[Snyk] Upgrade esbuild from 0.15.18 to 0.19.3 #90
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade esbuild from 0.15.18 to 0.19.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: esbuild
Fix
list-style-type
with thelocal-css
loader (#3325)The
local-css
loader incorrectly treated all identifiers provided tolist-style-type
as a custom local identifier. That included identifiers such asnone
which have special meaning in CSS, and which should not be treated as custom local identifiers. This release fixes this bug:ul { list-style-type: none }
/* Old output (with --loader=local-css) */
ul {
list-style-type: stdin_none;
}
/* New output (with --loader=local-css) */
ul {
list-style-type: none;
}
Note that this bug only affected code using the
local-css
loader. It did not affect code using thecss
loader.Avoid inserting temporary variables before
use strict
(#3322)This release fixes a bug where esbuild could incorrectly insert automatically-generated temporary variables before
use strict
directives:function foo() {
'use strict'
a.b?.c()
}
// Old output (with --target=es6)
function foo() {
var _a;
"use strict";
(_a = a.b) == null ? void 0 : _a.c();
}
// New output (with --target=es6)
function foo() {
"use strict";
var _a;
(_a = a.b) == null ? void 0 : _a.c();
}
Adjust TypeScript
enum
output to better approximatetsc
(#3329)TypeScript enum values can be either number literals or string literals. Numbers create a bidirectional mapping between the name and the value but strings only create a unidirectional mapping from the name to the value. When the enum value is neither a number literal nor a string literal, TypeScript and esbuild both default to treating it as a number:
declare const foo: any
enum Foo {
NUMBER = 1,
STRING = 'a',
OTHER = foo,
}
// Compiled JavaScript code (from "tsc")
var Foo;
(function (Foo) {
Foo[Foo["NUMBER"] = 1] = "NUMBER";
Foo["STRING"] = "a";
Foo[Foo["OTHER"] = foo] = "OTHER";
})(Foo || (Foo = {}));
However, TypeScript does constant folding slightly differently than esbuild. For example, it may consider template literals to be string literals in some cases:
declare const foo = 'foo'
enum Foo {
PRESENT =
<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">foo</span><span class="pl-kos">}</span></span>
,MISSING =
<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">bar</span><span class="pl-kos">}</span></span>
,}
// Compiled JavaScript code (from "tsc")
var Foo;
(function (Foo) {
Foo["PRESENT"] = "foo";
Foo[Foo["MISSING"] =
<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">bar</span><span class="pl-kos">}</span></span>
] = "MISSING";})(Foo || (Foo = {}));
The template literal initializer for
PRESENT
is treated as a string while the template literal initializer forMISSING
is treated as a number. Previously esbuild treated both of these cases as a number but starting with this release, esbuild will now treat both of these cases as a string. This doesn't exactly match the behavior oftsc
but in the case where the behavior divergestsc
reports a compile error, so this seems like acceptible behavior for esbuild. Note that handling these cases completely correctly would require esbuild to parse type declarations (see thedeclare
keyword), which esbuild deliberately doesn't do.Ignore case in CSS in more places (#3316)
This release makes esbuild's CSS support more case-agnostic, which better matches how browsers work. For example:
@ KeyFrames Foo { From { OpaCity: 0 } To { OpaCity: 1 } }
body { CoLoR: YeLLoW }
/* Old output (with --minify) */
@ KeyFrames Foo{From {OpaCity: 0} To {OpaCity: 1}}body{CoLoR:YeLLoW}
/* New output (with --minify) */
@ KeyFrames Foo{0%{OpaCity:0}To{OpaCity:1}}body{CoLoR:#ff0}
Please never actually write code like this.
Improve the error message for
null
entries inexports
(#3377)Package authors can disable package export paths with the
exports
map inpackage.json
. With this release, esbuild now has a clearer error message that points to thenull
token inpackage.json
itself instead of to the surrounding context. Here is an example of the new error message:✘ [ERROR] Could not resolve "msw/browser"
The path "./browser" cannot be imported from package "msw" because it was explicitly disabled by
the package author here:
You can mark the path "msw/browser" as external to exclude it from the bundle, which will remove
this error and leave the unresolved path in the bundle.
Parse and print the
with
keyword inimport
statementsJavaScript was going to have a feature called "import assertions" that adds an
assert
keyword toimport
statements. It looked like this:The feature provided a way to assert that the imported file is of a certain type (but was not allowed to affect how the import is interpreted, even though that's how everyone expected it to behave). The feature was fully specified and then actually implemented and shipped in Chrome before the people behind the feature realized that they should allow it to affect how the import is interpreted after all. So import assertions are no longer going to be added to the language.
Instead, the current proposal is to add a feature called "import attributes" instead that adds a
with
keyword to import statements. It looks like this:This feature provides a way to affect how the import is interpreted. With this release, esbuild now has preliminary support for parsing and printing this new
with
keyword. Thewith
keyword is not yet interpreted by esbuild, however, so bundling code with it will generate a build error. All this release does is allow you to use esbuild to process code containing it (such as removing types from TypeScript code). Note that this syntax is not yet a part of JavaScript and may be removed or altered in the future if the specification changes (which it already has once, as described above). If that happens, esbuild reserves the right to remove or alter its support for this syntax too.Read more
Read more
Read more
Support advanced CSS
@ import
rules (#953, #3137)CSS
@ import
statements have been extended to allow additional trailing tokens after the import path. These tokens sort of make the imported file behave as if it were wrapped in a@ layer
,@ supports
, and/or@ media
rule. Here are some examples:You can read more about this advanced syntax here. With this release, esbuild will now bundle
@ import
rules with these trailing tokens and will wrap the imported files in the corresponding rules. Note that this now means a given imported file can potentially appear in multiple places in the bundle. However, esbuild will still only load it once (e.g. on-load plugins will only run once per file, not once per import).Read more
Read more
Read more
Fix a regression with whitespace inside
:is()
(#3265)The change to parse the contents of
:is()
in version 0.18.14 introduced a regression that incorrectly flagged the contents as a syntax error if the contents started with a whitespace token (for examplediv:is( .foo ) {}
). This regression has been fixed.Read more
Commit messages
Package name: esbuild
npx @turbo/codemod set-default-outputs
reports 'Invalid transform choice' vercel/turborepo#3322: avoid temporaries before `"use strict"`Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs