makenowjust-labs / recheck

The trustworthy ReDoS checker
https://makenowjust-labs.github.io/recheck/
MIT License
249 stars 12 forks source link

Update dependency esbuild to v0.20.1 #1172

Closed renovate[bot] closed 8 months ago

renovate[bot] commented 8 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
esbuild 0.20.0 -> 0.20.1 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

evanw/esbuild (esbuild) ### [`v0.20.1`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0201) [Compare Source](https://togithub.com/evanw/esbuild/compare/v0.20.0...v0.20.1) - Fix a bug with the CSS nesting transform ([#​3648](https://togithub.com/evanw/esbuild/issues/3648)) This release fixes a bug with the CSS nesting transform for older browsers where the generated CSS could be incorrect if a selector list contained a pseudo element followed by another selector. The bug was caused by incorrectly mutating the parent rule's selector list when filtering out pseudo elements for the child rules: ```css /* Original code */ .foo { &:after, & .bar { color: red; } } /* Old output (with --supported:nesting=false) */ .foo .bar, .foo .bar { color: red; } /* New output (with --supported:nesting=false) */ .foo:after, .foo .bar { color: red; } ``` - Constant folding for JavaScript inequality operators ([#​3645](https://togithub.com/evanw/esbuild/issues/3645)) This release introduces constant folding for the `< > <= >=` operators. The minifier will now replace these operators with `true` or `false` when both sides are compile-time numeric or string constants: ```js // Original code console.log(1 < 2, '🍕' > '🧀') // Old output (with --minify) console.log(1<2,"🍕">"🧀"); // New output (with --minify) console.log(!0,!1); ``` - Better handling of `__proto__` edge cases ([#​3651](https://togithub.com/evanw/esbuild/pull/3651)) JavaScript object literal syntax contains a special case where a non-computed property with a key of `__proto__` sets the prototype of the object. This does not apply to computed properties or to properties that use the shorthand property syntax introduced in ES6. Previously esbuild didn't correctly preserve the "sets the prototype" status of properties inside an object literal, meaning a property that sets the prototype could accidentally be transformed into one that doesn't and vice versa. This has now been fixed: ```js // Original code function foo(__proto__) { return { __proto__: __proto__ } // Note: sets the prototype } function bar(__proto__, proto) { { let __proto__ = proto return { __proto__ } // Note: doesn't set the prototype } } // Old output function foo(__proto__) { return { __proto__ }; // Note: no longer sets the prototype (WRONG) } function bar(__proto__, proto) { { let __proto__2 = proto; return { __proto__: __proto__2 }; // Note: now sets the prototype (WRONG) } } // New output function foo(__proto__) { return { __proto__: __proto__ }; // Note: sets the prototype (correct) } function bar(__proto__, proto) { { let __proto__2 = proto; return { ["__proto__"]: __proto__2 }; // Note: doesn't set the prototype (correct) } } ``` - Fix cross-platform non-determinism with CSS color space transformations ([#​3650](https://togithub.com/evanw/esbuild/issues/3650)) The Go compiler takes advantage of "fused multiply and add" (FMA) instructions on certain processors which do the operation `x*y + z` without intermediate rounding. This causes esbuild's CSS color space math to differ on different processors (currently `ppc64le` and `s390x`), which breaks esbuild's guarantee of deterministic output. To avoid this, esbuild's color space math now inserts a `float64()` cast around every single math operation. This tells the Go compiler not to use the FMA optimization. - Fix a crash when resolving a path from a directory that doesn't exist ([#​3634](https://togithub.com/evanw/esbuild/issues/3634)) This release fixes a regression where esbuild could crash when resolving an absolute path if the source directory for the path resolution operation doesn't exist. While this situation doesn't normally come up, it could come up when running esbuild concurrently with another operation that mutates the file system as esbuild is doing a build (such as using `git` to switch branches). The underlying problem was a regression that was introduced in version 0.18.0.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

codecov-commenter commented 8 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (c06d12e) 99.05% compared to head (2ba316a) 99.05%.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1172 +/- ## ======================================= Coverage 99.05% 99.05% ======================================= Files 69 69 Lines 3067 3067 Branches 518 518 ======================================= Hits 3038 3038 Misses 29 29 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.