dependabot[bot] opened a new pull request, #39891: URL: https://github.com/apache/arrow/pull/39891
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.19.2 to 0.20.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases";>esbuild's releases</a>.</em></p> <blockquote> <h2>v0.20.0</h2> <p><strong>This release deliberately contains backwards-incompatible changes.</strong> To avoid automatically picking up releases like this, you should either be pinning the exact version of <code>esbuild</code> in your <code>package.json</code> file (recommended) or be using a version range syntax that only accepts patch upgrades such as <code>^0.19.0</code> or <code>~0.19.0</code>. See npm's documentation about <a href="https://docs.npmjs.com/cli/v6/using-npm/semver/";>semver</a> for more information.</p> <p>This time there is only one breaking change, and it only matters for people using Deno. Deno tests that use esbuild will now fail unless you make the change described below.</p> <ul> <li> <p>Work around API deprecations in Deno 1.40.x (<a href="https://redirect.github.com/evanw/esbuild/issues/3609";>#3609</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/3611";>#3611</a>)</p> <p><a href="https://deno.com/blog/v1.40";>Deno 1.40.0</a> was just released and introduced run-time warnings about certain APIs that esbuild uses. With this release, esbuild will work around these run-time warnings by using newer APIs if they are present and falling back to the original APIs otherwise. This should avoid the warnings without breaking compatibility with older versions of Deno.</p> <p>Unfortunately, doing this introduces a breaking change. The newer child process APIs lack a way to synchronously terminate esbuild's child process, so calling <code>esbuild.stop()</code> from within a Deno test is no longer sufficient to prevent Deno from failing a test that uses esbuild's API (Deno fails tests that create a child process without killing it before the test ends). To work around this, esbuild's <code>stop()</code> function has been changed to return a promise, and you now have to change <code>esbuild.stop()</code> to <code>await esbuild.stop()</code> in all of your Deno tests.</p> </li> <li> <p>Reorder implicit file extensions within <code>node_modules</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/3341";>#3341</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/3608";>#3608</a>)</p> <p>In <a href="https://github.com/evanw/esbuild/releases/v0.18.0";>version 0.18.0</a>, esbuild changed the behavior of implicit file extensions within <code>node_modules</code> directories (i.e. in published packages) to prefer <code>.js</code> over <code>.ts</code> even when the <code>--resolve-extensions=</code> order prefers <code>.ts</code> over <code>.js</code> (which it does by default). However, doing that also accidentally made esbuild prefer <code>.css</code> over <code>.ts</code>, which caused problems for people that published packages containing both TypeScript and CSS in files with the same name.</p> <p>With this release, esbuild will reorder TypeScript file extensions immediately after the last JavaScript file extensions in the implicit file extension order instead of putting them at the end of the order. Specifically the default implicit file extension order is <code>.tsx,.ts,.jsx,.js,.css,.json</code> which used to become <code>.jsx,.js,.css,.json,.tsx,.ts</code> in <code>node_modules</code> directories. With this release it will now become <code>.jsx,.js,.tsx,.ts,.css,.json</code> instead.</p> <p>Why even rewrite the implicit file extension order at all? One reason is because the <code>.js</code> file is more likely to behave correctly than the <code>.ts</code> file. The behavior of the <code>.ts</code> file may depend on <code>tsconfig.json</code> and the <code>tsconfig.json</code> file may not even be published, or may use <code>extends</code> to refer to a base <code>tsconfig.json</code> file that wasn't published. People can get into this situation when they forget to add all <code>.ts</code> files to their <code>.npmignore</code> file before publishing to npm. Picking <code>.js</code> over <code>.ts</code> helps make it more likely that resulting bundle will behave correctly.</p> </li> </ul> <h2>v0.19.12</h2> <ul> <li> <p>The "preserve" JSX mode now preserves JSX text verbatim (<a href="https://redirect.github.com/evanw/esbuild/issues/3605";>#3605</a>)</p> <p>The <a href="https://facebook.github.io/jsx/";>JSX specification</a> deliberately doesn't specify how JSX text is supposed to be interpreted and there is no canonical way to interpret JSX text. Two most popular interpretations are Babel and TypeScript. Yes <a href="https://twitter.com/jarredsumner/status/1456118847937781764";>they are different</a> (esbuild <a href="https://twitter.com/evanwallace/status/1456122279453208576";>deliberately follows TypeScript</a> by the way).</p> <p>Previously esbuild normalized text to the TypeScript interpretation when the "preserve" JSX mode is active. However, "preserve" should arguably reproduce the original JSX text verbatim so that whatever JSX transform runs after esbuild is free to interpret it however it wants. So with this release, esbuild will now pass JSX text through unmodified:</p> <pre lang="jsx"><code>// Original code let el = <a href={'/'} title='&apos;&quot;'> some text {foo} more text </a> <p>// Old output (with --loader=jsx --jsx=preserve) let el = <a href="/" title={<code>'&quot;</code>}> {" some text"} {foo} {"more text "} </a>;</p> <p>// New output (with --loader=jsx --jsx=preserve) let el = <a href={"/"} title='&apos;&quot;'> some text {foo} more text </a>; </code></pre></p> </li> <li> <p>Allow JSX elements as JSX attribute values</p> <p>JSX has an obscure feature where you can use JSX elements in attribute position without surrounding them with <code>{...}</code>. It looks like this:</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md";>esbuild's changelog</a>.</em></p> <blockquote> <h2>0.20.0</h2> <p><strong>This release deliberately contains backwards-incompatible changes.</strong> To avoid automatically picking up releases like this, you should either be pinning the exact version of <code>esbuild</code> in your <code>package.json</code> file (recommended) or be using a version range syntax that only accepts patch upgrades such as <code>^0.19.0</code> or <code>~0.19.0</code>. See npm's documentation about <a href="https://docs.npmjs.com/cli/v6/using-npm/semver/";>semver</a> for more information.</p> <p>This time there is only one breaking change, and it only matters for people using Deno. Deno tests that use esbuild will now fail unless you make the change described below.</p> <ul> <li> <p>Work around API deprecations in Deno 1.40.x (<a href="https://redirect.github.com/evanw/esbuild/issues/3609";>#3609</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/3611";>#3611</a>)</p> <p><a href="https://deno.com/blog/v1.40";>Deno 1.40.0</a> was just released and introduced run-time warnings about certain APIs that esbuild uses. With this release, esbuild will work around these run-time warnings by using newer APIs if they are present and falling back to the original APIs otherwise. This should avoid the warnings without breaking compatibility with older versions of Deno.</p> <p>Unfortunately, doing this introduces a breaking change. The newer child process APIs lack a way to synchronously terminate esbuild's child process, so calling <code>esbuild.stop()</code> from within a Deno test is no longer sufficient to prevent Deno from failing a test that uses esbuild's API (Deno fails tests that create a child process without killing it before the test ends). To work around this, esbuild's <code>stop()</code> function has been changed to return a promise, and you now have to change <code>esbuild.stop()</code> to <code>await esbuild.stop()</code> in all of your Deno tests.</p> </li> <li> <p>Reorder implicit file extensions within <code>node_modules</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/3341";>#3341</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/3608";>#3608</a>)</p> <p>In <a href="https://github.com/evanw/esbuild/releases/v0.18.0";>version 0.18.0</a>, esbuild changed the behavior of implicit file extensions within <code>node_modules</code> directories (i.e. in published packages) to prefer <code>.js</code> over <code>.ts</code> even when the <code>--resolve-extensions=</code> order prefers <code>.ts</code> over <code>.js</code> (which it does by default). However, doing that also accidentally made esbuild prefer <code>.css</code> over <code>.ts</code>, which caused problems for people that published packages containing both TypeScript and CSS in files with the same name.</p> <p>With this release, esbuild will reorder TypeScript file extensions immediately after the last JavaScript file extensions in the implicit file extension order instead of putting them at the end of the order. Specifically the default implicit file extension order is <code>.tsx,.ts,.jsx,.js,.css,.json</code> which used to become <code>.jsx,.js,.css,.json,.tsx,.ts</code> in <code>node_modules</code> directories. With this release it will now become <code>.jsx,.js,.tsx,.ts,.css,.json</code> instead.</p> <p>Why even rewrite the implicit file extension order at all? One reason is because the <code>.js</code> file is more likely to behave correctly than the <code>.ts</code> file. The behavior of the <code>.ts</code> file may depend on <code>tsconfig.json</code> and the <code>tsconfig.json</code> file may not even be published, or may use <code>extends</code> to refer to a base <code>tsconfig.json</code> file that wasn't published. People can get into this situation when they forget to add all <code>.ts</code> files to their <code>.npmignore</code> file before publishing to npm. Picking <code>.js</code> over <code>.ts</code> helps make it more likely that resulting bundle will behave correctly.</p> </li> </ul> <h2>0.19.12</h2> <ul> <li> <p>The "preserve" JSX mode now preserves JSX text verbatim (<a href="https://redirect.github.com/evanw/esbuild/issues/3605";>#3605</a>)</p> <p>The <a href="https://facebook.github.io/jsx/";>JSX specification</a> deliberately doesn't specify how JSX text is supposed to be interpreted and there is no canonical way to interpret JSX text. Two most popular interpretations are Babel and TypeScript. Yes <a href="https://twitter.com/jarredsumner/status/1456118847937781764";>they are different</a> (esbuild <a href="https://twitter.com/evanwallace/status/1456122279453208576";>deliberately follows TypeScript</a> by the way).</p> <p>Previously esbuild normalized text to the TypeScript interpretation when the "preserve" JSX mode is active. However, "preserve" should arguably reproduce the original JSX text verbatim so that whatever JSX transform runs after esbuild is free to interpret it however it wants. So with this release, esbuild will now pass JSX text through unmodified:</p> <pre lang="jsx"><code>// Original code let el = <a href={'/'} title='&apos;&quot;'> some text {foo} more text </a> <p>// Old output (with --loader=jsx --jsx=preserve) let el = <a href="/" title={<code>'&quot;</code>}> {" some text"} {foo} {"more text "} </a>;</p> <p>// New output (with --loader=jsx --jsx=preserve) let el = <a href={"/"} title='&apos;&quot;'> some text {foo} more text </a>; </code></pre></p> </li> <li> <p>Allow JSX elements as JSX attribute values</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/2af5ccf478812d2d7226ad4435d46fbbb3419a8c";><code>2af5ccf</code></a> publish 0.20.0 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/0bccf08675867c8ce6662b1ab4aae21973083d99";><code>0bccf08</code></a> fix <a href="https://redirect.github.com/esbuild/deno-esbuild/pull/5";>esbuild/deno-esbuild#5</a></li> <li><a href="https://github.com/evanw/esbuild/commit/931f87db267cf86f63d940c0a77072ef45e96128";><code>931f87d</code></a> work around api deprecations in deno 1.40.x (<a href="https://redirect.github.com/evanw/esbuild/issues/3609";>#3609</a>) (<a href="https://redirect.github.com/evanw/esbuild/issues/3611";>#3611</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/22a9cf5754d402aabfe75aeda0266c3a970b0ee1";><code>22a9cf5</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3341";>#3341</a>, fix <a href="https://redirect.github.com/evanw/esbuild/issues/3608";>#3608</a>: sort <code>.ts</code> right after <code>.js</code></li> <li><a href="https://github.com/evanw/esbuild/commit/f8ec3007b68c5bfb755317e5c7051f63184c514b";><code>f8ec300</code></a> run <code>npm pkg fix</code> as suggested by the npm cli</li> <li><a href="https://github.com/evanw/esbuild/commit/d7fd1ad35715cda76eb33343b7c07b275e402a2e";><code>d7fd1ad</code></a> publish 0.19.12 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/e04a6900b7659146aef670e62a0d16c6f75cfd70";><code>e04a690</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3605";>#3605</a>: print the original JSX AST unmodified</li> <li><a href="https://github.com/evanw/esbuild/commit/f5713992227188d137c485d27b6956c6de814b9a";><code>f571399</code></a> allow jsx elements as jsx attribute values</li> <li><a href="https://github.com/evanw/esbuild/commit/a652e730ff07b9081470ef6965f3d54daa7b2aab";><code>a652e73</code></a> run <code>make update-compat-table</code></li> <li><a href="https://github.com/evanw/esbuild/commit/35c0d65b9d4f29a26176404d2890d1b499634e9f";><code>35c0d65</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3574";>#3574</a>: ts type parser bug with infer + extends</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.19.2...v0.20.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
