build(deps): bump esbuild from 0.25.8 to 0.25.9 #1903

dependabot · 2025-08-18T16:04:07Z

Bumps esbuild from 0.25.8 to 0.25.9.

Release notes

v0.25.9
Better support building projects that use Yarn on Windows (#3131, #3663)

With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive

Some developers put their projects on the D: drive

Yarn generates relative paths that use ../.. to get from the project directory to the cache directory

Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)

I didn't have access to a Windows machine for testing this edge case

Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.
Preserve parentheses around function expressions (#4252)

The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:
// Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())
// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
return fn1();
}());
// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
return fn1();
})());
Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.
Update Go from 1.23.10 to 1.23.12 (#4257, #4258)

This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

Changelog

Sourced from esbuild's changelog.

0.25.9
Better support building projects that use Yarn on Windows (#3131, #3663)

With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive

Some developers put their projects on the D: drive

Yarn generates relative paths that use ../.. to get from the project directory to the cache directory

Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)

I didn't have access to a Windows machine for testing this edge case

Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.
Preserve parentheses around function expressions (#4252)

The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:
// Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())
// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
return fn1();
}());
// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
return fn1();
})());
Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.
Update Go from 1.23.10 to 1.23.12 (#4257, #4258)

This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

Commits

195e05c publish 0.25.9 to npm
3dac33f fix #3131, fix #3663: yarnpnp + windows + D drive
0f2c5c8 mock fs now supports multiple volumes on windows
100a51e split out yarnpnp snapshot tests
13aace3 remove C: assumption from windows snapshot tests
f1f413f fix #4252: preserve parentheses around functions
1bc8091 fix #4257, close #4258: go 1.23.10 => 1.23.12
bc52135 move the go compiler version to go.version
a0af5d1 makefile: use ESBUILD_VERSION consistently
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.25.8 to 0.25.9. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.8...v0.25.9) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

netlify · 2025-08-18T16:04:11Z

✅ Deploy Preview for content-scope-scripts canceled.

Name	Link
🔨 Latest commit	`eec3892`
🔍 Latest deploy log	https://app.netlify.com/projects/content-scope-scripts/deploys/68a34efa2dcbf00008f2be53

github-actions · 2025-08-18T16:04:43Z

Temporary Branch Update

The temporary branch has been updated with the latest changes. Below are the details:

Branch Name: pr-releases/pr-1903
Commit Hash: 543ed14602fca4928d28172c09d312c66cc38aa5
Last Updated: August 18, 2025 at 4:04:42 PM UTC
Install Command: npm i github:duckduckgo/content-scope-scripts#543ed14602fca4928d28172c09d312c66cc38aa5

Please use the above install command to update to the latest version.

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.25.8 to 0.25.9. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.8...v0.25.9) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Initial Android adsjs bundle * Rename output script to something more sensible * Add inject name * lint fix * PoC messaging adsjs * Removal of ports argument * Change up wrapping * Fix up typing * Enable share on iframes and fix support issues * Revert "Enable share on iframes and fix support issues" This reverts commit 51f7413. * Inject name conditional (#1884) * Add enum devices debugging * Disable device enumeration remotely * Fix lint * Add frame flexibility * Move to webCompat * Conditional frame matching * Test case * Frame test changes, still not working * Fix up frame testing * Simplify test checks * Remove bundle for debugging * Add injectName conditional matching * Improve comment * build(deps): bump immutable-json-patch from 6.0.1 to 6.0.2 (#1873) * build(deps): bump immutable-json-patch from 6.0.1 to 6.0.2 Bumps [immutable-json-patch](https://github.com/josdejong/immutable-json-patch) from 6.0.1 to 6.0.2. - [Changelog](https://github.com/josdejong/immutable-json-patch/blob/main/CHANGELOG.md) - [Commits](https://github.com/josdejong/immutable-json-patch/commits) --- updated-dependencies: - dependency-name: immutable-json-patch dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Fix replace state tests * Add failure case if the library behaviour is now reverted --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jonathan Kingston <jkingston@duckduckgo.com> * build(deps-dev): bump eslint from 9.32.0 to 9.33.0 in the eslint group (#1886) Bumps the eslint group with 1 update: [eslint](https://github.com/eslint/eslint). Updates `eslint` from 9.32.0 to 9.33.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v9.32.0...v9.33.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 9.33.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: eslint ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump @rive-app/canvas-single from 2.30.4 to 2.31.1 (#1885) Bumps [@rive-app/canvas-single](https://github.com/rive-app/rive-wasm) from 2.30.4 to 2.31.1. - [Changelog](https://github.com/rive-app/rive-wasm/blob/master/CHANGELOG.md) - [Commits](rive-app/rive-wasm@2.30.4...2.31.1) --- updated-dependencies: - dependency-name: "@rive-app/canvas-single" dependency-version: 2.31.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix context menu by filtering fake widgets starting with underscore (#1888) The context menu was including fake widgets (like _omnibar-toggleAi for Duck.ai toggle) which caused issues with native app integration. This change: - Updates useContextMenu() to filter out all widgets with IDs starting with '_' - Renames debug widget ID from 'debug' to '_debug' for consistency - Adds integration test to verify only real widgets appear in context menu 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com> * NTP: Omnibar design fixes i2 (#1889) * Remove focusRing state and update popup focus styles: - Show rest state by defualt - Show focus state only when input/textarea is selected and empty - Show suggestions state only when suggestions list is open * Make close button clear input and hide suggestions in one click * Adjust padding around X button in SearchForm * Refocus input after clearing search term * Fix spacer height to accommodate largest tab without animation * Use --ntp-surface-tertiary (with correct value from Figma) when using default background and --ntp-surface-background-color when using a custom background * Use dark mode icons in TabSwitcher * Adjust omnibar and tab switcher background when using a custom background * Update ntp-controls-raised-backdrop color variables * Update SearchColorIcon and AiChatColorIcon SVG gradients and colors * feat: Add Duck.ai icon for RMF, update a couple other RMF icons (#1892) * feat: Add Duck.ai icon for RMF, update a couple other icons * fix: example * rm: overflow2 example * Replace newlines with spaces when switching from Duck.ai to Search tab. (#1894) This matches how SERP behaves * NTP: Refine omnibar background, outline, and elevation styles (#1893) * Refine popup background, outline, and elevation styles * Update CloseSmallIcon * Fix lint warnings (#1890) * Refactor variable names and improve type safety in customizer and build scripts Co-authored-by: randerson <randerson@duckduckgo.com> * Don't typecast to any --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> * Force search mode when Duck.ai is disabled in Omnibar (#1895) * build(deps): bump @rive-app/canvas-single from 2.31.1 to 2.31.2 (#1902) Bumps [@rive-app/canvas-single](https://github.com/rive-app/rive-wasm) from 2.31.1 to 2.31.2. - [Changelog](https://github.com/rive-app/rive-wasm/blob/master/CHANGELOG.md) - [Commits](rive-app/rive-wasm@2.31.1...2.31.2) --- updated-dependencies: - dependency-name: "@rive-app/canvas-single" dependency-version: 2.31.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump esbuild from 0.25.8 to 0.25.9 (#1903) Bumps [esbuild](https://github.com/evanw/esbuild) from 0.25.8 to 0.25.9. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.8...v0.25.9) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump actions/checkout from 4 to 5 (#1901) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add initial ping message * Fix tests * Remove frame limitation * Add breakageReporting to bundle * Add apiManipulation to the new bundle --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Cris Barreiro <cbarreiro@duckduckgo.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Robert Anderson <randerson@duckduckgo.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Valerie Kraucunas <vkraucunas@duckduckgo.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com>

dependabot bot added dependencies Update one or more dependencies version patch Increment the patch version when merged labels Aug 18, 2025

dependabot bot requested a review from a team as a code owner August 18, 2025 16:04

dependabot bot added dependencies Update one or more dependencies version patch Increment the patch version when merged labels Aug 18, 2025

jonathanKingston enabled auto-merge August 18, 2025 16:09

jonathanKingston approved these changes Aug 18, 2025

View reviewed changes

jonathanKingston added this pull request to the merge queue Aug 18, 2025

Merged via the queue into main with commit 4a4020c Aug 18, 2025
17 checks passed

jonathanKingston deleted the dependabot/npm_and_yarn/main/esbuild-0.25.9 branch August 18, 2025 17:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump esbuild from 0.25.8 to 0.25.9 #1903

build(deps): bump esbuild from 0.25.8 to 0.25.9 #1903

Uh oh!

dependabot bot commented on behalf of github Aug 18, 2025

Uh oh!

netlify bot commented Aug 18, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Aug 18, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

build(deps): bump esbuild from 0.25.8 to 0.25.9 #1903

build(deps): bump esbuild from 0.25.8 to 0.25.9 #1903

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 18, 2025

v0.25.9

0.25.9

Uh oh!

netlify bot commented Aug 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for content-scope-scripts canceled.

Uh oh!

github-actions bot commented Aug 18, 2025

Temporary Branch Update

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

netlify bot commented Aug 18, 2025 •

edited

Loading