build(deps-dev): Bump esbuild from 0.18.20 to 0.19.0

[dependabot]

Bumps esbuild from 0.18.20 to 0.19.0.

Release notes

Sourced from esbuild's releases.

v0.19.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.18.0 or ~0.18.0. See npm's documentation about semver for more information.

• Handle import paths containing wildcards (#56, #700, #875, #976, #2221, #2515)

  This release introduces wildcards in import paths in two places:

  • Entry points

    You can now pass a string containing glob-style wildcards such as ./src/*.ts as an entry point and esbuild will search the file system for files that match the pattern. This can be used to easily pass esbuild all files with a certain extension on the command line in a cross-platform way. Previously you had to rely on the shell to perform glob expansion, but that is obviously shell-dependent and didn't work at all on Windows. Note that to use this feature on the command line you will have to quote the pattern so it's passed verbatim to esbuild without any expansion by the shell. Here's an example:

    esbuild --minify "./src/*.ts" --outdir=out

    Specifically the * character will match any character except for the / character, and the /**/ character sequence will match a path separator followed by zero or more path elements. Other wildcard operators found in glob patterns such as ? and [...] are not supported.

  • Run-time import paths

    Import paths that are evaluated at run-time can now be bundled in certain limited situations. The import path expression must be a form of string concatenation and must start with either ./ or ../. Each non-string expression in the string concatenation chain becomes a wildcard. The * wildcard is chosen unless the previous character is a /, in which case the /**/* character sequence is used. Some examples:

    // These two forms are equivalent
    const json1 = await import('./data/' + kind + '.json')
    const json2 = await import(`./data/${kind}.json`)

    This feature works with require(...) and import(...) because these can all accept run-time expressions. It does not work with import and export statements because these cannot accept run-time expressions. If you want to prevent esbuild from trying to bundle these imports, you should move the string concatenation expression outside of the require(...) or import(...). For example:

    // This will be bundled
    const json1 = await import('./data/' + kind + '.json')
    // This will not be bundled
    const path = './data/' + kind + '.json'
    const json2 = await import(path)

    Note that using this feature means esbuild will potentially do a lot of file system I/O to find all possible files that might match the pattern. This is by design, and is not a bug. If this is a concern, I recommend either avoiding the /**/ pattern (e.g. by not putting a / before a wildcard) or using this feature only in directory subtrees which do not have many files that don't match the pattern (e.g. making a subdirectory for your JSON files and explicitly including that subdirectory in the pattern).

• Path aliases in tsconfig.json no longer count as packages (#2792, #3003, #3160, #3238)

  Setting --packages=external tells esbuild to make all import paths external when they look like a package path. For example, an import of ./foo/bar is not a package path and won't be external while an import of foo/bar is a package path and will be external. However, the paths field in tsconfig.json allows you to create import paths that look like package paths but that do not resolve to packages. People do not want these paths to count as package paths. So with this release, the behavior of --packages=external has been changed to happen after the tsconfig.json path remapping step.

• Use the local-css loader for .module.css files by default (#20)

  With this release the css loader is still used for .css files except that .module.css files now use the local-css loader. This is a common convention in the web development community. If you need .module.css files to use the css loader instead, then you can override this behavior with --loader:.module.css=css.

Changelog

Sourced from esbuild's changelog.

0.19.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.18.0 or ~0.18.0. See npm's documentation about semver for more information.

• Handle import paths containing wildcards (#56, #700, #875, #976, #2221, #2515)

  This release introduces wildcards in import paths in two places:

  • Entry points

    You can now pass a string containing glob-style wildcards such as ./src/*.ts as an entry point and esbuild will search the file system for files that match the pattern. This can be used to easily pass esbuild all files with a certain extension on the command line in a cross-platform way. Previously you had to rely on the shell to perform glob expansion, but that is obviously shell-dependent and didn't work at all on Windows. Note that to use this feature on the command line you will have to quote the pattern so it's passed verbatim to esbuild without any expansion by the shell. Here's an example:

    esbuild --minify "./src/*.ts" --outdir=out

    Specifically the * character will match any character except for the / character, and the /**/ character sequence will match a path separator followed by zero or more path elements. Other wildcard operators found in glob patterns such as ? and [...] are not supported.

  • Run-time import paths

    Import paths that are evaluated at run-time can now be bundled in certain limited situations. The import path expression must be a form of string concatenation and must start with either ./ or ../. Each non-string expression in the string concatenation chain becomes a wildcard. The * wildcard is chosen unless the previous character is a /, in which case the /**/* character sequence is used. Some examples:

    // These two forms are equivalent
    const json1 = await import('./data/' + kind + '.json')
    const json2 = await import(`./data/${kind}.json`)

    This feature works with require(...) and import(...) because these can all accept run-time expressions. It does not work with import and export statements because these cannot accept run-time expressions. If you want to prevent esbuild from trying to bundle these imports, you should move the string concatenation expression outside of the require(...) or import(...). For example:

    // This will be bundled
    const json1 = await import('./data/' + kind + '.json')
    // This will not be bundled
    const path = './data/' + kind + '.json'
    const json2 = await import(path)

    Note that using this feature means esbuild will potentially do a lot of file system I/O to find all possible files that might match the pattern. This is by design, and is not a bug. If this is a concern, I recommend either avoiding the /**/ pattern (e.g. by not putting a / before a wildcard) or using this feature only in directory subtrees which do not have many files that don't match the pattern (e.g. making a subdirectory for your JSON files and explicitly including that subdirectory in the pattern).

• Path aliases in tsconfig.json no longer count as packages (#2792, #3003, #3160, #3238)

  Setting --packages=external tells esbuild to make all import paths external when they look like a package path. For example, an import of ./foo/bar is not a package path and won't be external while an import of foo/bar is a package path and will be external. However, the paths field in tsconfig.json allows you to create import paths that look like package paths but that do not resolve to packages. People do not want these paths to count as package paths. So with this release, the behavior of --packages=external has been changed to happen after the tsconfig.json path remapping step.

• Use the local-css loader for .module.css files by default (#20)

  With this release the css loader is still used for .css files except that .module.css files now use the local-css loader. This is a common convention in the web development community. If you need .module.css files to use the css loader instead, then you can override this behavior with --loader:.module.css=css.

Commits

• c337498 publish 0.19.0 to npm
• 0b79ab2 this is a breaking change release
• cb46459 fix #3003, fix #3238: --packages= and tsconfig
• 727e5ff css: use local-css for .module.css files (#20)
• be9f8e5 implement glob-style path resolution
• 8e14e25 add the __glob runtime helper method
• c067c5e remove an unnecessary argument
• 6e05434 Update README.md
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> dependency will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> dependency will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[flexdevelopment]

lgtm 👍🏾

[flexdevelopment]

lgtm 👍🏾

[flexdevelopment]

lgtm 👍🏾

[codecov]

Codecov Report

Merging #278 (5170378) into main (83ff48d) will not change coverage.
Report is 19 commits behind head on main.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #278   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           35        35           
  Lines         2307      2307           
  Branches        72        72           
=========================================
  Hits          2307      2307           

Flag	Coverage Δ
node16	100.00% <ø> (ø)
node18	100.00% <ø> (ø)
node19	?
node20	100.00% <ø> (ø)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 69ccfd2...5170378. Read the comment docs.

[github-actions]

This pull request has been automatically locked since there has not been any recent
activity after it was closed. Please open a new issue for related bugs or features. Be
sure to reference this issue.