[Snyk] Upgrade esbuild from 0.16.17 to 0.17.16 by snyk-bot · Pull Request #1 · Leomardo-Adame/kit

snyk-bot · 2023-05-06T20:30:08Z

Snyk has created this PR to upgrade esbuild from 0.16.17 to 0.17.16.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 17 versions ahead of your current version.
The recommended version was released a month ago, on 2023-04-10.

Release notes

Package name: esbuild

0.17.16 - 2023-04-10
- Fix CSS nesting transform for triple-nested rules that start with a combinator (#3046)
  
  This release fixes a bug with esbuild where triple-nested CSS rules that start with a combinator were not transformed correctly for older browsers. Here's an example of such a case before and after this bug fix:
  
  / Original input */
  .a {
  color: red;
  > .b {
  color: green;
  > .c {
  color: blue;
  }
  }
  }
  
  /* Old output (with --target=chrome90) */
  .a {
  color: red;
  }
  .a > .b {
  color: green;
  }
  .a .b > .c {
  color: blue;
  }
  
  /* New output (with --target=chrome90) */
  .a {
  color: red;
  }
  .a > .b {
  color: green;
  }
  .a > .b > .c {
  color: blue;
  }
- Support --inject with a file loaded using the copy loader (#3041)
  
  This release now allows you to use --inject with a file that is loaded using the copy loader. The copy loader copies the imported file to the output directory verbatim and rewrites the path in the import statement to point to the copied output file. When used with --inject, this means the injected file will be copied to the output directory as-is and a bare import statement for that file will be inserted in any non-copy output files that esbuild generates.
  
  Note that since esbuild doesn't parse the contents of copied files, esbuild will not expose any of the export names as usable imports when you do this (in the way that esbuild's --inject feature is typically used). However, any side-effects that the injected file has will still occur.
0.17.15 - 2023-04-01
- Allow keywords as type parameter names in mapped types (#3033)
  
  TypeScript allows type keywords to be used as parameter names in mapped types. Previously esbuild incorrectly treated this as an error. Code that does this is now supported:
```
type Foo = 'a' | 'b' | 'c'
type A = { [keyof in Foo]: number }
type B = { [infer in Foo]: number }
type C = { [readonly in Foo]: number }
```
- Add annotations for re-exported modules in node (#2486, #3029)
  
  Node lets you import named imports from a CommonJS module using ESM import syntax. However, the allowed names aren't derived from the properties of the CommonJS module. Instead they are derived from an arbitrary syntax-only analysis of the CommonJS module's JavaScript AST.
  
  To accommodate node doing this, esbuild's ESM-to-CommonJS conversion adds a special non-executable "annotation" for node that describes the exports that node should expose in this scenario. It takes the form 0 && (module.exports = { ... }) and comes at the end of the file (0 && expr means expr is never evaluated).
  
  Previously esbuild didn't do this for modules re-exported using the export * from syntax. Annotations for these re-exports will now be added starting with this release:
  
  // Original input
  export { foo } from './foo'
  export * from './bar'
  
  // Old output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
  foo
  });
  
  // New output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
  foo,
  ...require("./bar")
  });
  
  Note that you need to specify both --format=cjs and --platform=node to get these node-specific annotations.
- Avoid printing an unnecessary space in between a number and a . (#3026)
  
  JavaScript typically requires a space in between a number token and a . token to avoid the . being interpreted as a decimal point instead of a member expression. However, this space is not required if the number token itself contains a decimal point, an exponent, or uses a base other than 10. This release of esbuild now avoids printing the unnecessary space in these cases:
  
  // Original input
  foo(1000 .x, 0 .x, 0.1 .x, 0.0001 .x, 0xFFFF_0000_FFFF_0000 .x)
  
  // Old output (with --minify)
  foo(1e3 .x,0 .x,.1 .x,1e-4 .x,0xffff0000ffff0000 .x);
  
  // New output (with --minify)
  foo(1e3.x,0 .x,.1.x,1e-4.x,0xffff0000ffff0000.x);
- Fix server-sent events with live reload when writing to the file system root (#3027)
  
  This release fixes a bug where esbuild previously failed to emit server-sent events for live reload when outdir was the file system root, such as /. This happened because / is the only path on Unix that cannot have a trailing slash trimmed from it, which was fixed by improved path handling.
0.17.14 - 2023-03-26
- Allow the TypeScript 5.0 const modifier in object type declarations (#3021)
  
  The new TypeScript 5.0 const modifier was added to esbuild in version 0.17.5, and works with classes, functions, and arrow expressions. However, support for it wasn't added to object type declarations (e.g. interfaces) due to an oversight. This release adds support for these cases, so the following TypeScript 5.0 code can now be built with esbuild:
```
interface Foo { <const T>(): T }
type Bar = { new <const T>(): T }
```
- Implement preliminary lowering for CSS nesting (#1945)
  
  Chrome has implemented the new CSS nesting specification in version 112, which is currently in beta but will become stable very soon. So CSS nesting is now a part of the web platform!
  
  This release of esbuild can now transform nested CSS syntax into non-nested CSS syntax for older browsers. The transformation relies on the :is() pseudo-class in many cases, so the transformation is only guaranteed to work when targeting browsers that support :is() (e.g. Chrome 88+). You'll need to set esbuild's target to the browsers you intend to support to tell esbuild to do this transformation. You will get a warning if you use CSS nesting syntax with a target which includes older browsers that don't support :is().
  
  The lowering transformation looks like this:
  
  / Original input */
  a.btn {
  color: #333;
  &:hover { color: #444 }
  &:active { color: #555 }
  }
  
  /* New output (with --target=chrome88) */
  a.btn {
  color: #333;
  }
  a.btn:hover {
  color: #444;
  }
  a.btn:active {
  color: #555;
  }
  
  More complex cases may generate the :is() pseudo-class:
  
  / Original input */
  div, p {
  .warning, .error {
  padding: 20px;
  }
  }
  
  /* New output (with --target=chrome88) */
  :is(div, p) :is(.warning, .error) {
  padding: 20px;
  }
  
  In addition, esbuild now has a special warning message for nested style rules that start with an identifier. This isn't allowed in CSS because the syntax would be ambiguous with the existing declaration syntax. The new warning message looks like this:
  ▲ [WARNING] A nested style rule cannot start with "p" because it looks like the start of a declaration [css-syntax-error] <stdin>:1:7: 1 │ main { p { margin: auto } } │ ^ ╵ :is(p)
  To start a nested style rule with an identifier, you need to wrap the identifier in ":is(...)" to prevent the rule from being parsed as a declaration.
  Keep in mind that the transformation in this release is a preliminary implementation. CSS has many features that interact in complex ways, and there may be some edge cases that don't work correctly yet.
- Minification now removes unnecessary & CSS nesting selectors
  
  This release introduces the following CSS minification optimizations:
  
  / Original input */
  a {
  font-weight: bold;
  & {
  color: blue;
  }
  & :hover {
  text-decoration: underline;
  }
  }
  
  /* Old output (with --minify) */
  a{font-weight:700;&{color:#00f}& :hover{text-decoration:underline}}
  
  /* New output (with --minify) */
  a{font-weight:700;:hover{text-decoration:underline}color:#00f}
- Minification now removes duplicates from CSS selector lists
  
  This release introduces the following CSS minification optimization:
  
  / Original input */
  div, div { color: red }
  
  /* Old output (with --minify) */
  div,div{color:red}
  
  /* New output (with --minify) */
  div{color:red}
0.17.13 - 2023-03-24
Read more
0.17.12 - 2023-03-17
- Fix a crash when parsing inline TypeScript decorators (#2991)
  
  Previously esbuild's TypeScript parser crashed when parsing TypeScript decorators if the definition of the decorator was inlined into the decorator itself:
```
@(function sealed(constructor: Function) {
  Object.seal(constructor);
  Object.seal(constructor.prototype);
})
class Foo {}
```
  This crash was not noticed earlier because this edge case did not have test coverage. The crash is fixed in this release.
0.17.11 - 2023-03-03
Read more
0.17.10 - 2023-02-20
Read more
0.17.9 - 2023-02-19
Read more
0.17.8 - 2023-02-13
Read more
0.17.7 - 2023-02-09
Read more
0.17.6 - 2023-02-06
0.17.5 - 2023-01-27
0.17.4 - 2023-01-22
0.17.3 - 2023-01-18
0.17.2 - 2023-01-17
0.17.1 - 2023-01-16
0.17.0 - 2023-01-14
0.16.17 - 2023-01-11