You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(deps): update dependency esbuild to v0.25.9 (#388)
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [esbuild](https://redirect.github.com/evanw/esbuild) | [`0.25.8` ->
`0.25.9`](https://renovatebot.com/diffs/npm/esbuild/0.25.8/0.25.9) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>evanw/esbuild (esbuild)</summary>
###
[`v0.25.9`](https://redirect.github.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0259)
[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.25.8...v0.25.9)
- Better support building projects that use Yarn on Windows
([#​3131](https://redirect.github.com/evanw/esbuild/issues/3131),
[#​3663](https://redirect.github.com/evanw/esbuild/issues/3663))
With this release, you can now use esbuild to bundle projects that use
Yarn Plug'n'Play on Windows on drives other than the `C:` drive. The
problem was as follows:
1. Yarn in Plug'n'Play mode on Windows stores its global module cache on
the `C:` drive
2. Some developers put their projects on the `D:` drive
3. Yarn generates relative paths that use `../..` to get from the
project directory to the cache directory
4. Windows-style paths don't support directory traversal between drives
via `..` (so `D:\..` is just `D:`)
5. I didn't have access to a Windows machine for testing this edge case
Yarn works around this edge case by pretending Windows-style paths
beginning with `C:\` are actually Unix-style paths beginning with
`/C:/`, so the `../..` path segments are able to navigate across drives
inside Yarn's implementation. This was broken for a long time in esbuild
but I finally got access to a Windows machine and was able to debug and
fix this edge case. So you should now be able to bundle these projects
with esbuild.
- Preserve parentheses around function expressions
([#​4252](https://redirect.github.com/evanw/esbuild/issues/4252))
The V8 JavaScript VM uses parentheses around function expressions as an
optimization hint to immediately compile the function. Otherwise the
function would be lazily-compiled, which has additional overhead if that
function is always called immediately as lazy compilation involves
parsing the function twice. You can read [V8's blog post about
this](https://v8.dev/blog/preparser) for more details.
Previously esbuild did not represent parentheses around functions in the
AST so they were lost during compilation. With this change, esbuild will
now preserve parentheses around function expressions when they are
present in the original source code. This means these optimization hints
will not be lost when bundling with esbuild. In addition, esbuild will
now automatically add this optimization hint to immediately-invoked
function expressions. Here's an example:
```js
// Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())
// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
return fn1();
}());
// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
return fn1();
})());
```
Note that you do not want to wrap all function expressions in
parentheses. This optimization hint should only be used for functions
that are called on initial load. Using this hint for functions that are
not called on initial load will unnecessarily delay the initial load.
Again, see V8's blog post linked above for details.
- Update Go from 1.23.10 to 1.23.12
([#​4257](https://redirect.github.com/evanw/esbuild/issues/4257),
[#​4258](https://redirect.github.com/evanw/esbuild/pull/4258))
This should have no effect on existing code as this version change does
not change Go's operating system support. It may remove certain false
positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from
vulnerability scanners that only detect which version of the Go compiler
esbuild uses.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/cedarjs/cedar).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS43MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuNzEuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhbmdlc2V0cy1vayIsInJlbGVhc2U6ZGVwZW5kZW5jeSJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
0 commit comments