[Snyk] Upgrade esbuild from 0.19.5 to 0.19.6 #255
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade esbuild from 0.19.5 to 0.19.6. See this package in npm: https://www.npmjs.com/package/esbuild See this project in Snyk: https://app.snyk.io/org/dash0-zmw/project/19cdc40c-3d4d-4ded-a264-63b0f1d48b6b?utm_source=github&utm_medium=referral&page=upgrade-pr
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
marcelbirkner
approved these changes
Dec 11, 2023
|
Kudos, SonarCloud Quality Gate passed!
|
marcelbirkner
deleted the
snyk-upgrade-9f1479ae9c731b5303a6c66474ff7e50
branch
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade esbuild from 0.19.5 to 0.19.6.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: esbuild
-
0.19.6 - 2023-11-19
-
// Original code
-
// Original code
// Original code
-
/ Original code */
-
// Original code
-
-
-
-
0.19.5 - 2023-10-17
from esbuild GitHub release notesFix a constant folding bug with bigint equality
This release fixes a bug where esbuild incorrectly checked for bigint equality by checking the equality of the bigint literal text. This is correct if the bigint doesn't have a radix because bigint literals without a radix are always in canonical form (since leading zeros are not allowed). However, this is incorrect if the bigint has a radix (e.g.
0x123n) because the canonical form is not enforced when a radix is present.console.log(!!0n, !!1n, 123n === 123n)
console.log(!!0x0n, !!0x1n, 123n === 0x7Bn)
// Old output
console.log(false, true, true);
console.log(true, true, false);
// New output
console.log(false, true, true);
console.log(!!0x0n, !!0x1n, 123n === 0x7Bn);
Add some improvements to the JavaScript minifier
This release adds more cases to the JavaScript minifier, including support for inlining
String.fromCharCodeandString.prototype.charCodeAtwhen possible:document.onkeydown = e => e.keyCode === 'A'.charCodeAt(0) && console.log(String.fromCharCode(55358, 56768))
// Old output (with --minify)
document.onkeydown=o=>o.keyCode==="A".charCodeAt(0)&&console.log(String.fromCharCode(55358,56768));
// New output (with --minify)
document.onkeydown=o=>o.keyCode===65&&console.log("🧀");
In addition, immediately-invoked function expressions (IIFEs) that return a single expression are now inlined when minifying. This makes it possible to use IIFEs in combination with
@ __PURE__annotations to annotate arbitrary expressions as side-effect free without the IIFE wrapper impacting code size. For example:const sideEffectFreeOffset = /* @ PURE */ (() => computeSomething())()
use(sideEffectFreeOffset)
// Old output (with --minify)
const e=(()=>computeSomething())();use(e);
// New output (with --minify)
const e=computeSomething();use(e);
Automatically prefix the
mask-compositeCSS property for WebKit (#3493)The
mask-compositeproperty will now be prefixed as-webkit-mask-compositefor older WebKit-based browsers. In addition to prefixing the property name, handling older browsers also requires rewriting the values since WebKit uses non-standard names for the mask composite modes:div {
mask-composite: add, subtract, intersect, exclude;
}
/* New output (with --target=chrome100) */
div {
-webkit-mask-composite:
source-over,
source-out,
source-in,
xor;
mask-composite:
add,
subtract,
intersect,
exclude;
}
Avoid referencing
thisfrom JSX elements in derived class constructors (#3454)When you enable
--jsx=automaticand--jsx-dev, the JSX transform is supposed to insertthisas the last argument to thejsxDEVfunction. I'm not sure exactly why this is and I can't find any specification for it, but in any case this causes the generated code to crash when you use a JSX element in a derived class constructor before the call tosuper()asthisis not allowed to be accessed at that point. For exampleclass ChildComponent extends ParentComponent {
constructor() {
super(<div />)
}
}
// Problematic output (with --loader=jsx --jsx=automatic --jsx-dev)
import { jsxDEV } from "react/jsx-dev-runtime";
class ChildComponent extends ParentComponent {
constructor() {
super(/* @ PURE */ jsxDEV("div", {}, void 0, false, {
fileName: "<stdin>",
lineNumber: 3,
columnNumber: 15
}, this)); // The reference to "this" crashes here
}
}
The TypeScript compiler doesn't handle this at all while the Babel compiler just omits
thisfor the entire constructor (even after the call tosuper()). There seems to be no specification so I can't be sure that this change doesn't break anything important. But given that Babel is pretty loose with this and TypeScript doesn't handle this at all, I'm guessing this value isn't too important. React's blog post seems to indicate that this value was intended to be used for a React-specific migration warning at some point, so it could even be that this value is irrelevant now. Anyway the crash in this case should now be fixed.Allow package subpath imports to map to node built-ins (#3485)
You are now able to use a subpath import in your package to resolve to a node built-in module. For example, with a
package.jsonfile like this:{ "type": "module", "imports": { "#stream": { "node": "stream", "default": "./stub.js" } } }You can now import from node's
streammodule like this:This will import from node's
streammodule when the platform isnodeand from./stub.jsotherwise.No longer throw an error when a
Symbolis missing (#3453)Certain JavaScript syntax features use special properties on the global
Symbolobject. For example, the asynchronous iteration syntax usesSymbol.asyncIterator. Previously esbuild's generated code for older browsers required this symbol to be polyfilled. However, starting with this release esbuild will useSymbol.for()to construct these symbols if they are missing instead of throwing an error about a missing polyfill. This means your code no longer needs to include a polyfill for missing symbols as long as your code also usesSymbol.for()for missing symbols.Parse upcoming changes to TypeScript syntax (#3490, #3491)
With this release, you can now use
fromas the name of a default type-only import in TypeScript code, as well asofas the name of anawait usingloop iteration variable:This matches similar changes in the TypeScript compiler (#56376 and #55555) which will start allowing this syntax in an upcoming version of TypeScript. Please never actually write code like this.
The type-only import syntax change was contributed by @ magic-akari.
Read more
Commit messages
Package name: esbuild
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs