Bump esbuild from 0.19.5 to 0.19.11

[dependabot]

Bumps esbuild from 0.19.5 to 0.19.11.

Release notes

Sourced from esbuild's releases.

v0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

  // Original code
  function f() {
    let x = false;

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

  // Original code
  function f() {

... (truncated)

Commits

• 6ee8225 publish 0.19.11 to npm
• f8ae3af fix #3561: treeshaking of known Symbol instances
• 0811058 switch define data to flags
• f5f8ff8 fix #3568: can reorder primitive past side-effect
• 914f608 fix #3558: put the stop() api call back
• 2aa166b fix #3559: fix recent class transform regression
• 55e1127 publish 0.19.10 to npm
• d968af2 fix #3511: @__NO_SIDE_EFFECTS__ with templates
• 00c4ebe fix #3546: don't transform require glob imports
• e1b7050 fix #3319: missing symbol usage in glob transform
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Unmaintained	json5	1.0.2	Last Publish: 12/31/2022, 5:11:32 PM	@tachibana-shin/[email protected] via package.json

Next steps

What are unmaintained packages?

Package has not been updated in more than a year and may be unmaintained. Problems with the package may go unaddressed.

Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore [email protected]

[pr-explainer-bot]

Pull Request Review

Hey there! 👋 Here's a summary of the previous tasks and their results. Let's get started!

Changes

1. Updated esbuild dependency from version 0.19.5 to 0.19.11. 🚀

Suggestions

1. Line 31 in package.json: Consider adding a comment explaining the purpose of the esbuild dependency update. 💡
2. Line 31 in package.json: It might be helpful to add a changelog entry for the esbuild dependency update. 📝

Bugs

1. File pnpm-lock.yaml: The resolution field has been added. Verify if it is necessary and update the documentation accordingly. 🐛
2. File pnpm-lock.yaml: The engines field has been modified. Check if the minimum required Node.js version is still accurate. 🐞
3. File pnpm-lock.yaml: The optionalDependencies field has been updated. Ensure that the correct versions are specified for the @esbuild dependencies. 🐞

Improvements

In pnpm-lock.yaml, the optionalDependencies field can be refactored to use an array of objects instead of individual key-value pairs. This can improve readability and maintainability. Here's an example of the refactored code:

optionalDependencies:
  - name: '@esbuild/aix-ppc64'
    version: 0.19.11
  - name: '@esbuild/android-arm'
    version: 0.19.11
  ...

Rating

Code Rating: 7.5/10 🌟

• The code is generally readable, but could benefit from more comments and documentation.
• Performance and security aspects seem to be handled well.

That's it for the summary! Let me know if you need any further assistance. Good luck with the pull request! 🎉

[dependabot]

Superseded by #61.