Update dependency terser to v5.43.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
terser (source)	5.10.0 -> 5.43.1

---

Release Notes

terser/terser (terser)

v5.43.1

Compare Source

• Prevent niche optimizations that would move around block declarations
• Add lhs_constants to CompressOptions type (#​1621)

v5.43.0

Compare Source

• Do not wrap callbacks in parentheses (wrap_func_args format option is now false by default)
• Do not inline functions into for loops (for performance reasons)

v5.42.0

Compare Source

• Improved performance in the parse step by adding a fast path for simple identifiers.
• Improved ESTree conversion

v5.41.0

Compare Source

• fixed semicolon insertion between class fields, when the field names are number literals
• keep_numbers format option now works for bigint
• internal: correctly mark accessors' is_generator property
• internal: do not read or assign quote properties without need
• internal: add missing equivalent_to comparison

v5.40.0

Compare Source

• Fix exporting AssignmentExpression (default assign pattern) to ESTree
• Fix ESTree output of object keys with quotes
• Fix handling of an ESTree empty export {} (#​1601)
• Fix some const and let resulting from ESTree input (#​1599)

v5.39.2

Compare Source

• Fix crash when parsing bare yield inside a template string.
• Update internally used acorn version requirement

v5.39.1

Compare Source

• Fix bitwise operations that could mix BigInt and number

v5.39.0

Compare Source

• Remove unnecessary console.assert calls (#​1590)

v5.38.2

Compare Source

• internal: Flatten inheritance tree for object/class members

v5.38.1

Compare Source

• Fix inlining non-call expressions into an optional_call?.()

v5.38.0

Compare Source

• Remove console method-of-method calls (eg console.log.apply()) when drop_console option is used (#​1585)
• Remove more object spreads, such as { ...void !0 } (#​1142)

v5.37.0

Compare Source

• Reserved object properties from chrome extensions (domprops)
• Fix semicolon insertion between a class property without a semicolon a and a computed class property ["prop"]

v5.36.0

Compare Source

• Support import attributes with syntax

v5.35.0

Compare Source

• Ensure parent directory exists when using --output on CLI (#​1530)

v5.34.1

Compare Source

• bump the rollup devDependency to disable CVE warnings (Terser was not affected)

v5.34.0

Compare Source

• internal: stop assigning properties to objects they don't belong in
• internal: run compress tests in parallel
• drop_console: emit an empty function if the return value of console.METHOD(...) may be called.

v5.33.0

Compare Source

• reduce_vars improved when dealing with hoisted function definitions (#​1544)

v5.32.0

Compare Source

• import("module") can now be input and output from ESTree AST (#​1557)
• BigInt literals can now be input and output from ESTree AST (#​1555)
• typeof an object or array (typeof {} and typeof []) can now be statically evaluated. (#​1546)

v5.31.6

Compare Source

• Retain side effects in a case when the expression is a sequence (comma) expression

v5.31.5

Compare Source

• Revert v5.31.4, which created mysterious issues #​1548, #​1549

v5.31.4

Compare Source

• drop_unused: drop classes which only have side effects in the extends part

v5.31.3

Compare Source

• drop_unused: drop unused parameters from IIFEs in some more situations.

v5.31.2

Compare Source

• drop_unused: scan variables in self-referential class declarations that contain side effects.
• Don't add parens to arrow function when it's the default for an argument (#​1540)
• Update domprops (#​1538)

v5.31.1

Compare Source

• Allow drop-unused to drop the whole assignment (not just the assigned name) in more situations, in order to avoid duplication of long strings.

v5.31.0

Compare Source

• Sync up property mangler exceptions with current contents of Firefox and Chrome environments
• Add more webcomponent properties to property mangler exceptions (#​1525)
• Drop non-nullish constants in ...spreads in objects (#​1141)

v5.30.4

Compare Source

• Fix parsing #private in ... when next to other operators

v5.30.3

Compare Source

• Fix precedence of #private in ... operator

v5.30.2

Compare Source

• Avoid optimizations inside computed keys, because they can cause js-engine-specific bugs.

v5.30.1

Compare Source

• Removed useless \ escapes for non-ascii characters
• Make modern identifier characters quoted for older environments (#​1512)

v5.30.0

Compare Source

• Improve removal of classes referring to themselves

v5.29.2

Compare Source

• Make sure 'computed_props' creates string keys
• Take into account the evaluated size when inlining

v5.29.1

Compare Source

• fix optimisation of all-bits mask check

v5.29.0

Compare Source

• Re-releases previously reverted 5.28.0
• Fix crash while optimizing some bitwise ops
• (internal) Remove needless wrapper for from_moz (#​1499)

v5.28.1

Compare Source

(hotfix release)

• Reverts v5.28.0

v5.28.0

Compare Source

• Optimise redundant or shrinkable bitwise operations (|, ^, &, >>, <<)
• Evaluate some BigInt math operations

v5.27.2

Compare Source

• Recognise this as a reference to the surrounding class in drop_unused. Closes #​1472

v5.27.1

Compare Source

• Fixed case where collapse_vars inlines await expressions into non-async functions.

v5.27.0

Compare Source

• Created minify_sync() alternative to minify() since there's no async code left.

v5.26.0

Compare Source

• Do not take the /*#__PURE__*/ annotation into account when the side_effects compress option is off.
• The preserve_annotations option now automatically opts annotation comments in, instead of requiring the comments option to be configured for this.
• Refuse to parse empty parenthesized expressions (())

v5.25.0

Compare Source

• Regex properties added to reserved property mangler (#​1471)
• pure_new option added to drop unused new expressions.

v5.24.0

Compare Source

• Improve formatting performance in V8 by keeping a small work string and a large output string

v5.23.0

Compare Source

• When top_retain will keep a variable assignment around, inline the assignee when it's shorter than the name (#​1434)
• Remove empty class static {} blocks.

v5.22.0

Compare Source

• Do not unsafely shorten expressions like a?.toString() when they're conditional.
• Avoid running drop_unused in nodes that aren't scopes. Fixes a rare crash.
• When 'module' is enabled, assume strict mode when figuring out scopes.

v5.21.0

Compare Source

• Do not inline functions that would be retained in the toplevel (as this would cause code duplication).
• Fix precedence of arrow function and ternary operator when formatting output.

v5.20.0

Compare Source

• Passing minify() zero files will now throw a clean exception (#​1450)
• drop_console supports passing in an array of console.* method names (#​1445)
• New DOM properties from the WebGPU API have been added for use in the property mangler (#​1436)
• Internal code simplification (#​1437)

v5.19.4

Compare Source

• Prevent creating very deeply nested ternaries from a long list of if..return
• Prevent inlining classes into other functions, to avoid constructors being compared.

v5.19.3

Compare Source

• Fix side effect detection of optional?.chains.
• Add roundRect to domprops.js (#​1426)

v5.19.2

Compare Source

• fix performance hit from avoiding HTML comments in the output

v5.19.1

Compare Source

• Better avoid outputting </script> and HTML comments.
• Fix unused variables in class static blocks not being dropped correctly.
• Fix sourcemap names of methods that are async or static

v5.19.0

Compare Source

• Allow /*@​__MANGLE_PROP__*/ annotation in object.property, in addition to property declarations.

v5.18.2

Compare Source

• Stop using recursion in hoisted defuns fix.

v5.18.1

Compare Source

• Fix major performance issue caused by hoisted defuns' scopes bugfix.

v5.18.0

Compare Source

• Add new /*@​__MANGLE_PROP__*/ annotation, to mark properties that should be mangled.

v5.17.7

Compare Source

• Update some dependencies
• Add consistent sorting for v RegExp flag
• Add inert DOM attribute to domprops

v5.17.6

Compare Source

• Fixes to mozilla AST input and output, for class properties, private properties and static blocks
• Fix outputting a shorthand property in quotes when safari10 and ecma=2015 options are enabled
• configurable and enumerable, used in Object.defineProperty, added to domprops (#​1393)

v5.17.5

Compare Source

• Take into account the non-deferred bits of a class, such as static properties, while dropping unused code.

v5.17.4

Compare Source

• Fix crash when trying to negate a class (!class{})
• Avoid outputting comments between yield/await and its argument
• Fix detection of left-hand-side of assignment, to avoid optimizing it like any other expression in some edge cases

v5.17.3

Compare Source

• Fix issue with trimming a static class property's contents accessing the class as this.

v5.17.2

Compare Source

• Be less conservative when detecting use-before-definition of var in hoisted functions.
• Support unusual (but perfectly valid) initializers of for-in and for-of loops.
• Fix issue where hoisted function would be dropped if it was after a continue statement

v5.17.1

Compare Source

• Fix evaluating .length when the source array might've been mutated

v5.17.0

Compare Source

• Drop vestigial = undefined default argument in IIFE calls (#​1366)
• Evaluate known arrays' .length property when statically determinable
• Add @__KEY__ annotation to mangle string literals (#​1365)

v5.16.9

Compare Source

• Fix parentheses in output of optional chains (a?.b) (#​1374)
• More documentation on source maps (#​1368)
• New lhs_constants option, allowing to stop Terser from swapping comparison operands (#​1361)

v5.16.8

Compare Source

• Become even less conservative around function definitions for reduce_vars
• Fix parsing context of import.meta expressions such that method calls are allowed

v5.16.6

Compare Source

• Become less conservative with analyzing function definitions for reduce_vars
• Parse import.meta as a real AST node and not an object.property

v5.16.5

Compare Source

• Correctly handle AST transform functions that mutate children arrays
• Don't mutate the options object passed to Terser (#​1342)
• Do not treat BigInt like a number

v5.16.4

Compare Source

• Keep (defaultArg = undefined) => ..., because default args don't count for function length
• Prevent inlining variables into ?. optional chains
• Avoid removing unused arguments while transforming
• Optimize iterating AST node lists
• Make sure catch and finally aren't children of try in the AST
• Use modern unicode property escapes (\p{...}) to parse identifiers when available

v5.16.3

Compare Source

• Ensure function definitions, don't assume the values of variables defined after them.

v5.16.2

Compare Source

• Fix sourcemaps with non-ascii characters (#​1318)
• Support string module name and export * as (#​1336)
• Do not move let out of for initializers, as it can change scoping
• Fix a corner case that would generate the invalid syntax if (something) let x ("let" in braceless if body)
• Knowledge of more native object properties (#​1330)
• Got rid of Travis (#​1323)
• Added semi-secret asObject sourcemap option to typescript defs (#​1321)

v5.16.1

Compare Source

• Properly handle references in destructurings (const { [reference]: val } = ...)
• Allow parsing of .#privatefield in nested classes
• Do not evaluate operations that return large strings if that would make the output code larger
• Make collapse_vars handle block scope correctly
• Internal improvements: Typos (#​1311), more tests, small-scale refactoring

v5.16.0

Compare Source

• Disallow private fields in object bodies (#​1011)
• Parse #privatefield in object (#​1279)
• Compress #privatefield in object

v5.15.1

Compare Source

• Fixed missing parentheses around optional chains
• Avoid bare let or const as the bodies of if statements (#​1253)
• Small internal fixes (#​1271)
• Avoid inlining a class twice and creating two equivalent but !== classes.

v5.15.0

Compare Source

• Basic support for ES2022 class static initializer blocks.
• Add AudioWorkletNode constructor options to domprops list (#​1230)
• Make identity function inliner not inline id(...expandedArgs)

v5.14.2

Compare Source

• Security fix for RegExps that should not be evaluated (regexp DDOS)
• Source maps improvements (#​1211)
• Performance improvements in long property access evaluation (#​1213)

v5.14.1

Compare Source

• keep_numbers option added to TypeScript defs (#​1208)
• Fixed parsing of nested template strings (#​1204)

v5.14.0

Compare Source

• Switched to @​jridgewell/source-map for sourcemap generation (#​1190, #​1181)
• Fixed source maps with non-terminated segments (#​1106)
• Enabled typescript types to be imported from the package (#​1194)
• Extra DOM props have been added (#​1191)
• Delete the AST while generating code, as a means to save RAM

v5.13.1

Compare Source

• Removed self-assignments (varname=varname) (closes #​1081)
• Separated inlining code (for inlining things into references, or removing IIFEs)
• Allow multiple identifiers with the same name in var destructuring (eg var { a, a } = x) (#​1176)

v5.13.0

Compare Source

• All calls to eval() were removed (#​1171, #​1184)
• source-map was updated to 0.8.0-beta.0 (#​1164)
• NavigatorUAData was added to domprops to avoid property mangling (#​1166)

v5.12.1

Compare Source

• Fixed an issue with function definitions inside blocks (#​1155)
• Fixed parens of new in some situations (closes #​1159)

v5.12.0

Compare Source

• TERSER_DEBUG_DIR environment variable
• @​copyright comments are now preserved with the comments="some" option (#​1153)

v5.11.0

Compare Source

• Unicode code point escapes (\u{abcde}) are not emitted inside RegExp literals anymore (#​1147)
• acorn is now a regular dependency

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report