Skip to content

build(deps): bump esbuild and @module-federation/enhanced in /clients/ui/frontend #1335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
google-oss-prow merged 1 commit into from
Aug 18, 2025
Merged

build(deps): bump esbuild and @module-federation/enhanced in /clients/ui/frontend #1335

google-oss-prow merged 1 commit into from
Aug 18, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 18, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps esbuild to 0.25.5 and updates ancestor dependency @module-federation/enhanced. These dependencies need to be updated together.

Updates esbuild from 0.17.19 to 0.25.5

Release notes

Sourced from esbuild's releases.

v0.25.5

  • Fix a regression with browser in package.json (#4187)

    The fix to #4144 in version 0.25.3 introduced a regression that caused browser overrides specified in package.json to fail to override relative path names that end in a trailing slash. That behavior change affected the [email protected] package. This regression has been fixed, and now has test coverage.

  • Add support for certain keywords as TypeScript tuple labels (#4192)

    Previously esbuild could incorrectly fail to parse certain keywords as TypeScript tuple labels that are parsed by the official TypeScript compiler if they were followed by a ? modifier. These labels included function, import, infer, new, readonly, and typeof. With this release, these keywords will now be parsed correctly. Here's an example of some affected code:

    type Foo = [
  value: any,
  readonly?: boolean, // This is now parsed correctly
]

  • Add CSS prefixes for the stretch sizing value (#4184)

    This release adds support for prefixing CSS declarations such as div { width: stretch }. That CSS is now transformed into this depending on what the --target= setting includes:

    div {
  width: -webkit-fill-available;
  width: -moz-available;
  width: stretch;
}

v0.25.4

  • Add simple support for CORS to esbuild's development server (#4125)

    Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

    To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

    Some examples:

    • CLI:

      esbuild --servedir=. --cors-origin=https://example.com

    • JS:

      const ctx = await esbuild.context({})
await ctx.serve({
  servedir: '.',
  cors: {

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

  • Fix TypeScript-specific class transform edge case (#3559)

    The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

    // Original code
class Foo extends Bar {
  #private = 1;
  public: any;
  constructor() {
    super();
  }
}
// Old output (with esbuild v0.19.9)
class Foo extends Bar {
constructor() {
super();
this.#private = 1;
}
#private;
}
// Old output (with esbuild v0.19.10)
class Foo extends Bar {
constructor() {
this.#private = 1;
super();
}
#private;
}
// New output
class Foo extends Bar {
#private = 1;
constructor() {
super();
}
}

  • Minifier: allow reording a primitive past a side-effect (#3568)

    The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

Updates @module-federation/enhanced from 0.13.1 to 0.17.0

Release notes

Sourced from @​module-federation/enhanced's releases.

v0.17.0

What's Changed

New Features 🎉

Bug Fixes 🐞

Document 📖

Other Changes

New Contributors

Full Changelog: module-federation/core@v0.16.0...v0.17.0

v0.16.0

What's Changed

New Features 🎉

Bug Fixes 🐞

Document 📖

Other Changes

New Contributors

... (truncated)

Changelog

Sourced from @​module-federation/enhanced's changelog.

0.17.0

Patch Changes

  • Updated dependencies [3f736b6]
  • Updated dependencies [e0ceca6]
  • Updated dependencies [1d691ef]
  • Updated dependencies [60e4df1]
    • @​module-federation/data-prefetch@​0.17.0
    • @​module-federation/cli@​0.17.0
    • @​module-federation/dts-plugin@​0.17.0
    • @​module-federation/runtime-tools@​0.17.0
    • @​module-federation/manifest@​0.17.0
    • @​module-federation/rspack@​0.17.0
    • @​module-federation/inject-external-runtime-core-plugin@​0.17.0
    • @​module-federation/sdk@​0.17.0
    • @​module-federation/managers@​0.17.0
    • @​module-federation/bridge-react-webpack-plugin@​0.17.0
    • @​module-federation/error-codes@​0.17.0

0.16.0

Patch Changes

  • Updated dependencies [1485fcf]
    • @​module-federation/dts-plugin@​0.16.0
    • @​module-federation/sdk@​0.16.0
    • @​module-federation/cli@​0.16.0
    • @​module-federation/manifest@​0.16.0
    • @​module-federation/rspack@​0.16.0
    • @​module-federation/bridge-react-webpack-plugin@​0.16.0
    • @​module-federation/data-prefetch@​0.16.0
    • @​module-federation/managers@​0.16.0
    • @​module-federation/runtime-tools@​0.16.0
    • @​module-federation/inject-external-runtime-core-plugin@​0.16.0
    • @​module-federation/error-codes@​0.16.0

0.15.0

Patch Changes

  • ad446af: support || pipes in semver parsing
  • Updated dependencies [c343589]
  • Updated dependencies [f432619]
  • Updated dependencies [b5e1640]
    • @​module-federation/dts-plugin@​0.15.0
    • @​module-federation/manifest@​0.15.0
    • @​module-federation/cli@​0.15.0
    • @​module-federation/rspack@​0.15.0
    • @​module-federation/sdk@​0.15.0

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 18, 2025
@google-oss-prow google-oss-prow bot requested review from andreyvelich and pboyd July 18, 2025 20:29
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/clients/ui/frontend/multi-171384f635 branch from 18ab2ab to e92c65c Compare July 30, 2025 14:06
@dependabot
build(deps): bump esbuild and @module-federation/enhanced
6f6796c 
Bumps [esbuild](https://github.com/evanw/esbuild) to 0.25.5 and updates ancestor dependency [@module-federation/enhanced](https://github.com/module-federation/core/tree/HEAD/packages/enhanced). These dependencies need to be updated together.


Updates `esbuild` from 0.17.19 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md)
- [Commits](evanw/esbuild@v0.17.19...v0.25.5)

Updates `@module-federation/enhanced` from 0.13.1 to 0.17.0
- [Release notes](https://github.com/module-federation/core/releases)
- [Changelog](https://github.com/module-federation/core/blob/main/packages/enhanced/CHANGELOG.md)
- [Commits](https://github.com/module-federation/core/commits/v0.17.0/packages/enhanced)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.25.5
  dependency-type: indirect
- dependency-name: "@module-federation/enhanced"
  dependency-version: 0.17.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/clients/ui/frontend/multi-171384f635 branch from e92c65c to 6f6796c Compare August 7, 2025 18:07
@google-oss-prow google-oss-prow bot added the lgtm label Aug 18, 2025
@ederign
Copy link
Member

ederign commented Aug 18, 2025

/approve
/lgtm

@google-oss-prow
Copy link

google-oss-prow bot commented Aug 18, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ederign

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tarilabs
Copy link
Member

tarilabs commented Aug 18, 2025

@dependabot recreate

@google-oss-prow google-oss-prow bot merged commit 6a255e8 into main Aug 18, 2025
24 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/clients/ui/frontend/multi-171384f635 branch August 18, 2025 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ederign ederign ederign approved these changes

@andreyvelich andreyvelich Awaiting requested review from andreyvelich

@pboyd pboyd Awaiting requested review from pboyd

Assignees

@ederign ederign

Labels

approved Area/UI dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code lgtm size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ederign @tarilabs