Skip to content

chore(deps): Bump esbuild, @nextcloud/vite-config and vite #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): Bump esbuild, @nextcloud/vite-config and vite #348

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 24, 2025
edited
Loading

Bumps esbuild to 0.25.5 and updates ancestor dependencies esbuild, @nextcloud/vite-config and vite. These dependencies need to be updated together.

Updates esbuild from 0.19.5 to 0.25.5

Release notes

Sourced from esbuild's releases.

v0.25.5

  • Fix a regression with browser in package.json (#4187)

    The fix to #4144 in version 0.25.3 introduced a regression that caused browser overrides specified in package.json to fail to override relative path names that end in a trailing slash. That behavior change affected the axios@0.30.0 package. This regression has been fixed, and now has test coverage.

  • Add support for certain keywords as TypeScript tuple labels (#4192)

    Previously esbuild could incorrectly fail to parse certain keywords as TypeScript tuple labels that are parsed by the official TypeScript compiler if they were followed by a ? modifier. These labels included function, import, infer, new, readonly, and typeof. With this release, these keywords will now be parsed correctly. Here's an example of some affected code:

    type Foo = [
  value: any,
  readonly?: boolean, // This is now parsed correctly
]

  • Add CSS prefixes for the stretch sizing value (#4184)

    This release adds support for prefixing CSS declarations such as div { width: stretch }. That CSS is now transformed into this depending on what the --target= setting includes:

    div {
  width: -webkit-fill-available;
  width: -moz-available;
  width: stretch;
}

v0.25.4

  • Add simple support for CORS to esbuild's development server (#4125)

    Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

    To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

    Some examples:

    • CLI:

      esbuild --servedir=. --cors-origin=https://example.com

    • JS:

      const ctx = await esbuild.context({})
await ctx.serve({
  servedir: '.',
  cors: {

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

  • Fix TypeScript-specific class transform edge case (#3559)

    The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

    // Original code
class Foo extends Bar {
  #private = 1;
  public: any;
  constructor() {
    super();
  }
}
// Old output (with esbuild v0.19.9)
class Foo extends Bar {
constructor() {
super();
this.#private = 1;
}
#private;
}
// Old output (with esbuild v0.19.10)
class Foo extends Bar {
constructor() {
this.#private = 1;
super();
}
#private;
}
// New output
class Foo extends Bar {
#private = 1;
constructor() {
super();
}
}

  • Minifier: allow reording a primitive past a side-effect (#3568)

    The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

Updates @nextcloud/vite-config from 1.2.2 to 1.5.6

Release notes

Sourced from @​nextcloud/vite-config's releases.

v1.5.6

v1.5.6 (2025-05-07)

🐛 Fixed bugs

  • fix(SPDX): correctly handle vite plugins

v1.5.5

What's Changed

Full Changelog: nextcloud-libraries/nextcloud-vite-config@v1.5.4...v1.5.5

v1.5.4

What's Changed

Full Changelog: nextcloud-libraries/nextcloud-vite-config@v1.5.3...v1.5.4

v1.5.3

What's Changed

... (truncated)

Changelog

Sourced from @​nextcloud/vite-config's changelog.

v1.5.6 (2025-05-07)

🐛 Fixed bugs

  • fix(SPDX): correctly handle vite plugins

v1.5.5 (2025-05-07)

🐛 Fixed bugs

  • fix(SPDX): handle vite internal modules and sanitize name #606 (susnux)

Changed

  • chore(deps-dev): Bump vite to 6.3.4

v1.5.4 (2025-04-29)

Changed

  • chore(deps): Bump rollup-plugin-esbuild-minify from 1.2.0 to 1.3.0

v1.5.3 (2025-03-12)

Fixed

  • fix: Do not hide sourcemaps in production build #547

Changed

  • Updated dependencies

v1.5.2 (2025-02-13)

Changed

  • chore(deps): Bump vite-plugin-node-polyfills from 0.22.0 to 0.23.0
    • Required for vite 6 support
  • Updated development dependencies

v1.5.1 (2025-01-22)

Fixed

  • fix: Vite 6 made the CSS output file breaking #468

Changed

  • Updated development dependencies
  • chore(deps): Bump vite-plugin-dts to 4.5.0

v1.5.0 (2025-01-10)

Added

  • Vite 6 support

Fixed

  • fix(REUSELicensesPlugin): remove duplicates in license files

Changed

  • Updated development dependencies
  • chore(deps): Bump magic-string from 0.30.15 to 0.30.17
  • chore(deps): Bump rollup-plugin-corejs to 1.0.1
  • chore(deps): Bump rollup-plugin-license to 3.5.3
  • chore(deps): Bump rollup-plugin-esbuild-minify to 1.2.0
  • chore(deps): Bump rollup-plugin-node-externals to 8.0.0

... (truncated)

Commits
  • 778bc1c chore: prepare v1.5.6
  • 6a8ab1e fix(SPDX): correctly handle plugins
  • b005fc2 chore: prepare v1.5.5
  • 30b33d0 Merge pull request #607 from nextcloud-libraries/backport/606/stable1
  • 3a80e3c fix(SPDX): handle vite internal modules and sanitize name
  • bf92142 Merge pull request #605 from nextcloud-libraries/dependabot/npm_and_yarn/stab...
  • e16dc83 chore(deps-dev): Bump vite from 6.3.3 to 6.3.4
  • cf4631d Merge pull request #603 from nextcloud-libraries/chore/release-1
  • a867beb chore: prepare v1.5.4
  • b468aff Merge pull request #602 from nextcloud-libraries/dependabot/npm_and_yarn/stab...
  • Additional commits viewable in compare view

Updates vite from 5.4.6 to 7.0.0

Release notes

Sourced from vite's releases.

create-vite@7.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@7.0.0

Please refer to CHANGELOG.md for details.

v7.0.0

Please refer to CHANGELOG.md for details.

v7.0.0-beta.2

Please refer to CHANGELOG.md for details.

v7.0.0-beta.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.0.0-beta.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.0.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.0-beta.0

Please refer to CHANGELOG.md for details.

create-vite@6.5.0

Please refer to CHANGELOG.md for details.

create-vite@6.4.1

Please refer to CHANGELOG.md for details.

create-vite@6.4.0

Please refer to CHANGELOG.md for details.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.3.2

Please refer to CHANGELOG.md for details.

create-vite@6.3.1

Please refer to CHANGELOG.md for details.

v6.3.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.0.0 (2025-06-24)

Vite 7 is out!

Today, we're excited to announce the release of the next Vite major:

Breaking Changes

Features

Fixes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): Bump esbuild, @nextcloud/vite-config and vite
d870f13 
Bumps [esbuild](https://github.com/evanw/esbuild) to 0.25.5 and updates ancestor dependencies [esbuild](https://github.com/evanw/esbuild), [@nextcloud/vite-config](https://github.com/nextcloud/nextcloud-vite-config) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). These dependencies need to be updated together.


Updates `esbuild` from 0.19.5 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md)
- [Commits](evanw/esbuild@v0.19.5...v0.25.5)

Updates `@nextcloud/vite-config` from 1.2.2 to 1.5.6
- [Release notes](https://github.com/nextcloud/nextcloud-vite-config/releases)
- [Changelog](https://github.com/nextcloud-libraries/nextcloud-vite-config/blob/v1.5.6/CHANGELOG.md)
- [Commits](nextcloud-libraries/nextcloud-vite-config@v1.2.2...v1.5.6)

Updates `vite` from 5.4.6 to 7.0.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@7.0.0/packages/vite)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.25.5
  dependency-type: indirect
- dependency-name: "@nextcloud/vite-config"
  dependency-version: 1.5.6
  dependency-type: direct:development
- dependency-name: vite
  dependency-version: 7.0.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 24, 2025
@dependabot dependabot bot mentioned this pull request Jun 24, 2025
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 26, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jun 26, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/multi-53fa790612 branch June 26, 2025 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant