Bump esbuild from 0.15.8 to 0.15.9 #20

Closed

dependabot[bot] wants to merge 1 commit from dependabot/npm_and_yarn/esbuild-0.15.9 into master

dependabot[bot] commented

2022-09-24 22:07:59 +00:00

(Migrated from github.com)

Bumps esbuild from 0.15.8 to 0.15.9.

Release notes

Sourced from esbuild's releases.

v0.15.9

Fix an obscure npm package installation issue with --omit=optional (#2558)

The previous release introduced a regression with npm install esbuild --omit=optional where the file node_modules/.bin/esbuild would no longer be present after installation. That could cause any package scripts which used the esbuild command to no longer work. This release fixes the regression so node_modules/.bin/esbuild should now be present again after installation. This regression only affected people installing esbuild using npm with either the --omit=optional or --no-optional flag, which is a somewhat unusual situation.

More details:

The reason for this regression is due to some obscure npm implementation details. Since the Go compiler doesn't support trivial cross-compiling on certain Android platforms, esbuild's installer installs a WebAssembly shim on those platforms instead. In the previous release I attempted to simplify esbuild's WebAssembly shims to depend on the esbuild-wasm package instead of including another whole copy of the WebAssembly binary (to make publishing faster and to save on file system space after installation). However, both the esbuild package and the esbuild-wasm package provide a binary called esbuild and it turns out that adding esbuild-wasm as a nested dependency of the esbuild package (specifically esbuild optionally depends on @esbuild/android-arm which depends on esbuild-wasm) caused npm to be confused about what node_modules/.bin/esbuild is supposed to be.

It's pretty strange and unexpected that disabling the installation of optional dependencies altogether would suddenly cause an optional dependency's dependency to conflict with the top-level package. What happens under the hood is that if --omit=optional is present, npm attempts to uninstall the esbuild-wasm nested dependency at the end of npm install (even though the esbuild-wasm package was never installed due to --omit=optional). This uninstallation causes node_modules/.bin/esbuild to be deleted.

After doing a full investigation, I discovered that npm's handling of the .bin directory is deliberately very brittle. When multiple packages in the dependency tree put something in .bin with the same name, the end result is non-deterministic/random. What you get in .bin might be from one package, from the other package, or might be missing entirely. The workaround suggested by npm is to just avoid having two packages that put something in .bin with the same name. So this was fixed by making the @esbuild/android-arm and esbuild-android-64 packages each include another whole copy of the WebAssembly binary, which works because these packages don't put anything in .bin.

Changelog

Sourced from esbuild's changelog.

0.15.9

Fix an obscure npm package installation issue with --omit=optional (#2558)

The previous release introduced a regression with npm install esbuild --omit=optional where the file node_modules/.bin/esbuild would no longer be present after installation. That could cause any package scripts which used the esbuild command to no longer work. This release fixes the regression so node_modules/.bin/esbuild should now be present again after installation. This regression only affected people installing esbuild using npm with either the --omit=optional or --no-optional flag, which is a somewhat unusual situation.

More details:

The reason for this regression is due to some obscure npm implementation details. Since the Go compiler doesn't support trivial cross-compiling on certain Android platforms, esbuild's installer installs a WebAssembly shim on those platforms instead. In the previous release I attempted to simplify esbuild's WebAssembly shims to depend on the esbuild-wasm package instead of including another whole copy of the WebAssembly binary (to make publishing faster and to save on file system space after installation). However, both the esbuild package and the esbuild-wasm package provide a binary called esbuild and it turns out that adding esbuild-wasm as a nested dependency of the esbuild package (specifically esbuild optionally depends on @esbuild/android-arm which depends on esbuild-wasm) caused npm to be confused about what node_modules/.bin/esbuild is supposed to be.

It's pretty strange and unexpected that disabling the installation of optional dependencies altogether would suddenly cause an optional dependency's dependency to conflict with the top-level package. What happens under the hood is that if --omit=optional is present, npm attempts to uninstall the esbuild-wasm nested dependency at the end of npm install (even though the esbuild-wasm package was never installed due to --omit=optional). This uninstallation causes node_modules/.bin/esbuild to be deleted.

After doing a full investigation, I discovered that npm's handling of the .bin directory is deliberately very brittle. When multiple packages in the dependency tree put something in .bin with the same name, the end result is non-deterministic/random. What you get in .bin might be from one package, from the other package, or might be missing entirely. The workaround suggested by npm is to just avoid having two packages that put something in .bin with the same name. So this was fixed by making the @esbuild/android-arm and esbuild-android-64 packages each include another whole copy of the WebAssembly binary, which works because these packages don't put anything in .bin.

Commits

085265a publish 0.15.9 to npm
f84de90 use a custom message for macOS architecture issues
ba91ed1 makefile: publish four at a time again
e55f980 add validate to clean
02d3ded build all platforms in ci
44c5417 fix android arm package in make clean
eb9de88 additional platform target updates
758d4e1 fix #2558: remove esbuild-wasm package nesting
a333130 update platform targets
8b3bb3b update wasm-napi-exit0 targets
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.15.8 to 0.15.9. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>. <blockquote> <h2>v0.15.9</h2> <ul> <li> Fix an obscure npm package installation issue with <code>--omit=optional</code> (<a href="https://github-redirect.dependabot.com/evanw/esbuild/issues/2558">#2558</a>) The previous release introduced a regression with <code>npm install esbuild --omit=optional</code> where the file <code>node_modules/.bin/esbuild</code> would no longer be present after installation. That could cause any package scripts which used the <code>esbuild</code> command to no longer work. This release fixes the regression so <code>node_modules/.bin/esbuild</code> should now be present again after installation. This regression only affected people installing esbuild using <code>npm</code> with either the <code>--omit=optional</code> or <code>--no-optional</code> flag, which is a somewhat unusual situation. More details: The reason for this regression is due to some obscure npm implementation details. Since the Go compiler doesn't support trivial cross-compiling on certain Android platforms, esbuild's installer installs a WebAssembly shim on those platforms instead. In the previous release I attempted to simplify esbuild's WebAssembly shims to depend on the <code>esbuild-wasm</code> package instead of including another whole copy of the WebAssembly binary (to make publishing faster and to save on file system space after installation). However, both the <code>esbuild</code> package and the <code>esbuild-wasm</code> package provide a binary called <code>esbuild</code> and it turns out that adding <code>esbuild-wasm</code> as a nested dependency of the <code>esbuild</code> package (specifically <code>esbuild</code> optionally depends on <code>@esbuild/android-arm</code> which depends on <code>esbuild-wasm</code>) caused npm to be confused about what <code>node_modules/.bin/esbuild</code> is supposed to be. It's pretty strange and unexpected that disabling the installation of optional dependencies altogether would suddenly cause an optional dependency's dependency to conflict with the top-level package. What happens under the hood is that if <code>--omit=optional</code> is present, npm attempts to uninstall the <code>esbuild-wasm</code> nested dependency at the end of <code>npm install</code> (even though the <code>esbuild-wasm</code> package was never installed due to <code>--omit=optional</code>). This uninstallation causes <code>node_modules/.bin/esbuild</code> to be deleted. After doing a full investigation, I discovered that npm's handling of the <code>.bin</code> directory is deliberately very brittle. When multiple packages in the dependency tree put something in <code>.bin</code> with the same name, the end result is non-deterministic/random. What you get in <code>.bin</code> might be from one package, from the other package, or might be missing entirely. The workaround suggested by npm is to just avoid having two packages that put something in <code>.bin</code> with the same name. So this was fixed by making the <code>@esbuild/android-arm</code> and <code>esbuild-android-64</code> packages each include another whole copy of the WebAssembly binary, which works because these packages don't put anything in <code>.bin</code>. </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/evanw/esbuild/blob/master/CHANGELOG.md">esbuild's changelog</a>. <blockquote> <h2>0.15.9</h2> <ul> <li> Fix an obscure npm package installation issue with <code>--omit=optional</code> (<a href="https://github-redirect.dependabot.com/evanw/esbuild/issues/2558">#2558</a>) The previous release introduced a regression with <code>npm install esbuild --omit=optional</code> where the file <code>node_modules/.bin/esbuild</code> would no longer be present after installation. That could cause any package scripts which used the <code>esbuild</code> command to no longer work. This release fixes the regression so <code>node_modules/.bin/esbuild</code> should now be present again after installation. This regression only affected people installing esbuild using <code>npm</code> with either the <code>--omit=optional</code> or <code>--no-optional</code> flag, which is a somewhat unusual situation. More details: The reason for this regression is due to some obscure npm implementation details. Since the Go compiler doesn't support trivial cross-compiling on certain Android platforms, esbuild's installer installs a WebAssembly shim on those platforms instead. In the previous release I attempted to simplify esbuild's WebAssembly shims to depend on the <code>esbuild-wasm</code> package instead of including another whole copy of the WebAssembly binary (to make publishing faster and to save on file system space after installation). However, both the <code>esbuild</code> package and the <code>esbuild-wasm</code> package provide a binary called <code>esbuild</code> and it turns out that adding <code>esbuild-wasm</code> as a nested dependency of the <code>esbuild</code> package (specifically <code>esbuild</code> optionally depends on <code>@esbuild/android-arm</code> which depends on <code>esbuild-wasm</code>) caused npm to be confused about what <code>node_modules/.bin/esbuild</code> is supposed to be. It's pretty strange and unexpected that disabling the installation of optional dependencies altogether would suddenly cause an optional dependency's dependency to conflict with the top-level package. What happens under the hood is that if <code>--omit=optional</code> is present, npm attempts to uninstall the <code>esbuild-wasm</code> nested dependency at the end of <code>npm install</code> (even though the <code>esbuild-wasm</code> package was never installed due to <code>--omit=optional</code>). This uninstallation causes <code>node_modules/.bin/esbuild</code> to be deleted. After doing a full investigation, I discovered that npm's handling of the <code>.bin</code> directory is deliberately very brittle. When multiple packages in the dependency tree put something in <code>.bin</code> with the same name, the end result is non-deterministic/random. What you get in <code>.bin</code> might be from one package, from the other package, or might be missing entirely. The workaround suggested by npm is to just avoid having two packages that put something in <code>.bin</code> with the same name. So this was fixed by making the <code>@esbuild/android-arm</code> and <code>esbuild-android-64</code> packages each include another whole copy of the WebAssembly binary, which works because these packages don't put anything in <code>.bin</code>. </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/085265a2660fc9bbf1e4ab47ba0778e272a0cce8"><code>085265a</code></a> publish 0.15.9 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/f84de90aa92bfc8f2c7cdd024e5a0da69bc3673c"><code>f84de90</code></a> use a custom message for macOS architecture issues</li> <li><a href="https://github.com/evanw/esbuild/commit/ba91ed1d64e8e3718610a4964d947ad33cfcdac0"><code>ba91ed1</code></a> makefile: publish four at a time again</li> <li><a href="https://github.com/evanw/esbuild/commit/e55f980f457f21579a62c468221ed66448048279"><code>e55f980</code></a> add <code>validate</code> to clean</li> <li><a href="https://github.com/evanw/esbuild/commit/02d3dede429614710ace1001eeedf8185ab5b2bf"><code>02d3ded</code></a> build all platforms in ci</li> <li><a href="https://github.com/evanw/esbuild/commit/44c54170b4198825c7ba46a645cd2b8bec1b8253"><code>44c5417</code></a> fix android arm package in <code>make clean</code></li> <li><a href="https://github.com/evanw/esbuild/commit/eb9de8878ee5213f9efecd53ad49c4216e76ae70"><code>eb9de88</code></a> additional platform target updates</li> <li><a href="https://github.com/evanw/esbuild/commit/758d4e1d8330a1ffd5913f40d6518cfdbdf6672d"><code>758d4e1</code></a> fix <a href="https://github-redirect.dependabot.com/evanw/esbuild/issues/2558">#2558</a>: remove <code>esbuild-wasm</code> package nesting</li> <li><a href="https://github.com/evanw/esbuild/commit/a33313047f571760a8670815d3d88ac818871cbd"><code>a333130</code></a> update platform targets</li> <li><a href="https://github.com/evanw/esbuild/commit/8b3bb3bf25670648ed180a81be3bbc7e0b26e2c8"><code>8b3bb3b</code></a> update wasm-napi-exit0 targets</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.15.8...v0.15.9">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=esbuild&package-manager=npm_and_yarn&previous-version=0.15.8&new-version=0.15.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

dependabot[bot] commented

2022-09-25 06:51:01 +00:00

(Migrated from github.com)

Looks like esbuild is up-to-date now, so this is no longer needed.