chore(deps-dev): bump esbuild from 0.11.17 to 0.12.5

[dependabot-preview[bot]]

Bumps esbuild from 0.11.17 to 0.12.5.

Release notes

Sourced from esbuild's releases.

v0.12.5

• Add support for lowering tagged template literals to ES5 (#297)

  This release adds support for lowering tagged template literals such as String.raw`\unicode` to target environments that don't support them such as --target=es5 (non-tagged template literals were already supported). Each literal turns into a function call to a helper function:

  // Original code
  console.log(String.raw`\unicode`)
  // Lowered code
  console.log(String.raw(__template([void 0], ["\unicode"])));
  

• Change class field behavior to match TypeScript 4.3

  TypeScript 4.3 includes a subtle breaking change that wasn't mentioned in the TypeScript 4.3 blog post: class fields will now be compiled with different semantics if "target": "ESNext" is present in tsconfig.json. Specifically in this case useDefineForClassFields will default to true when not specified instead of false. This means class field behavior in TypeScript code will now match JavaScript instead of doing something else:

  class Base {
    set foo(value) { console.log('set', value) }
  }
  class Derived extends Base {
    foo = 123
  }
  new Derived()
  

  In TypeScript 4.2 and below, the TypeScript compiler would generate code that prints set 123 when tsconfig.json contains "target": "ESNext" but in TypeScript 4.3, the TypeScript compiler will now generate code that doesn't print anything. This is the difference between "assign" semantics and "define" semantics. With this release, esbuild has been changed to follow the TypeScript 4.3 behavior.

• Avoid generating the character sequence </script> (#1322)

  If the output of esbuild is inlined into a <script>...</script> tag inside an HTML file, the character sequence </script> inside the JavaScript code will accidentally cause the script tag to be terminated early. There are at least four such cases where this can happen:

  console.log('</script>')
  console.log(1</script>/.exec(x).length)
  console.log(String.raw`</script>`)
  // @license </script>
  

  With this release, esbuild will now handle all of these cases and avoid generating the problematic character sequence:

  console.log('<\/script>');
  console.log(1< /script>/.exec(x).length);
  console.log(String.raw(__template(["<\/script>"], ["<\/script>"])));
  // @license <\/script>
  

• Change the triple-slash reference comment for Deno (#1325)

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.12.5

• Add support for lowering tagged template literals to ES5 (#297)

  This release adds support for lowering tagged template literals such as String.raw`\unicode` to target environments that don't support them such as --target=es5 (non-tagged template literals were already supported). Each literal turns into a function call to a helper function:

  // Original code
  console.log(String.raw`\unicode`)
  // Lowered code
  console.log(String.raw(__template([void 0], ["\unicode"])));
  

• Change class field behavior to match TypeScript 4.3

  TypeScript 4.3 includes a subtle breaking change that wasn't mentioned in the TypeScript 4.3 blog post: class fields will now be compiled with different semantics if "target": "ESNext" is present in tsconfig.json. Specifically in this case useDefineForClassFields will default to true when not specified instead of false. This means class field behavior in TypeScript code will now match JavaScript instead of doing something else:

  class Base {
    set foo(value) { console.log('set', value) }
  }
  class Derived extends Base {
    foo = 123
  }
  new Derived()
  

  In TypeScript 4.2 and below, the TypeScript compiler would generate code that prints set 123 when tsconfig.json contains "target": "ESNext" but in TypeScript 4.3, the TypeScript compiler will now generate code that doesn't print anything. This is the difference between "assign" semantics and "define" semantics. With this release, esbuild has been changed to follow the TypeScript 4.3 behavior.

• Avoid generating the character sequence </script> (#1322)

  If the output of esbuild is inlined into a <script>...</script> tag inside an HTML file, the character sequence </script> inside the JavaScript code will accidentally cause the script tag to be terminated early. There are at least four such cases where this can happen:

  console.log('</script>')
  console.log(1</script>/.exec(x).length)
  console.log(String.raw`</script>`)
  // @license </script>
  

  With this release, esbuild will now handle all of these cases and avoid generating the problematic character sequence:

  console.log('<\/script>');
  console.log(1< /script>/.exec(x).length);
  console.log(String.raw(__template(["<\/script>"], ["<\/script>"])));
  // @license <\/script>
  

... (truncated)

Commits

• 35c263f publish 0.12.5 to npm
• 3431cc8 fix #1325: deno triple-slash reference comment
• 561fe33 check "</script" not "" for "</script >"
• 58ac420 always lower template literals containing "</script>"
• 5653093 implement tagged template literal lowering (#297)
• 5e749a2 fix #1322: avoid "</script>" in generated code
• 9b21e79 forbid strict mode reserved word function names
• 695f421 cannot name function "await" inside async function
• 13d909e duplicate labels are a syntax error
• c1429d6 test262: skip failing regex tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)