Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps-dev): bump esbuild from 0.14.49 to 0.19.10 #388

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 25, 2023

Bumps esbuild from 0.14.49 to 0.19.10.

Release notes

Sourced from esbuild's releases.

v0.19.10

  • Fix glob imports in TypeScript files (#3319)

    This release fixes a problem where bundling a TypeScript file containing a glob import could emit a call to a helper function that doesn't exist. The problem happened because esbuild's TypeScript transformation removes unused imports (which is required for correctness, as they may be type-only imports) and esbuild's glob import transformation wasn't correctly marking the imported helper function as used. This wasn't caught earlier because most of esbuild's glob import tests were written in JavaScript, not in TypeScript.

  • Fix require() glob imports with bundling disabled (#3546)

    Previously require() calls containing glob imports were incorrectly transformed when bundling was disabled. All glob imports should only be transformed when bundling is enabled. This bug has been fixed.

  • Fix a panic when transforming optional chaining with define (#3551, #3554)

    This release fixes a case where esbuild could crash with a panic, which was triggered by using define to replace an expression containing an optional chain. Here is an example:

    // Original code
    console.log(process?.env.SHELL)
    // Old output (with --define:process.env={})
    /* panic: Internal error (while parsing "<stdin>") */
    // New output (with --define:process.env={})
    var define_process_env_default = {};
    console.log(define_process_env_default.SHELL);

    This fix was contributed by @​hi-ogawa.

  • Work around a bug in node's CommonJS export name detector (#3544)

    The export names of a CommonJS module are dynamically-determined at run time because CommonJS exports are properties on a mutable object. But the export names of an ES module are statically-determined at module instantiation time by using import and export syntax and cannot be changed at run time.

    When you import a CommonJS module into an ES module in node, node scans over the source code to attempt to detect the set of export names that the CommonJS module will end up using. That statically-determined set of names is used as the set of names that the ES module is allowed to import at module instantiation time. However, this scan appears to have bugs (or at least, can cause false positives) because it doesn't appear to do any scope analysis. Node will incorrectly consider the module to export something even if the assignment is done to a local variable instead of to the module-level exports object. For example:

    // confuseNode.js
    exports.confuseNode = function(exports) {
      // If this local is called "exports", node incorrectly
      // thinks this file has an export called "notAnExport".
      exports.notAnExport = function() {
      };
    };

    You can see that node incorrectly thinks the file confuseNode.js has an export called notAnExport when that file is loaded in an ES module context:

    $ node -e 'import("./confuseNode.js").then(console.log)'
    [Module: null prototype] {
      confuseNode: [Function (anonymous)],
      default: { confuseNode: [Function (anonymous)] },

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

  • Loader defaults to js for extensionless files (#2776)

    Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

    • CLI:

      esbuild --bundle --loader:=css
      
    • JS:

      esbuild.build({
        bundle: true,
        loader: { '': 'css' },
      })
    • Go:

      api.Build(api.BuildOptions{
        Bundle: true,
        Loader: map[string]api.Loader{"": api.LoaderCSS},
      })

    In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

  • Avoid a syntax error in the presence of direct eval (#2761)

    The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

    // Original code
    if (true) {
      function foo() {}
      console.log(!!foo)
      foo = null
      console.log(!!foo)
    }

... (truncated)

Commits
  • 55e1127 publish 0.19.10 to npm
  • d968af2 fix #3511: @__NO_SIDE_EFFECTS__ with templates
  • 00c4ebe fix #3546: don't transform require glob imports
  • e1b7050 fix #3319: missing symbol usage in glob transform
  • 461ca73 add the @esbuild/aix-ppc64 package for ibm aix (#3550)
  • 190ca99 truncate a long url in a comment
  • 6c41900 add Safari compat data for arbitrary module namespace names (#3520)
  • f38cbe6 fix #3552: calling stop() now clears go timeouts
  • 7a225ff make a few code edits from some random github bot
  • aa46b2c fix some build script comments
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.14.49 to 0.19.10.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2022.md)
- [Commits](evanw/esbuild@v0.14.49...v0.19.10)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 25, 2023
Copy link

vercel bot commented Dec 25, 2023

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
website ❌ Failed (Inspect) Dec 25, 2023 4:31am

Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 1, 2024

Superseded by #389.

@dependabot dependabot bot closed this Jan 1, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/esbuild-0.19.10 branch January 1, 2024 05:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant