Comparing changes

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.17.19 to 0.19.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.19.2</h2> <ul> <li> <p>Update how CSS nesting is parsed again</p> <p>CSS nesting syntax has been changed again, and esbuild has been updated to match. Type selectors may now be used with CSS nesting:</p> <pre lang="css"><code>.foo { div { color: red; } } </code></pre> <p>Previously this was disallowed in the CSS specification because it's ambiguous whether an identifier is a declaration or a nested rule starting with a type selector without requiring unbounded lookahead in the parser. It has now been allowed because the CSS working group has decided that requiring unbounded lookahead is acceptable after all.</p> <p>Note that this change means esbuild no longer considers any existing browser to support CSS nesting since none of the existing browsers support this new syntax. CSS nesting will now always be transformed when targeting a browser. This situation will change in the future as browsers add support for this new syntax.</p> </li> <li> <p>Fix a scope-related bug with <code>--drop-labels=</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/3311">#3311</a>)</p> <p>The recently-released <code>--drop-labels=</code> feature previously had a bug where esbuild's internal scope stack wasn't being restored properly when a statement with a label was dropped. This could manifest as a tree-shaking issue, although it's possible that this could have also been causing other subtle problems too. The bug has been fixed in this release.</p> </li> <li> <p>Make renamed CSS names unique across entry points (<a href="https://redirect.github.com/evanw/esbuild/issues/3295">#3295</a>)</p> <p>Previously esbuild's generated names for local names in CSS were only unique within a given entry point (or across all entry points when code splitting was enabled). That meant that building multiple entry points with esbuild could result in local names being renamed to the same identifier even when those entry points were built simultaneously within a single esbuild API call. This problem was especially likely to happen with minification enabled. With this release, esbuild will now avoid renaming local names from two separate entry points to the same name if those entry points were built with a single esbuild API call, even when code splitting is disabled.</p> </li> <li> <p>Fix CSS ordering bug with <code>@layer</code> before <code>@import</code></p> <p>CSS lets you put <code>@layer</code> rules before <code>@import</code> rules to define the order of layers in a stylesheet. Previously esbuild's CSS bundler incorrectly ordered these after the imported files because before the introduction of cascade layers to CSS, imported files could be bundled by removing the <code>@import</code> rules and then joining files together in the right order. But with <code>@layer</code>, CSS files may now need to be split apart into multiple pieces in the bundle. For example:</p> <pre><code>/* Original code */ @layer start; @import "data:text/css,@layer inner.start;"; @import "data:text/css,@layer inner.end;"; @layer end; <p>/* Old output (with --bundle) */ <a href="https://github.com/layer"><code>@layer</code></a> inner.start; <a href="https://github.com/layer"><code>@layer</code></a> inner.end; <a href="https://github.com/layer"><code>@layer</code></a> start; <a href="https://github.com/layer"><code>@layer</code></a> end;</p> <p>/* New output (with --bundle) */ <a href="https://github.com/layer"><code>@layer</code></a> start; <a href="https://github.com/layer"><code>@layer</code></a> inner.start; <a href="https://github.com/layer"><code>@layer</code></a> inner.end; <a href="https://github.com/layer"><code>@layer</code></a> end; </code></pre></p> </li> <li> <p>Unwrap nested duplicate <code>@media</code> rules (<a href="https://redirect.github.com/evanw/esbuild/issues/3226">#3226</a>)</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.19.2</h2> <ul> <li> <p>Update how CSS nesting is parsed again</p> <p>CSS nesting syntax has been changed again, and esbuild has been updated to match. Type selectors may now be used with CSS nesting:</p> <pre lang="css"><code>.foo { div { color: red; } } </code></pre> <p>Previously this was disallowed in the CSS specification because it's ambiguous whether an identifier is a declaration or a nested rule starting with a type selector without requiring unbounded lookahead in the parser. It has now been allowed because the CSS working group has decided that requiring unbounded lookahead is acceptable after all.</p> <p>Note that this change means esbuild no longer considers any existing browser to support CSS nesting since none of the existing browsers support this new syntax. CSS nesting will now always be transformed when targeting a browser. This situation will change in the future as browsers add support for this new syntax.</p> </li> <li> <p>Fix a scope-related bug with <code>--drop-labels=</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/3311">#3311</a>)</p> <p>The recently-released <code>--drop-labels=</code> feature previously had a bug where esbuild's internal scope stack wasn't being restored properly when a statement with a label was dropped. This could manifest as a tree-shaking issue, although it's possible that this could have also been causing other subtle problems too. The bug has been fixed in this release.</p> </li> <li> <p>Make renamed CSS names unique across entry points (<a href="https://redirect.github.com/evanw/esbuild/issues/3295">#3295</a>)</p> <p>Previously esbuild's generated names for local names in CSS were only unique within a given entry point (or across all entry points when code splitting was enabled). That meant that building multiple entry points with esbuild could result in local names being renamed to the same identifier even when those entry points were built simultaneously within a single esbuild API call. This problem was especially likely to happen with minification enabled. With this release, esbuild will now avoid renaming local names from two separate entry points to the same name if those entry points were built with a single esbuild API call, even when code splitting is disabled.</p> </li> <li> <p>Fix CSS ordering bug with <code>@layer</code> before <code>@import</code></p> <p>CSS lets you put <code>@layer</code> rules before <code>@import</code> rules to define the order of layers in a stylesheet. Previously esbuild's CSS bundler incorrectly ordered these after the imported files because before the introduction of cascade layers to CSS, imported files could be bundled by removing the <code>@import</code> rules and then joining files together in the right order. But with <code>@layer</code>, CSS files may now need to be split apart into multiple pieces in the bundle. For example:</p> <pre><code>/* Original code */ @layer start; @import "data:text/css,@layer inner.start;"; @import "data:text/css,@layer inner.end;"; @layer end; <p>/* Old output (with --bundle) */ <a href="https://github.com/layer"><code>@layer</code></a> inner.start; <a href="https://github.com/layer"><code>@layer</code></a> inner.end; <a href="https://github.com/layer"><code>@layer</code></a> start; <a href="https://github.com/layer"><code>@layer</code></a> end;</p> <p>/* New output (with --bundle) */ <a href="https://github.com/layer"><code>@layer</code></a> start; <a href="https://github.com/layer"><code>@layer</code></a> inner.start; <a href="https://github.com/layer"><code>@layer</code></a> inner.end; <a href="https://github.com/layer"><code>@layer</code></a> end; </code></pre></p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/09a100124e9daef9e0be57d21cc7729c6f3516e7"><code>09a1001</code></a> publish 0.19.2 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/4d9b764f11b8f52024c798f3e3361be9f575b1cc"><code>4d9b764</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3311">#3311</a>: pop scope after <code>--drop-labels=</code> runs</li> <li><a href="https://github.com/evanw/esbuild/commit/f2d23b294e41253062f6c49fd7e339dfb8019940"><code>f2d23b2</code></a> fix some typos</li> <li><a href="https://github.com/evanw/esbuild/commit/e76780c041b15fbf5d273861af2a95707f1621f1"><code>e76780c</code></a> css: further changes to css nesting syntax</li> <li><a href="https://github.com/evanw/esbuild/commit/71f4a5aff3c943d2f44c606337a9a4d5ef530e31"><code>71f4a5a</code></a> update compat-table (note: css nesting changed)</li> <li><a href="https://github.com/evanw/esbuild/commit/eb667c35bd1c32b3ea2fc5f56326665298131b3a"><code>eb667c3</code></a> css: try to merge adjacent <code>@layer</code> rules together</li> <li><a href="https://github.com/evanw/esbuild/commit/f7596931bb79ab8708dd630aa729d49bc68bbbbd"><code>f759693</code></a> css: fix ordering with <code>@layer</code> before <code>@import</code></li> <li><a href="https://github.com/evanw/esbuild/commit/c73f0f8fc9185f7b2335363a2f8b98e29077a327"><code>c73f0f8</code></a> css: extract wrapping logic to a helper function</li> <li><a href="https://github.com/evanw/esbuild/commit/a05a2f9c7a91dbe32202f4e963c8aca9ec24481d"><code>a05a2f9</code></a> css: make source index on compile results optional</li> <li><a href="https://github.com/evanw/esbuild/commit/bb16fb7a92f07136d4b5b6a07132367e6533dc59"><code>bb16fb7</code></a> css: parser separates layers pre/post <code>@import</code></li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.17.19...v0.19.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=esbuild&package-manager=npm_and_yarn&previous-version=0.17.19&new-version=0.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.0.3 to 16.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.3.0...v16.3.1">16.3.1</a> (2023-06-17)</h2> <h3>Added</h3> <ul> <li>Add missing type definitions for <code>processEnv</code> and <code>DOTENV_KEY</code> options. <a href="https://redirect.github.com/motdotla/dotenv/pull/756">#756</a></li> </ul> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.2.0...v16.3.0">16.3.0</a> (2023-06-16)</h2> <h3>Added</h3> <ul> <li>Optionally pass <code>DOTENV_KEY</code> to options rather than relying on <code>process.env.DOTENV_KEY</code>. Defaults to <code>process.env.DOTENV_KEY</code> <a href="https://redirect.github.com/motdotla/dotenv/pull/754">#754</a></li> </ul> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.1.4...v16.2.0">16.2.0</a> (2023-06-15)</h2> <h3>Added</h3> <ul> <li>Optionally write to your own target object rather than <code>process.env</code>. Defaults to <code>process.env</code>. <a href="https://redirect.github.com/motdotla/dotenv/pull/753">#753</a></li> <li>Add import type URL to types file <a href="https://redirect.github.com/motdotla/dotenv/pull/751">#751</a></li> </ul> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.1.3...v16.1.4">16.1.4</a> (2023-06-04)</h2> <h3>Added</h3> <ul> <li>Added <code>.github/</code> to <code>.npmignore</code> <a href="https://redirect.github.com/motdotla/dotenv/pull/747">#747</a></li> </ul> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.1.2...v16.1.3">16.1.3</a> (2023-05-31)</h2> <h3>Removed</h3> <ul> <li>Removed <code>browser</code> keys for <code>path</code>, <code>os</code>, and <code>crypto</code> in package.json. These were set to false incorrectly as of 16.1. Instead, if using dotenv on the front-end make sure to include polyfills for <code>path</code>, <code>os</code>, and <code>crypto</code>. <a href="https://github.com/Richienb/node-polyfill-webpack-plugin">node-polyfill-webpack-plugin</a> provides these.</li> </ul> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.1.1...v16.1.2">16.1.2</a> (2023-05-31)</h2> <h3>Changed</h3> <ul> <li>Exposed private function <code>_configDotenv</code> as <code>configDotenv</code>. <a href="https://redirect.github.com/motdotla/dotenv/pull/744">#744</a></li> </ul> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.1.0...v16.1.1">16.1.1</a> (2023-05-30)</h2> <h3>Added</h3> <ul> <li>Added type definition for <code>decrypt</code> function</li> </ul> <h3>Changed</h3> <ul> <li>Fixed <code>{crypto: false}</code> in <code>packageJson.browser</code></li> </ul> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.0.3...v16.1.0">16.1.0</a> (2023-05-30)</h2> <h3>Added</h3>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/motdotla/dotenv/commit/b13ca7bbdae868e2565db1188a033761ff59cb47"><code>b13ca7b</code></a> 16.3.1</li> <li><a href="https://github.com/motdotla/dotenv/commit/9bcc2e716c5dc6c9aa00efdd95f60e5fdf316623"><code>9bcc2e7</code></a> Merge pull request <a href="https://redirect.github.com/motdotla/dotenv/issues/756">#756</a> from motdotla/type-fix</li> <li><a href="https://github.com/motdotla/dotenv/commit/80fff4bbf052c68e51b7a3efcca6e9322621202a"><code>80fff4b</code></a> Add type definition for DOTENV_KEY</li> <li><a href="https://github.com/motdotla/dotenv/commit/50163a1de9ae392fef03600350fef7d043e26361"><code>50163a1</code></a> update type file</li> <li><a href="https://github.com/motdotla/dotenv/commit/5c7d7f5f3ffa7b130a9630ff9b9639c0dea1ca77"><code>5c7d7f5</code></a> Add example demonstrating setting DOTENV_KEY</li> <li><a href="https://github.com/motdotla/dotenv/commit/76d3682e104f10440c8c6085fe27556f828cb48e"><code>76d3682</code></a> 16.3.0</li> <li><a href="https://github.com/motdotla/dotenv/commit/80219ae50e64443f1bc21e87c6eeb74d639a297c"><code>80219ae</code></a> Merge pull request <a href="https://redirect.github.com/motdotla/dotenv/issues/754">#754</a> from motdotla/dotenv-key-option</li> <li><a href="https://github.com/motdotla/dotenv/commit/dacd4501580e3830ee6298cc6556a33ba88a94d4"><code>dacd450</code></a> Add DOTENV_KEY to cli config and environment config options</li> <li><a href="https://github.com/motdotla/dotenv/commit/f20e646603bfe11d0444529774be5afce31a3089"><code>f20e646</code></a> Add options.DOTENV_KEY</li> <li><a href="https://github.com/motdotla/dotenv/commit/5861f6a94abceddb6746f4b459919c548db95f47"><code>5861f6a</code></a> Add failing test demonstrating need for DOTENV_KEY option</li> <li>Additional commits viewable in <a href="https://github.com/motdotla/dotenv/compare/v16.0.3...v16.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dotenv&package-manager=npm_and_yarn&previous-version=16.0.3&new-version=16.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…changes (#26)

Commits on Aug 23, 2023

ci(release): use installation access token to checkout and push back …

…changes (#26)

gr2m authored Aug 23, 2023

View commit details

Copy full SHA for 27ab487

Browse repository at this point

27ab487

-Original file line number
+Diff line change
@@ @@ -14,18 +14,14 @@ jobs: @@
         name: release
         runs-on: ubuntu-latest
         steps:
-          - uses: actions/checkout@v3
-          - uses: actions/setup-node@v3
-            with:
-              cache: npm
-              node-version: lts/*
-          - run: npm ci
-          - run: npm run build
-          - uses: ./ # Uses the action in the root directory
+          - uses: actions/create-github-app-token@v1
             id: app-token
             with:
               app_id: ${{ vars.RELEASER_APP_ID }}
               private_key: ${{ secrets.RELEASER_APP_PRIVATE_KEY }}
+          - uses: actions/checkout@v3
+            with:
+              token: ${{ steps.app-token.outputs.token }}
           - run: npm install --no-save @semantic-release/git semantic-release-plugin-github-breaking-version-tag
           - run: npx semantic-release
             env:

-Original file line number
+Diff line change
@@ @@ -11,12 +11,12 @@ @@
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.10.0",
-        "@octokit/auth-app": "^4.0.13",
-        "@octokit/request": "^6.2.5"
+        "@octokit/auth-app": "^6.0.0",
+        "@octokit/request": "^8.1.1"
       },
       "devDependencies": {
-        "dotenv": "^16.0.3",
-        "esbuild": "^0.17.19"
+        "dotenv": "^16.3.1",
+        "esbuild": "^0.19.2"
       },
       "release": {
         "branches": [

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Aug 22, 2023

Commits on Aug 23, 2023

There are no files selected for viewing