CSS nesting rules with a top-level &, such as in the code below. This happened because esbuild's CSS nesting transform didn't handle top-level &, causing esbuild to inline the top-level selector into itself. This release handles top-level & by replacing it with the :scope pseudo-class:

      / Original code */
      &,
      a {
      .b {
      color: red;
      }
      }

      /* New output (with --target=chrome90) */
      :is(:scope, a) .b {
      color: red;
      }

    • Support exports in package.json for extends in tsconfig.json (#3058)

      TypeScript 5.0 added the ability to use extends in tsconfig.json to reference a path in a package whose package.json file contains an exports map that points to the correct location. This doesn't automatically work in esbuild because tsconfig.json affects esbuild's path resolution, so esbuild's normal path resolution logic doesn't apply.

      This release adds support for doing this by adding some additional code that attempts to resolve the extends path using the exports field. The behavior should be similar enough to esbuild's main path resolution logic to work as expected.

      Note that esbuild always treats this extends import as a require() import since that's what TypeScript appears to do. Specifically the require condition will be active and the import condition will be inactive.

    • Fix watch mode with NODE_PATH (#3062)

      Node has a rarely-used feature where you can extend the set of directories that node searches for packages using the NODE_PATH environment variable. While esbuild supports this too, previously a bug prevented esbuild's watch mode from picking up changes to imported files that were contained directly in a NODE_PATH directory. You're supposed to use NODE_PATH for packages, but some people abuse this feature by putting files in that directory instead (e.g. node_modules/some-file.js instead of node_modules/some-pkg/some-file.js). The watch mode bug happens when you do this because esbuild first tries to read some-file.js as a directory and then as a file. Watch mode was incorrectly waiting for some-file.js to become a valid directory. This release fixes this edge case bug by changing watch mode to watch some-file.js as a file when this happens.

  • 0.17.16 - 2023-04-10
    • Fix CSS nesting transform for triple-nested rules that start with a combinator (#3046)

      This release fixes a bug with esbuild where triple-nested CSS rules that start with a combinator were not transformed correctly for older browsers. Here's an example of such a case before and after this bug fix:

      / Original input */
      .a {
      color: red;
      > .b {
      color: green;
      > .c {
      color: blue;
      }
      }
      }

      /* Old output (with --target=chrome90) */
      .a {
      color: red;
      }
      .a > .b {
      color: green;
      }
      .a .b > .c {
      color: blue;
      }

      /* New output (with --target=chrome90) */
      .a {
      color: red;
      }
      .a > .b {
      color: green;
      }
      .a > .b > .c {
      color: blue;
      }

    • Support --inject with a file loaded using the copy loader (#3041)

      This release now allows you to use --inject with a file that is loaded using the copy loader. The copy loader copies the imported file to the output directory verbatim and rewrites the path in the import statement to point to the copied output file. When used with --inject, this means the injected file will be copied to the output directory as-is and a bare import statement for that file will be inserted in any non-copy output files that esbuild generates.

      Note that since esbuild doesn't parse the contents of copied files, esbuild will not expose any of the export names as usable imports when you do this (in the way that esbuild's --inject feature is typically used). However, any side-effects that the injected file has will still occur.

  • 0.17.15 - 2023-04-01
    • Allow keywords as type parameter names in mapped types (#3033)

      TypeScript allows type keywords to be used as parameter names in mapped types. Previously esbuild incorrectly treated this as an error. Code that does this is now supported:

      type Foo = 'a' | 'b' | 'c'
      type A = { [keyof in Foo]: number }
      type B = { [infer in Foo]: number }
      type C = { [readonly in Foo]: number }
    • Add annotations for re-exported modules in node (#2486, #3029)

      Node lets you import named imports from a CommonJS module using ESM import syntax. However, the allowed names aren't derived from the properties of the CommonJS module. Instead they are derived from an arbitrary syntax-only analysis of the CommonJS module's JavaScript AST.

      To accommodate node doing this, esbuild's ESM-to-CommonJS conversion adds a special non-executable "annotation" for node that describes the exports that node should expose in this scenario. It takes the form 0 && (module.exports = { ... }) and comes at the end of the file (0 && expr means expr is never evaluated).

      Previously esbuild didn't do this for modules re-exported using the export * from syntax. Annotations for these re-exports will now be added starting with this release:

      // Original input
      export { foo } from './foo'
      export * from './bar'

      // Old output (with --format=cjs --platform=node)
      ...
      0 && (module.exports = {
      foo
      });

      // New output (with --format=cjs --platform=node)
      ...
      0 && (module.exports = {
      foo,
      ...require("./bar")
      });

      Note that you need to specify both --format=cjs and --platform=node to get these node-specific annotations.

    • Avoid printing an unnecessary space in between a number and a . (#3026)

      JavaScript typically requires a space in between a number token and a . token to avoid the . being interpreted as a decimal point instead of a member expression. However, this space is not required if the number token itself contains a decimal point, an exponent, or uses a base other than 10. This release of esbuild now avoids printing the unnecessary space in these cases:

      // Original input
      foo(1000 .x, 0 .x, 0.1 .x, 0.0001 .x, 0xFFFF_0000_FFFF_0000 .x)

      // Old output (with --minify)
      foo(1e3 .x,0 .x,.1 .x,1e-4 .x,0xffff0000ffff0000 .x);

      // New output (with --minify)
      foo(1e3.x,0 .x,.1.x,1e-4.x,0xffff0000ffff0000.x);

    • Fix server-sent events with live reload when writing to the file system root (#3027)

      This release fixes a bug where esbuild previously failed to emit server-sent events for live reload when outdir was the file system root, such as /. This happened because / is the only path on Unix that cannot have a trailing slash trimmed from it, which was fixed by improved path handling.

  • 0.17.14 - 2023-03-26
    Read more
  • 0.17.13 - 2023-03-24
    • Work around an issue with NODE_PATH and Go's WebAssembly internals (#3001)

      Go's WebAssembly implementation returns EINVAL instead of ENOTDIR when using the readdir syscall on a file. This messes up esbuild's implementation of node's module resolution algorithm since encountering ENOTDIR causes esbuild to continue its search (since it's a normal condition) while other encountering other errors causes esbuild to fail with an I/O error (since it's an unexpected condition). You can encounter this issue in practice if you use node's legacy NODE_PATH feature to tell esbuild to resolve node modules in a custom directory that was not installed by npm. This release works around this problem by converting EINVAL into ENOTDIR for the readdir syscall.

    • Fix a minification bug with CSS @ layer rules that have parsing errors (#3016)

      CSS at-rules require either a {} block or a semicolon at the end. Omitting both of these causes esbuild to treat the rule as an unknown at-rule. Previous releases of esbuild had a bug that incorrectly removed unknown at-rules without any children during minification if the at-rule token matched an at-rule that esbuild can handle. Specifically cssnano can generate @ layer rules with parsing errors, and empty @ layer rules cannot be removed because they have side effects (@ layer didn't exist when esbuild's CSS support was added, so esbuild wasn't written to handle this). This release changes esbuild to no longer discard @ layer rules with parsing errors when minifying (the rule @ layer c has a parsing error):

      / Original input */
      @ layer a {
      @ layer b {
      @ layer c
      }
      }

      /* Old output (with --minify) */
      @ layer a.b;

      /* New output (with --minify) */
      @ layer a.b.c;

    • Unterminated strings in CSS are no longer an error

      The CSS specification provides rules for handling parsing errors. One of those rules is that user agents must close strings upon reaching the end of a line (i.e., before an unescaped line feed, carriage return or form feed character), but then drop the construct (declaration or rule) in which the string was found. For example:

      p {
        color: green;
        font-family: 'Courier New Times
        color: red;
        color: green;
      }

      ...would be treated the same as:

      p { color: green; color: green; }

      ...because the second declaration (from font-family to the semicolon after color: red) is invalid and is dropped.

      Previously using this CSS with esbuild failed to build due to a syntax error, even though the code can be interpreted by a browser. With this release, the code now produces a warning instead of an error, and esbuild prints the invalid CSS such that it stays invalid in the output:

      /* esbuild's new non-minified output: */
      p {
        color: green;
        font-family: 'Courier New Times
        color: red;
        color: green;
      }
      /* esbuild's new minified output: */
      p{font-family:'Courier New Times
      color: red;color:green}
  • 0.17.12 - 2023-03-17
    • Fix a crash when parsing inline TypeScript decorators (#2991)

      Previously esbuild's TypeScript parser crashed when parsing TypeScript decorators if the definition of the decorator was inlined into the decorator itself:

      @(function sealed(constructor: Function) {
        Object.seal(constructor);
        Object.seal(constructor.prototype);
      })
      class Foo {}

      This crash was not noticed earlier because this edge case did not have test coverage. The crash is fixed in this release.

  • 0.17.11 - 2023-03-03
    Read more
  • 0.17.10 - 2023-02-20
    Read more
  • 0.17.9 - 2023-02-19
    Read more
  • 0.17.8 - 2023-02-13
    Read more
  • 0.17.7 - 2023-02-09
  • 0.17.6 - 2023-02-06
  • 0.17.5 - 2023-01-27
  • 0.17.4 - 2023-01-22
  • 0.17.3 - 2023-01-18
  • 0.17.2 - 2023-01-17
  • 0.17.1 - 2023-01-16
  • 0.17.0 - 2023-01-14
  • 0.16.17 - 2023-01-11
  • 0.16.16 - 2023-01-08
  • 0.16.15 - 2023-01-07
  • 0.16.14 - 2023-01-04
  • 0.16.13 - 2023-01-02
  • 0.16.12 - 2022-12-28
  • 0.16.11 - 2022-12-27
  • 0.16.10 - 2022-12-19
  • 0.16.9 - 2022-12-18
  • 0.16.8 - 2022-12-16
  • 0.16.7 - 2022-12-14
  • 0.16.6 - 2022-12-14
  • 0.16.5 - 2022-12-13
  • 0.16.4 - 2022-12-10
  • 0.16.3 - 2022-12-08
  • 0.16.2 - 2022-12-08
  • 0.16.1 - 2022-12-07
  • 0.16.0 - 2022-12-07
  • 0.15.18 - 2022-12-05
from esbuild GitHub release notes
Commit messages
Package name: esbuild

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment