chore(deps): update external fixes #53

renovate · 2025-05-19T13:55:27Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/workers-types	`4.20250510.0` → `4.20260111.0`
dotenv	`17.0.1` → `17.2.3`
esbuild	`0.25.4` → `0.27.2`
eslint-plugin-import	`2.31.0` → `2.32.0`
lint-staged	`16.0.0` → `16.2.7`
mocha (source)	`11.2.2` → `11.7.5`
semantic-release	`24.2.3` → `24.2.9`

Release Notes

cloudflare/workerd (@cloudflare/workers-types)

motdotla/dotenv (dotenv)

`v17.2.3`

Compare Source

Changed

Fixed typescript error definition (#912)

`v17.2.2`

Compare Source

Added

🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

`v17.2.1`

Compare Source

Changed

Fix clickable tip links by removing parentheses (#897)

`v17.2.0`

Compare Source

Added

Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

`v17.1.0`

Compare Source

Added

Add additional security and configuration tips to the runtime log (#884)
Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

evanw/esbuild (esbuild)

`v0.27.2`

Compare Source

Allow import path specifiers starting with #/ (#4361)

Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

This change was contributed by @hybrist.

Automatically add the -webkit-mask prefix (#4357, #4358)

This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

/* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}

/* Old output (with --target=chrome110) */
main {
  mask: url(x.png) center/5rem no-repeat;
}

/* New output (with --target=chrome110) */
main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
}

This change was contributed by @BPJEnnova.

Additional minification of switch statements (#4176, #4359)

This release contains additional minification patterns for reducing switch statements. Here is an example:

// Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}

// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}

// New output (with --minify)
x===0?foo():bar();

Forbid using declarations inside switch clauses (#4323)

This is a rare change to remove something that was previously possible. The Explicit Resource Management proposal introduced using declarations. These were previously allowed inside case and default clauses in switch statements. This had well-defined semantics and was already widely implemented (by V8, SpiderMonkey, TypeScript, esbuild, and others). However, it was considered to be too confusing because of how scope works in switch statements, so it has been removed from the specification. This edge case will now be a syntax error. See tc39/proposal-explicit-resource-management#215 and rbuckton/ecma262#14 for details.

Here is an example of code that is no longer allowed:
```
switch (mode) {
  case 'read':
    using readLock = db.read()
    return readAll(readLock)

  case 'write':
    using writeLock = db.write()
    return writeAll(writeLock)
}
```
That code will now have to be modified to look like this instead (note the additional { and } block statements around each case body):
```
switch (mode) {
  case 'read': {
    using readLock = db.read()
    return readAll(readLock)
  }
  case 'write': {
    using writeLock = db.write()
    return writeAll(writeLock)
  }
}
```
This is not being released in one of esbuild's breaking change releases since this feature hasn't been finalized yet, and esbuild always tracks the current state of the specification (so esbuild's previous behavior was arguably incorrect).

`v0.27.1`

Compare Source

Fix bundler bug with var nested inside if (#4348)

This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.
Fix minifier bug with for inside try inside label (#4351)

This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:
```
// Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}

// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}

// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}
```

Inline IIFEs containing a single expression (#4354)

Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

// Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}

// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();

// New output (with --minify)
const foo=()=>{console.log(x())};

The minifier now strips empty finally clauses (#4353)

This improvement means that finally clauses containing dea

Configuration

📅 Schedule: Branch creation - "after 2pm on Monday" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2026-01-20T16:54:51Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: rum-proxy@1.3.2
npm error Found: eslint@8.57.1
npm error node_modules/eslint
npm error   dev eslint@"8.57.1" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^9.0.0" from @adobe/eslint-config-helix@3.0.16
npm error node_modules/@adobe/eslint-config-helix
npm error   dev @adobe/eslint-config-helix@"3.0.16" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-01-25T02_44_49_444Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-01-25T02_44_49_444Z-debug-0.log

renovate-approve bot approved these changes May 19, 2025

View reviewed changes

renovate bot force-pushed the renovate-external-fixes branch 10 times, most recently from ff9a059 to 665fccc Compare May 25, 2025 04:25

renovate bot force-pushed the renovate-external-fixes branch 9 times, most recently from 6460df8 to d4e9706 Compare June 3, 2025 03:23

renovate bot force-pushed the renovate-external-fixes branch 9 times, most recently from 056a5cc to a76afb5 Compare June 10, 2025 10:48

renovate bot force-pushed the renovate-external-fixes branch from a76afb5 to 507bcf8 Compare June 11, 2025 14:55

renovate bot force-pushed the renovate-external-fixes branch 5 times, most recently from f060702 to 1e9cb20 Compare December 24, 2025 10:59

renovate bot force-pushed the renovate-external-fixes branch 6 times, most recently from b071562 to 29af3bb Compare December 31, 2025 03:01

renovate bot force-pushed the renovate-external-fixes branch 6 times, most recently from e44a77f to 06660c4 Compare January 8, 2026 02:31

renovate bot force-pushed the renovate-external-fixes branch 6 times, most recently from ad9b0f1 to dda1dbb Compare January 17, 2026 01:58

renovate bot force-pushed the renovate-external-fixes branch from dda1dbb to 7181ae1 Compare January 20, 2026 16:54

renovate bot force-pushed the renovate-external-fixes branch 3 times, most recently from e2f3edf to 38f4e0c Compare January 23, 2026 02:56

chore(deps): update external fixes

e252e3c

renovate bot force-pushed the renovate-external-fixes branch from 38f4e0c to e252e3c Compare January 25, 2026 02:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update external fixes #53

chore(deps): update external fixes #53

Uh oh!

renovate bot commented May 19, 2025 •

edited

Loading

Uh oh!

renovate bot commented Jan 20, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): update external fixes #53

Are you sure you want to change the base?

chore(deps): update external fixes #53

Uh oh!

Conversation

renovate bot commented May 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

renovate bot commented May 19, 2025 •

edited

Loading