Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade esbuild from 0.18.13 to 0.19.8 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

fishylunar
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade esbuild from 0.18.13 to 0.19.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 16 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-11-26.
Release notes
Package name: esbuild
  • 0.19.8 - 2023-11-26
    • Add a treemap chart to esbuild's bundle analyzer (#2848)

      The bundler analyzer on esbuild's website (https://esbuild.github.io/analyze/) now has a treemap chart type in addition to the two existing chart types (sunburst and flame). This should be more familiar for people coming from other similar tools, as well as make better use of large screens.

    • Allow decorators after the export keyword (#104)

      Previously esbuild's decorator parser followed the original behavior of TypeScript's experimental decorators feature, which only allowed decorators to come before the export keyword. However, the upcoming JavaScript decorators feature also allows decorators to come after the export keyword. And with TypeScript 5.0, TypeScript now also allows experimental decorators to come after the export keyword too. So esbuild now allows this as well:

      // This old syntax has always been permitted:
      @decorator export class Foo {}
      @decorator export default class Foo {}

      // This new syntax is now permitted too:
      export @decorator class Foo {}
      export default @decorator class Foo {}

      In addition, esbuild's decorator parser has been rewritten to fix several subtle and likely unimportant edge cases with esbuild's parsing of exports and decorators in TypeScript (e.g. TypeScript apparently does automatic semicolon insertion after interface and export interface but not after export default interface).

    • Pretty-print decorators using the same whitespace as the original

      When printing code containing decorators, esbuild will now try to respect whether the original code contained newlines after the decorator or not. This can make generated code containing many decorators much more compact to read:

      // Original code
      class Foo {
      @a @b @c abc
      @x @y @z xyz
      }

      // Old output
      class Foo {
      @a
      @b
      @c
      abc;
      @x
      @y
      @z
      xyz;
      }

      // New output
      class Foo {
      @a @b @c abc;
      @x @y @z xyz;
      }

  • 0.19.7 - 2023-11-21
    • Add support for bundling code that uses import attributes (#3384)

      JavaScript is gaining new syntax for associating a map of string key-value pairs with individual ESM imports. The proposal is still a work in progress and is still undergoing significant changes before being finalized. However, the first iteration has already been shipping in Chromium-based browsers for a while, and the second iteration has landed in V8 and is now shipping in node, so it makes sense for esbuild to support it. Here are the two major iterations of this proposal (so far):

      1. Import assertions (deprecated, will not be standardized)

        • Uses the assert keyword
        • Does not affect module resolution
        • Causes an error if the assertion fails
        • Shipping in Chrome 91+ (and in esbuild 0.11.22+)
      2. Import attributes (currently set to become standardized)

        • Uses the with keyword
        • Affects module resolution
        • Unknown attributes cause an error
        • Shipping in node 21+

      You can already use esbuild to bundle code that uses import assertions (the first iteration). However, this feature is mostly useless for bundlers because import assertions are not allowed to affect module resolution. It's basically only useful as an annotation on external imports, which esbuild will then preserve in the output for use in a browser (which would otherwise refuse to load certain imports).

      With this release, esbuild now supports bundling code that uses import attributes (the second iteration). This is much more useful for bundlers because they are allowed to affect module resolution, which means the key-value pairs can be provided to plugins. Here's an example, which uses esbuild's built-in support for the upcoming JSON module standard:

      // On static imports
      import foo from './package.json' with { type: 'json' }
      console.log(foo)

      // On dynamic imports
      const bar = await import('./package.json', { with: { type: 'json' } })
      console.log(bar)

      One important consequence of the change in semantics between import assertions and import attributes is that two imports with identical paths but different import attributes are now considered to be different modules. This is because the import attributes are provided to the loader, which might then use those attributes during loading. For example, you could imagine an image loader that produces an image of a different size depending on the import attributes.

      Import attributes are now reported in the metafile and are now provided to on-load plugins as a map in the with property. For example, here's an esbuild plugin that turns all imports with a type import attribute equal to 'cheese' into a module that exports the cheese emoji:

      const cheesePlugin = {
      name: 'cheese',
      setup(build) {
      build.onLoad({ filter: /.*/ }, args => {
      if (args.with.type === 'cheese') return {
      contents: export default "🧀",
      }
      })
      }
      }

      require('esbuild').build({
      bundle: true,
      write: false,
      stdin: {
      contents: </span> <span class="pl-s"> import foo from 'data:text/javascript,' with { type: 'cheese' }</span> <span class="pl-s"> console.log(foo)</span> <span class="pl-s"> ,
      },
      plugins: [cheesePlugin],
      }).then(result => {
      const code = new Function(result.outputFiles[0].text)
      code()
      })

      Warning: It's possible that the second iteration of this feature may change significantly again even though it's already shipping in real JavaScript VMs (since it has already happened once before). In that case, esbuild may end up adjusting its implementation to match the eventual standard behavior. So keep in mind that by using this, you are using an unstable upcoming JavaScript feature that may undergo breaking changes in the future.

    • Adjust TypeScript experimental decorator behavior (#3230, #3326, #3394)

      With this release, esbuild will now allow TypeScript experimental decorators to access both static class properties and #private class names. For example:

      const check =
      <T,>(a: T, b: T): PropertyDecorator =>
      () => console.log(a === b)

      async function test() {
      class Foo {
      static #foo = 1
      static bar = 1 + Foo.#foo
      @check(Foo.#foo, 1) a: any
      @check(Foo.bar, await Promise.resolve(2)) b: any
      }
      }

      test().then(() => console.log('pass'))

      This will now print true true pass when compiled by esbuild. Previously esbuild evaluated TypeScript decorators outside of the class body, so it didn't allow decorators to access Foo or #foo. Now esbuild does something different, although it's hard to concisely explain exactly what esbuild is doing now (see the background section below for more information).

      Note that TypeScript's experimental decorator support is currently buggy: TypeScript's compiler passes this test if only the first @ check is present or if only the second @ check is present, but TypeScript's compiler fails this test if both checks are present together. I haven't changed esbuild to match TypeScript's behavior exactly here because I'm waiting for TypeScript to fix these bugs instead.

      Some background: TypeScript experimental decorators don't have consistent semantics regarding the context that the decorators are evaluated in. For example, TypeScript will let you use await within a decorator, which implies that the decorator runs outside the class body (since await isn't supported inside a class body), but TypeScript will also let you use #private names, which implies that the decorator runs inside the class body (since #private names are only supported inside a class body). The value of this in a decorator is also buggy (the run-time value of this changes if any decorator in the class uses a #private name but the type of this doesn't change, leading to the type checker no longer matching reality). These inconsistent semantics make it hard for esbuild to implement this feature as decorator evaluation happens in some superposition of both inside and outside the class body that is particular to the internal implementation details of the TypeScript compiler.

    • Forbid --keep-names when targeting old browsers (#3477)

      The --keep-names setting needs to be able to assign to the name property on functions and classes. However, before ES6 this property was non-configurable, and attempting to assign to it would throw an error. So with this release, esbuild will no longer allow you to enable this setting while also targeting a really old browser.

  • 0.19.6 - 2023-11-19
    Read more
  • 0.19.5 - 2023-10-17
    Read more
  • 0.19.4 - 2023-09-28
    Read more
  • 0.19.3 - 2023-09-14
    Read more
  • 0.19.2 - 2023-08-14
    Read more
  • 0.19.1 - 2023-08-11
    Read more
  • 0.19.0 - 2023-08-08
    Read more
  • 0.18.20 - 2023-08-08
    • Support advanced CSS @ import rules (#953, #3137)

      CSS @ import statements have been extended to allow additional trailing tokens after the import path. These tokens sort of make the imported file behave as if it were wrapped in a @ layer, @ supports, and/or @ media rule. Here are some examples:

      @ import url(foo.css);
      @ import url(foo.css) layer;
      @ import url(foo.css) layer(bar);
      @ import url(foo.css) layer(bar) supports(display: flex);
      @ import url(foo.css) layer(bar) supports(display: flex) print;
      @ import url(foo.css) layer(bar) print;
      @ import url(foo.css) supports(display: flex);
      @ import url(foo.css) supports(display: flex) print;
      @ import url(foo.css) print;

      You can read more about this advanced syntax here. With this release, esbuild will now bundle @ import rules with these trailing tokens and will wrap the imported files in the corresponding rules. Note that this now means a given imported file can potentially appear in multiple places in the bundle. However, esbuild will still only load it once (e.g. on-load plugins will only run once per file, not once per import).

  • 0.18.19 - 2023-08-07
  • 0.18.18 - 2023-08-05
  • 0.18.17 - 2023-07-26
  • 0.18.16 - 2023-07-23
  • 0.18.15 - 2023-07-20
  • 0.18.14 - 2023-07-18
  • 0.18.13 - 2023-07-15
from esbuild GitHub release notes
Commit messages
Package name: esbuild
  • e97bd67 publish 0.19.8 to npm
  • 65b3058 mention the treemap in the release notes (#2848)
  • 16883d4 add whitespace change to release notes
  • 7383d0d decorators: printing preserves newline-tail status
  • 7edc83d reword an experimental decorators error message
  • f3d5352 remove a now-unused field
  • e755189 ts: forbid regular decorators on `declare` fields
  • 69c9e7f allow decorators to come after `export` (#104)
  • 7baefdb fix a panic with "export default interface\n"
  • a8313d2 use "check" for decorator validation, not "guess"
  • d6a1255 ts: ASI for `abstract` before `class`
  • 8d6d3eb tiny decorator fixes
  • ff1d5a0 github *.md doesn't support nested warning syntax
  • a7773b3 publish 0.19.7 to npm
  • 2886b5d more adjustments to import assertions/attributes
  • 2dad830 add basic support for import assertions
  • 6b9737a fix test262 crash in v8 due to renamed test
  • 0d9f765 fix #3230, fix #3326, fix #3394: update decorators
  • 9fc1ed3 ast helpers: use a context object
  • 00fa010 tree shaking: handle destructuring of an array
  • f361c7f fix #3477: forbid `--keep-names` if not supported
  • 4c64c19 compat-table: sort kangax feature map
  • cd7b93f dev server: add a fallback `favicon.ico` handler
  • 5ff29d5 fixes for graph-debug.html

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Copy link

sonarcloud bot commented Dec 25, 2023

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants