Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade esbuild from 0.21.4 to 0.21.5 #108

Merged
merged 1 commit into from
Jul 1, 2024

Conversation

RosaleeKnight
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade esbuild from 0.21.4 to 0.21.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released on 21 days ago.

Release notes
Package name: esbuild
  • 0.21.5 - 2024-06-09
    • Fix Symbol.metadata on classes without a class decorator (#3781)

      This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

    • Allow unknown import attributes to be used with the copy loader (#3792)

      Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

      // This is an error with "--bundle" without also using "--external:./bagel.js"
      import tasty from "./bagel.js" with { type: "bagel" }

      Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

      However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

      // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
      import tasty from "./tasty.bagel" with { type: "bagel" }
    • Support import attributes with glob-style imports (#3797)

      This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

      async function loadLocale(locale: string): Locale {
        const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
        return unpackLocale(locale, data)
      }

      Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

      #3782)

      This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

      {
        "compilerOptions": {
          "paths": {
            "js/*": ["${configDir}/dist/js/*"]
          }
        }
      }

      You can read more in TypeScript's blog post about their upcoming 5.5 release. Note that this feature does not make use of template literals (you need to use "${configDir}/dist/js/*" not `${configDir}/dist/js/*`). The syntax for tsconfig.json is still just JSON with comments, and JSON syntax does not allow template literals. This feature only recognizes ${configDir} in strings for certain path-like properties, and only at the beginning of the string.

    • Fix internal error with --supported:object-accessors=false (#3794)

      This release fixes a regression in 0.21.0 where some code that was added to esbuild's internal runtime library of helper functions for JavaScript decorators fails to parse when you configure esbuild with --supported:object-accessors=false. The reason is that esbuild introduced code that does { get [name]() {} } which uses both the object-extensions feature for the [name] and the object-accessors feature for the get, but esbuild was incorrectly only checking for object-extensions and not for object-accessors. Additional tests have been added to avoid this type of issue in the future. A workaround for this issue in earlier releases is to also add --supported:object-extensions=false.

  • 0.21.4 - 2024-05-25
    • Update support for import assertions and import attributes in node (#3778)

      Import assertions (the assert keyword) have been removed from node starting in v22.0.0. So esbuild will now strip them and generate a warning with --target=node22 or above:

      ▲ [WARNING] The "assert" keyword is not supported in the configured target environment ("node22") [assert-to-with]

      example.mjs:1:40:
        1 │ import json from "esbuild/package.json" assert { type: "json" }
          │                                         ~~~~~~
          ╵                                         with
      

      Did you mean to use "with" instead of "assert"?

      Import attributes (the with keyword) have been backported to node 18 starting in v18.20.0. So esbuild will no longer strip them with --target=node18.N if N is 20 or greater.

    • Fix for await transform when a label is present

      This release fixes a bug where the for await transform, which wraps the loop in a try statement, previously failed to also move the loop's label into the try statement. This bug only affects code that uses both of these features in combination. Here's an example of some affected code:

      // Original code
      async function test() {
      outer: for await (const x of [Promise.resolve([0, 1])]) {
      for (const y of x) if (y) break outer
      throw 'fail'
      }
      }

      // Old output (with --target=es6)
      function test() {
      return __async(this, null, function* () {
      outer: try {
      for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
      const x = temp.value;
      for (const y of x) if (y) break outer;
      throw "fail";
      }
      } catch (temp) {
      error = [temp];
      } finally {
      try {
      more && (temp = iter.return) && (yield temp.call(iter));
      } finally {
      if (error)
      throw error[0];
      }
      }
      });
      }

      // New output (with --target=es6)
      function test() {
      return __async(this, null, function* () {
      try {
      outer: for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
      const x = temp.value;
      for (const y of x) if (y) break outer;
      throw "fail";
      }
      } catch (temp) {
      error = [temp];
      } finally {
      try {
      more && (temp = iter.return) && (yield temp.call(iter));
      } finally {
      if (error)
      throw error[0];
      }
      }
      });
      }

    • Do additional constant folding after cross-module enum inlining (#3416, #3425)

      This release adds a few more cases where esbuild does constant folding after cross-module enum inlining.

      // Original code: enum.ts
      export enum Platform {
      WINDOWS = 'windows',
      MACOS = 'macos',
      LINUX = 'linux',
      }

      // Original code: main.ts
      import { Platform } from './enum';
      declare const PLATFORM: string;
      export function logPlatform() {
      if (PLATFORM == Platform.WINDOWS) console.log('Windows');
      else if (PLATFORM == Platform.MACOS) console.log('macOS');
      else if (PLATFORM == Platform.LINUX) console.log('Linux');
      else console.log('Other');
      }

      // Old output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
      function n(){"windows"=="macos"?console.log("Windows"):"macos"=="macos"?console.log("macOS"):"linux"=="macos"?console.log("Linux"):console.log("Other")}export{n as logPlatform};

      // New output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
      function n(){console.log("macOS")}export{n as logPlatform};

    • Pass import attributes to on-resolve plugins (#3384, #3639, #3646)

      With this release, on-resolve plugins will now have access to the import attributes on the import via the with property of the arguments object. This mirrors the with property of the arguments object that's already passed to on-load plugins. In addition, you can now pass with to the resolve() API call which will then forward that value on to all relevant plugins. Here's an example of a plugin that can now be written:

      const examplePlugin = {
      name: 'Example plugin',
      setup(build) {
      build.onResolve({ filter: /.*/ }, args => {
      if (args.with.type === 'external')
      return { external: true }
      })
      }
      }

      require('esbuild').build({
      stdin: {
      contents: </span> <span class="pl-s"> import foo from "./foo" with { type: "external" }</span> <span class="pl-s"> foo()</span> <span class="pl-s"> ,
      },
      bundle: true,
      format: 'esm',
      write: false,
      plugins: [examplePlugin],
      }).then(result => {
      console.log(result.outputFiles[0].text)
      })

    • Formatting support for the @ position-try rule (#3773)

      Chrome shipped this new CSS at-rule in version 125 as part of the CSS anchor positioning API. With this release, esbuild now knows to expect a declaration list inside of the @ position-try body block and will format it appropriately.

    • Always allow internal string import and export aliases (#3343)

      Import and export names can be string literals in ES2022+. Previously esbuild forbid any usage of these aliases when the target was below ES2022. Starting with this release, esbuild will only forbid such usage when the alias would otherwise end up in output as a string literal. String literal aliases that are only used internally in the bundle and are "compiled away" are no longer errors. This makes it possible to use string literal aliases with esbuild's inject feature even when the target is earlier than ES2022.

from esbuild GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade esbuild from 0.21.4 to 0.21.5.

See this package in npm:
esbuild

See this project in Snyk:
https://app.snyk.io/org/rosaleeknight/project/ac5eb869-f7ff-4600-9341-d2326bdc670a?utm_source=github&utm_medium=referral&page=upgrade-pr
@RosaleeKnight RosaleeKnight merged commit 6e0d9d0 into main Jul 1, 2024
1 check passed
@RosaleeKnight RosaleeKnight deleted the snyk-upgrade-ecc7f4c6dfa9577f9a0d2db6e2622de4 branch July 1, 2024 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants