[Snyk] Upgrade esbuild from 0.17.19 to 0.18.17 #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade esbuild from 0.17.19 to 0.18.17. See this package in npm: https://www.npmjs.com/package/esbuild See this project in Snyk: https://app.snyk.io/org/woodpile37/project/57d88a2b-f30a-4db8-9c86-ed1cff563fd3?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade esbuild from 0.17.19 to 0.18.17.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: esbuild
-
0.18.17 - 2023-07-26
-
- The
- When minification is enabled,
- Local CSS names in an
/ Original code */
-
/ Original code /
-
-
0.18.16 - 2023-07-23
-
-
0.18.15 - 2023-07-20
-
-
-
/ Original code */
/ Case 1 */
/ Case 1 */
-
/ Original code */
-
/ Original code */
-
0.18.14 - 2023-07-18
-
0.18.13 - 2023-07-15
-
0.18.12 - 2023-07-13
-
0.18.11 - 2023-07-01
-
0.18.10 - 2023-06-26
-
-
-
0.18.9 - 2023-06-26
-
0.18.8 - 2023-06-25
-
0.18.7 - 2023-06-24
-
0.18.6 - 2023-06-20
-
0.18.5 - 2023-06-20
-
0.18.4 - 2023-06-16
-
0.18.3 - 2023-06-15
-
0.18.2 - 2023-06-13
-
0.18.1 - 2023-06-12
-
0.18.0 - 2023-06-09
-
0.17.19 - 2023-05-13
from esbuild GitHub release notesSupport
An+Bsyntax and:nth-*()pseudo-classes in CSSThis adds support for the
:nth-child(),:nth-last-child(),:nth-of-type(), and:nth-last-of-type()pseudo-classes to esbuild, which has the following consequences:An+Bsyntax is now parsed, so parse errors are now reportedAn+Bvalues inside these pseudo-classes are now pretty-printed (e.g. a leading+will be stripped because it's not in the AST)An+Bvalues are reduced to equivalent but shorter forms (e.g.2n+0=>2n,2n+1=>odd)ofclause are now detected (e.g. in:nth-child(2n of :local(.foo))the namefoois now renamed).foo:nth-child(+2n+1 of :local(.bar)) {
color: red;
}
/* Old output (with --loader=local-css) */
.stdin_foo:nth-child(+2n + 1 of :local(.bar)) {
color: red;
}
/* New output (with --loader=local-css) */
.stdin_foo:nth-child(2n+1 of .stdin_bar) {
color: red;
}
Adjust CSS nesting parser for IE7 hacks (#3272)
This fixes a regression with esbuild's treatment of IE7 hacks in CSS. CSS nesting allows selectors to be used where declarations are expected. There's an IE7 hack where prefixing a declaration with a
*causes that declaration to only be applied in IE7 due to a bug in IE7's CSS parser. However, it's valid for nested CSS selectors to start with*. So esbuild was incorrectly parsing these declarations and anything following it up until the next{as a selector for a nested CSS rule. This release changes esbuild's parser to terminate the parsing of selectors for nested CSS rules when a;is encountered to fix this edge case:.item {
width: 100%;
height: 1px;
}
/* Old output /
.item {
width: 100%; height: 1px; {
}
}
/* New output /
.item {
width: 100%;
height: 1px;
}
Note that the syntax for CSS nesting is about to change again, so esbuild's CSS parser may still not be completely accurate with how browsers do and/or will interpret CSS nesting syntax. Expect additional updates to esbuild's CSS parser in the future to deal with upcoming CSS specification changes.
Adjust esbuild's warning about undefined imports for TypeScript
importequals declarations (#3271)In JavaScript, accessing a missing property on an import namespace object is supposed to result in a value of
undefinedat run-time instead of an error at compile-time. This is something that esbuild warns you about by default because doing this can indicate a bug with your code. For example:If you bundle
app.jswith esbuild you will get this:Fix a regression with whitespace inside
:is()(#3265)The change to parse the contents of
:is()in version 0.18.14 introduced a regression that incorrectly flagged the contents as a syntax error if the contents started with a whitespace token (for examplediv:is( .foo ) {}). This regression has been fixed.Add the
--serve-fallback=option (#2904)The web server built into esbuild serves the latest in-memory results of the configured build. If the requested path doesn't match any in-memory build result, esbuild also provides the
--servedir=option to tell esbuild to serve the requested path from that directory instead. And if the requested path doesn't match either of those things, esbuild will either automatically generate a directory listing (for directories) or return a 404 error.Starting with this release, that last step can now be replaced with telling esbuild to serve a specific HTML file using the
--serve-fallback=option. This can be used to provide a "not found" page for missing URLs. It can also be used to implement a single-page app that mutates the current URL and therefore requires the single app entry point to be served when the page is loaded regardless of whatever the current URL is.Use the
tsconfigfield inpackage.jsonduringextendsresolution (#3247)This release adds a feature from TypeScript 3.2 where if a
tsconfig.jsonfile specifies a package name in theextendsfield and that package'spackage.jsonfile has atsconfigfield, the contents of that field are used in the search for the basetsconfig.jsonfile.Implement CSS nesting without
:is()when possible (#1945)Previously esbuild would always produce a warning when transforming nested CSS for a browser that doesn't support the
:is()pseudo-class. This was because the nesting transform needs to generate an:is()in some complex cases which means the transformed CSS would then not work in that browser. However, the CSS nesting transform can often be done without generating an:is(). So with this release, esbuild will no longer warn when targeting browsers that don't support:is()in the cases where an:is()isn't needed to represent the nested CSS.In addition, esbuild's nested CSS transform has been updated to avoid generating an
:is()in cases where an:is()is preferable but there's a longer alternative that is also equivalent. This update means esbuild can now generate a combinatorial explosion of CSS for complex CSS nesting syntax when targeting browsers that don't support:is(). This combinatorial explosion is necessary to accurately represent the original semantics. For example:.first,
.second,
.third {
& > & {
color: red;
}
}
/* Old output (with --target=chrome80) */
:is(.first, .second, .third) > :is(.first, .second, .third) {
color: red;
}
/* New output (with --target=chrome80) */
.first > .first,
.first > .second,
.first > .third,
.second > .first,
.second > .second,
.second > .third,
.third > .first,
.third > .second,
.third > .third {
color: red;
}
This change means you can now use CSS nesting with esbuild when targeting an older browser that doesn't support
:is(). You'll now only get a warning from esbuild if you use complex CSS nesting syntax that esbuild can't represent in that older browser without using:is(). There are two such cases:a b {
.foo & {
color: red;
}
}
/* Case 2 */
a {
> b& {
color: red;
}
}
These two cases still need to use
:is(), both for different reasons, and cannot be used when targeting an older browser that doesn't support:is():.foo :is(a b) {
color: red;
}
/* Case 2 */
a > a:is(b) {
color: red;
}
Automatically lower
insetin CSS for older browsersWith this release, esbuild will now automatically expand the
insetproperty to thetop,right,bottom, andleftproperties when esbuild'stargetis set to a browser that doesn't supportinset:.app {
position: absolute;
inset: 10px 20px;
}
/* Old output (with --target=chrome80) */
.app {
position: absolute;
inset: 10px 20px;
}
/* New output (with --target=chrome80) */
.app {
position: absolute;
top: 10px;
right: 20px;
bottom: 10px;
left: 20px;
}
Add support for the new
@ starting-styleCSS rule (#3249)This at rule allow authors to start CSS transitions on first style update. That is, you can now make the transition take effect when the
displayproperty changes fromnonetoblock.@ starting-style {
h1 {
background-color: transparent;
}
}
/* Output */
@ starting-style{h1{background-color:transparent}}
This was contributed by @ yisibl.
Read more
Read more
Read more
Read more
Fix a tree-shaking bug that removed side effects (#3195)
This fixes a regression in version 0.18.4 where combining
--minify-syntaxwith--keep-namescould cause expressions with side effects after a function declaration to be considered side-effect free for tree shaking purposes. The reason was because--keep-namesgenerates an expression statement containing a call to a helper function after the function declaration with a special flag that makes the function call able to be tree shaken, and then--minify-syntaxcould potentially merge that expression statement with following expressions without clearing the flag. This release fixes the bug by clearing the flag when merging expression statements together.Fix an incorrect warning about CSS nesting (#3197)
A warning is currently generated when transforming nested CSS to a browser that doesn't support
:is()because transformed nested CSS may need to use that feature to represent nesting. This was previously always triggered when an at-rule was encountered in a declaration context. Typically the only case you would encounter this is when using CSS nesting within a selector rule. However, there is a case where that's not true: when using a margin at-rule such as@ top-leftwithin@ page. This release avoids incorrectly generating a warning in this case by checking that the at-rule is within a selector rule before generating a warning.Read more
Read more
Commit messages
Package name: esbuild
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs