search

NodeSecure / vulnera

Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).
MIT License
30 stars 14 forks source link

chore(deps-dev): bump esbuild from 0.17.19 to 0.18.18 in /test/fixtures/audit #173

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps esbuild from 0.17.19 to 0.18.18.

Release notes

Sourced from esbuild's releases.

v0.18.18

  • Fix asset references with the --line-limit flag (#3286)

    The recently-released --line-limit flag tells esbuild to terminate long lines after they pass this length limit. This includes automatically wrapping long strings across multiple lines using escaped newline syntax. However, using this could cause esbuild to generate incorrect code for references from generated output files to assets in the bundle (i.e. files loaded with the file or copy loaders). This is because esbuild implements asset references internally using find-and-replace with a randomly-generated string, but the find operation fails if the string is split by an escaped newline due to line wrapping. This release fixes the problem by not wrapping these strings. This issue affected asset references in both JS and CSS files.

  • Support local names in CSS for @keyframe, @counter-style, and @container (#20)

    This release extends support for local names in CSS files loaded with the local-css loader to cover the @keyframe, @counter-style, and @container rules (and also animation, list-style, and container declarations). Here's an example:

    @keyframes pulse {
  from, to { opacity: 1 }
  50% { opacity: 0.5 }
}
@counter-style moon {
  system: cyclic;
  symbols: 🌕 🌖 🌗 🌘 🌑 🌒 🌓 🌔;
}
@container squish {
  li { float: left }
}
ul {
  animation: 2s ease-in-out infinite pulse;
  list-style: inside moon;
  container: squish / size;
}

    With the local-css loader enabled, that CSS will be turned into something like this (with the local name mapping exposed to JS):

    @keyframes stdin_pulse {
  from, to {
    opacity: 1;
  }
  50% {
    opacity: 0.5;
  }
}
@counter-style stdin_moon {
  system: cyclic;
  symbols: 🌕 🌖 🌗 🌘 🌑 🌒 🌓 🌔;
}
@container stdin_squish {
  li {
    float: left;
  }
}
ul {
  animation: 2s ease-in-out infinite stdin_pulse;

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.18.18

  • Fix asset references with the --line-limit flag (#3286)

    The recently-released --line-limit flag tells esbuild to terminate long lines after they pass this length limit. This includes automatically wrapping long strings across multiple lines using escaped newline syntax. However, using this could cause esbuild to generate incorrect code for references from generated output files to assets in the bundle (i.e. files loaded with the file or copy loaders). This is because esbuild implements asset references internally using find-and-replace with a randomly-generated string, but the find operation fails if the string is split by an escaped newline due to line wrapping. This release fixes the problem by not wrapping these strings. This issue affected asset references in both JS and CSS files.

  • Support local names in CSS for @keyframe, @counter-style, and @container (#20)

    This release extends support for local names in CSS files loaded with the local-css loader to cover the @keyframe, @counter-style, and @container rules (and also animation, list-style, and container declarations). Here's an example:

    @keyframes pulse {
  from, to { opacity: 1 }
  50% { opacity: 0.5 }
}
@counter-style moon {
  system: cyclic;
  symbols: 🌕 🌖 🌗 🌘 🌑 🌒 🌓 🌔;
}
@container squish {
  li { float: left }
}
ul {
  animation: 2s ease-in-out infinite pulse;
  list-style: inside moon;
  container: squish / size;
}

    With the local-css loader enabled, that CSS will be turned into something like this (with the local name mapping exposed to JS):

    @keyframes stdin_pulse {
  from, to {
    opacity: 1;
  }
  50% {
    opacity: 0.5;
  }
}
@counter-style stdin_moon {
  system: cyclic;
  symbols: 🌕 🌖 🌗 🌘 🌑 🌒 🌓 🌔;
}
@container stdin_squish {
  li {
    float: left;
  }
}
ul {

... (truncated)

Commits
  • e8e43ad publish 0.18.18 to npm
  • 1069843 close #3280: allow animations to be named none
  • 441d6df fix #3286: don't wrap strings with unique keys
  • 691e81d update go 1.20.6 => 1.20.7
  • 0b48eda css: parser recovery for EOF in URL tokens
  • af7cfc5 implement cross-file enum inlining into templates
  • d7838ab fix a crash with --mangle-props= + --minify
  • be33c09 css: container names are local with local-css
  • 5f5a60e css: rename some tests
  • 8143c28 css: always inline bare :local and :global
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #177.