The runner will automatically mask GitHub token formats it recognizes,
but sometimes a new pattern rolls out before the runner is updated to
recognize it.
- Group production and development dependency updates
- Configure dependency update commit prefixes to release on production
dependency updates
Dependabot commit messages before:
- `build(deps): bump semver from 7.5.1 to 7.5.4`
- `build(deps-dev): bump dotenv from 16.0.3 to 16.3.1`
Dependabot commit messages after:
- `fix(deps): bump semver from 7.5.1 to 7.5.4`
- `build(deps-dev): bump dotenv from 16.0.3 to 16.3.1` (no change to dev
dependencies)
- Run test on pull requests to the main branch instead of on every push
- Cancel in-progress workflows if a PR is updated (i.e., a new commit is
pushed) and the same workflows are triggered to run again
- Rename step ID from `demo` to `test`
---------
Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.17.19 to
0.19.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/evanw/esbuild/releases">esbuild's
releases</a>.</em></p>
<blockquote>
<h2>v0.19.2</h2>
<ul>
<li>
<p>Update how CSS nesting is parsed again</p>
<p>CSS nesting syntax has been changed again, and esbuild has been
updated to match. Type selectors may now be used with CSS nesting:</p>
<pre lang="css"><code>.foo {
div {
color: red;
}
}
</code></pre>
<p>Previously this was disallowed in the CSS specification because it's
ambiguous whether an identifier is a declaration or a nested rule
starting with a type selector without requiring unbounded lookahead in
the parser. It has now been allowed because the CSS working group has
decided that requiring unbounded lookahead is acceptable after all.</p>
<p>Note that this change means esbuild no longer considers any existing
browser to support CSS nesting since none of the existing browsers
support this new syntax. CSS nesting will now always be transformed when
targeting a browser. This situation will change in the future as
browsers add support for this new syntax.</p>
</li>
<li>
<p>Fix a scope-related bug with <code>--drop-labels=</code> (<a
href="https://redirect.github.com/evanw/esbuild/issues/3311">#3311</a>)</p>
<p>The recently-released <code>--drop-labels=</code> feature previously
had a bug where esbuild's internal scope stack wasn't being restored
properly when a statement with a label was dropped. This could manifest
as a tree-shaking issue, although it's possible that this could have
also been causing other subtle problems too. The bug has been fixed in
this release.</p>
</li>
<li>
<p>Make renamed CSS names unique across entry points (<a
href="https://redirect.github.com/evanw/esbuild/issues/3295">#3295</a>)</p>
<p>Previously esbuild's generated names for local names in CSS were only
unique within a given entry point (or across all entry points when code
splitting was enabled). That meant that building multiple entry points
with esbuild could result in local names being renamed to the same
identifier even when those entry points were built simultaneously within
a single esbuild API call. This problem was especially likely to happen
with minification enabled. With this release, esbuild will now avoid
renaming local names from two separate entry points to the same name if
those entry points were built with a single esbuild API call, even when
code splitting is disabled.</p>
</li>
<li>
<p>Fix CSS ordering bug with <code>@layer</code> before
<code>@import</code></p>
<p>CSS lets you put <code>@layer</code> rules before
<code>@import</code> rules to define the order of layers in a
stylesheet. Previously esbuild's CSS bundler incorrectly ordered these
after the imported files because before the introduction of cascade
layers to CSS, imported files could be bundled by removing the
<code>@import</code> rules and then joining files together in the right
order. But with <code>@layer</code>, CSS files may now need to be split
apart into multiple pieces in the bundle. For example:</p>
<pre><code>/* Original code */
@layer start;
@import "data:text/css,@layer inner.start;";
@import "data:text/css,@layer inner.end;";
@layer end;
<p>/* Old output (with --bundle) */
<a href="https://github.com/layer"><code>@layer</code></a> inner.start;
<a href="https://github.com/layer"><code>@layer</code></a> inner.end;
<a href="https://github.com/layer"><code>@layer</code></a> start;
<a href="https://github.com/layer"><code>@layer</code></a> end;</p>
<p>/* New output (with --bundle) */
<a href="https://github.com/layer"><code>@layer</code></a> start;
<a href="https://github.com/layer"><code>@layer</code></a> inner.start;
<a href="https://github.com/layer"><code>@layer</code></a> inner.end;
<a href="https://github.com/layer"><code>@layer</code></a> end;
</code></pre></p>
</li>
<li>
<p>Unwrap nested duplicate <code>@media</code> rules (<a
href="https://redirect.github.com/evanw/esbuild/issues/3226">#3226</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's
changelog</a>.</em></p>
<blockquote>
<h2>0.19.2</h2>
<ul>
<li>
<p>Update how CSS nesting is parsed again</p>
<p>CSS nesting syntax has been changed again, and esbuild has been
updated to match. Type selectors may now be used with CSS nesting:</p>
<pre lang="css"><code>.foo {
div {
color: red;
}
}
</code></pre>
<p>Previously this was disallowed in the CSS specification because it's
ambiguous whether an identifier is a declaration or a nested rule
starting with a type selector without requiring unbounded lookahead in
the parser. It has now been allowed because the CSS working group has
decided that requiring unbounded lookahead is acceptable after all.</p>
<p>Note that this change means esbuild no longer considers any existing
browser to support CSS nesting since none of the existing browsers
support this new syntax. CSS nesting will now always be transformed when
targeting a browser. This situation will change in the future as
browsers add support for this new syntax.</p>
</li>
<li>
<p>Fix a scope-related bug with <code>--drop-labels=</code> (<a
href="https://redirect.github.com/evanw/esbuild/issues/3311">#3311</a>)</p>
<p>The recently-released <code>--drop-labels=</code> feature previously
had a bug where esbuild's internal scope stack wasn't being restored
properly when a statement with a label was dropped. This could manifest
as a tree-shaking issue, although it's possible that this could have
also been causing other subtle problems too. The bug has been fixed in
this release.</p>
</li>
<li>
<p>Make renamed CSS names unique across entry points (<a
href="https://redirect.github.com/evanw/esbuild/issues/3295">#3295</a>)</p>
<p>Previously esbuild's generated names for local names in CSS were only
unique within a given entry point (or across all entry points when code
splitting was enabled). That meant that building multiple entry points
with esbuild could result in local names being renamed to the same
identifier even when those entry points were built simultaneously within
a single esbuild API call. This problem was especially likely to happen
with minification enabled. With this release, esbuild will now avoid
renaming local names from two separate entry points to the same name if
those entry points were built with a single esbuild API call, even when
code splitting is disabled.</p>
</li>
<li>
<p>Fix CSS ordering bug with <code>@layer</code> before
<code>@import</code></p>
<p>CSS lets you put <code>@layer</code> rules before
<code>@import</code> rules to define the order of layers in a
stylesheet. Previously esbuild's CSS bundler incorrectly ordered these
after the imported files because before the introduction of cascade
layers to CSS, imported files could be bundled by removing the
<code>@import</code> rules and then joining files together in the right
order. But with <code>@layer</code>, CSS files may now need to be split
apart into multiple pieces in the bundle. For example:</p>
<pre><code>/* Original code */
@layer start;
@import "data:text/css,@layer inner.start;";
@import "data:text/css,@layer inner.end;";
@layer end;
<p>/* Old output (with --bundle) */
<a href="https://github.com/layer"><code>@layer</code></a> inner.start;
<a href="https://github.com/layer"><code>@layer</code></a> inner.end;
<a href="https://github.com/layer"><code>@layer</code></a> start;
<a href="https://github.com/layer"><code>@layer</code></a> end;</p>
<p>/* New output (with --bundle) */
<a href="https://github.com/layer"><code>@layer</code></a> start;
<a href="https://github.com/layer"><code>@layer</code></a> inner.start;
<a href="https://github.com/layer"><code>@layer</code></a> inner.end;
<a href="https://github.com/layer"><code>@layer</code></a> end;
</code></pre></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/evanw/esbuild/commit/09a100124e9daef9e0be57d21cc7729c6f3516e7"><code>09a1001</code></a>
publish 0.19.2 to npm</li>
<li><a
href="https://github.com/evanw/esbuild/commit/4d9b764f11b8f52024c798f3e3361be9f575b1cc"><code>4d9b764</code></a>
fix <a
href="https://redirect.github.com/evanw/esbuild/issues/3311">#3311</a>:
pop scope after <code>--drop-labels=</code> runs</li>
<li><a
href="https://github.com/evanw/esbuild/commit/f2d23b294e41253062f6c49fd7e339dfb8019940"><code>f2d23b2</code></a>
fix some typos</li>
<li><a
href="https://github.com/evanw/esbuild/commit/e76780c041b15fbf5d273861af2a95707f1621f1"><code>e76780c</code></a>
css: further changes to css nesting syntax</li>
<li><a
href="https://github.com/evanw/esbuild/commit/71f4a5aff3c943d2f44c606337a9a4d5ef530e31"><code>71f4a5a</code></a>
update compat-table (note: css nesting changed)</li>
<li><a
href="https://github.com/evanw/esbuild/commit/eb667c35bd1c32b3ea2fc5f56326665298131b3a"><code>eb667c3</code></a>
css: try to merge adjacent <code>@layer</code> rules together</li>
<li><a
href="https://github.com/evanw/esbuild/commit/f7596931bb79ab8708dd630aa729d49bc68bbbbd"><code>f759693</code></a>
css: fix ordering with <code>@layer</code> before
<code>@import</code></li>
<li><a
href="https://github.com/evanw/esbuild/commit/c73f0f8fc9185f7b2335363a2f8b98e29077a327"><code>c73f0f8</code></a>
css: extract wrapping logic to a helper function</li>
<li><a
href="https://github.com/evanw/esbuild/commit/a05a2f9c7a91dbe32202f4e963c8aca9ec24481d"><code>a05a2f9</code></a>
css: make source index on compile results optional</li>
<li><a
href="https://github.com/evanw/esbuild/commit/bb16fb7a92f07136d4b5b6a07132367e6533dc59"><code>bb16fb7</code></a>
css: parser separates layers pre/post <code>@import</code></li>
<li>Additional commits viewable in <a
href="https://github.com/evanw/esbuild/compare/v0.17.19...v0.19.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configures Dependabot version updates, which enables Dependabot to open
pull requests automatically to keep dependencies up-to-date when new
versions are available.
- Update title
- Remove blockquote formatting from description to improve accessibility
- Capitalize "app" in "GitHub App" for consistency
- Add missing periods in unordered list
- Use new highlight syntax for note
Parker Brown