This release fixes a problem where bundling a TypeScript file containing a glob import could emit a call to a helper function that doesn't exist. The problem happened because esbuild's TypeScript transformation removes unused imports (which is required for correctness, as they may be type-only imports) and esbuild's glob import transformation wasn't correctly marking the imported helper function as used. This wasn't caught earlier because most of esbuild's glob import tests were written in JavaScript, not in TypeScript.
Fix require() glob imports with bundling disabled (#3546)
Previously require() calls containing glob imports were incorrectly transformed when bundling was disabled. All glob imports should only be transformed when bundling is enabled. This bug has been fixed.
Fix a panic when transforming optional chaining with define (#3551, #3554)
This release fixes a case where esbuild could crash with a panic, which was triggered by using define to replace an expression containing an optional chain. Here is an example:
Work around a bug in node's CommonJS export name detector (#3544)
The export names of a CommonJS module are dynamically-determined at run time because CommonJS exports are properties on a mutable object. But the export names of an ES module are statically-determined at module instantiation time by using import and export syntax and cannot be changed at run time.
When you import a CommonJS module into an ES module in node, node scans over the source code to attempt to detect the set of export names that the CommonJS module will end up using. That statically-determined set of names is used as the set of names that the ES module is allowed to import at module instantiation time. However, this scan appears to have bugs (or at least, can cause false positives) because it doesn't appear to do any scope analysis. Node will incorrectly consider the module to export something even if the assignment is done to a local variable instead of to the module-level exports object. For example:
// confuseNode.js
exports.confuseNode = function(exports) {
// If this local is called "exports", node incorrectly
// thinks this file has an export called "notAnExport".
exports.notAnExport = function() {
};
};
You can see that node incorrectly thinks the file confuseNode.js has an export called notAnExport when that file is loaded in an ES module context:
This release fixes a problem where bundling a TypeScript file containing a glob import could emit a call to a helper function that doesn't exist. The problem happened because esbuild's TypeScript transformation removes unused imports (which is required for correctness, as they may be type-only imports) and esbuild's glob import transformation wasn't correctly marking the imported helper function as used. This wasn't caught earlier because most of esbuild's glob import tests were written in JavaScript, not in TypeScript.
Fix require() glob imports with bundling disabled (#3546)
Previously require() calls containing glob imports were incorrectly transformed when bundling was disabled. All glob imports should only be transformed when bundling is enabled. This bug has been fixed.
Fix a panic when transforming optional chaining with define (#3551, #3554)
This release fixes a case where esbuild could crash with a panic, which was triggered by using define to replace an expression containing an optional chain. Here is an example:
Work around a bug in node's CommonJS export name detector (#3544)
The export names of a CommonJS module are dynamically-determined at run time because CommonJS exports are properties on a mutable object. But the export names of an ES module are statically-determined at module instantiation time by using import and export syntax and cannot be changed at run time.
When you import a CommonJS module into an ES module in node, node scans over the source code to attempt to detect the set of export names that the CommonJS module will end up using. That statically-determined set of names is used as the set of names that the ES module is allowed to import at module instantiation time. However, this scan appears to have bugs (or at least, can cause false positives) because it doesn't appear to do any scope analysis. Node will incorrectly consider the module to export something even if the assignment is done to a local variable instead of to the module-level exports object. For example:
// confuseNode.js
exports.confuseNode = function(exports) {
// If this local is called "exports", node incorrectly
// thinks this file has an export called "notAnExport".
exports.notAnExport = function() {
};
};
You can see that node incorrectly thinks the file confuseNode.js has an export called notAnExport when that file is loaded in an ES module context:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps esbuild from 0.19.3 to 0.19.10.
Release notes
Sourced from esbuild's releases.
... (truncated)
Changelog
Sourced from esbuild's changelog.
... (truncated)
Commits
55e1127
publish 0.19.10 to npmd968af2
fix #3511:@__NO_SIDE_EFFECTS__
with templates00c4ebe
fix #3546: don't transformrequire
glob importse1b7050
fix #3319: missing symbol usage in glob transform461ca73
add the@esbuild/aix-ppc64
package for ibm aix (#3550)190ca99
truncate a long url in a comment6c41900
add Safari compat data for arbitrary module namespace names (#3520)f38cbe6
fix #3552: callingstop()
now clears go timeouts7a225ff
make a few code edits from some random github botaa46b2c
fix some build script commentsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show