Comparing changes

Fixes #232

) This PR switches from evaluating values passed to `skip-token-revoke` as true if they are truthy in JavaScript, to using `getBooleanInput`. This change ensures that only proper YAML boolean values are recognized, preventing unintended evaluations to true. - The definition of `getBooleanInput` is here: definition of `core#getBooealnInput` is here: https://github.com/actions/toolkit/blob/930c89072712a3aac52d74b23338f00bb0cfcb24/packages/core/src/core.ts#L188-L208 The documentation states, `"If truthy, the token will not be revoked when the current job is complete"`, so this change could be considered a breaking change. This means that if there are users who rely on `truthy` and expect values like whitespace or `"false"` to be evaluated as true (though this is likely rare), it would be a breaking change. - `Boolean(" ")` and `Boolean("false")` are both evaluated as true. Alternatively, it can simply be considered a fix. How to handle this is up to the maintainer. Resolves #216

## [2.0.3](v2.0.2...v2.0.3) (2025-05-01) ### Bug Fixes * **README:** use `v2` in examples ([#234](#234)) ([9ba274d](9ba274d)), closes [#232](#232) * use `core.getBooleanInput()` to retrieve boolean input values ([#223](#223)) ([c3c17c7](c3c17c7))

This pull request fixes the handling of permissions inputs. - Updated `getPermissionsFromInputs` in `lib/get-permissions-from-inputs.js` to use hyphens (`INPUT_PERMISSION-`) instead of underscores (`INPUT_PERMISSION_`) in input keys, added a check to skip empty values, and clarified behavior when no permissions are set. - Added a `shouldRetry` function to retry requests when server errors (HTTP status 500 or higher) occur in the `main` function in `lib/main.js` to prevent unnecessary retries. - Updated test cases in `tests/main-token-permissions-set.test.js` to match the new input key format with hyphens. - Added a default empty string for unset inputs (e.g., `INPUT_PERMISSION-ADMINISTRATION`) in `tests/main.js` to simulate the behavior of the Actions runner. - Updated snapshots in `tests/snapshots/index.js.md` to reflect the updated hyphenated input keys in permissions. --------- Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>

## [2.0.4](v2.0.3...v2.0.4) (2025-05-02) ### Bug Fixes * permission input handling ([#243](#243)) ([2950cbc](2950cbc))

…5.2.0 in the github-actions group (#239) Bumps the github-actions group with 1 update: [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action). Updates `stefanzweifel/git-auto-commit-action` from 5.1.0 to 5.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's releases</a>.</em></p> <blockquote> <h2>v5.2.0</h2> <h2>Added</h2> <ul> <li>Add <code>create_git_tag_only</code> option to skip commiting and always create a git-tag. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364">#364</a>) <a href="https://github.com/@zMynxx"><code>@zMynxx</code></a></li> <li>Add Test for <code>create_git_tag_only</code> feature (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367">#367</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>docs: Update README.md per <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354">#354</a> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361">#361</a>) <a href="https://github.com/@rasa"><code>@rasa</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...HEAD">Unreleased</a></h2> <blockquote> <p>TBD</p> </blockquote> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.1.0...v5.2.0">v5.2.0</a> - 2025-04-19</h2> <h3>Added</h3> <ul> <li>Add <code>create_git_tag_only</code> option to skip commiting and always create a git-tag. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364">#364</a>) <a href="https://github.com/@zMynxx"><code>@zMynxx</code></a></li> <li>Add Test for <code>create_git_tag_only</code> feature (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367">#367</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>docs: Update README.md per <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354">#354</a> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361">#361</a>) <a href="https://github.com/@rasa"><code>@rasa</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.1...v5.1.0">v5.1.0</a> - 2025-01-11</h2> <h3>Changed</h3> <ul> <li>Include <code>github.actor_id</code> in default <code>commit_author</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/354">#354</a>) <a href="https://github.com/@parkerbxyz"><code>@parkerbxyz</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>docs(README): fix broken protected branch docs link (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/346">#346</a>) <a href="https://github.com/@scarf005"><code>@scarf005</code></a></li> <li>Update README.md (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/343">#343</a>) <a href="https://github.com/@Kludex"><code>@Kludex</code></a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Bump bats from 1.11.0 to 1.11.1 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/353">#353</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump github/super-linter from 6 to 7 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/342">#342</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump github/super-linter from 5 to 6 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/335">#335</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.0...v5.0.1">v5.0.1</a> - 2024-04-12</h2> <h3>Fixed</h3> <ul> <li>Fail if attempting to execute git commands in a directory that is not a git-repo. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/326">#326</a>) <a href="https://github.com/@ccomendant"><code>@ccomendant</code></a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Bump bats from 1.10.0 to 1.11.0 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/325">#325</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump release-drafter/release-drafter from 5 to 6 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/319">#319</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/b863ae1933cb653a53c021fe36dbb774e1fb9403"><code>b863ae1</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/367">#367</a> from stefanzweifel/stefanzweifel/git_tag_only_changes</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/adb37b5a29cc6a129145d9d032185cb98f85158c"><code>adb37b5</code></a> Update README</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/8480c68cbb7b1813d49aecb1164b935d6a72b726"><code>8480c68</code></a> Add Tests</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/4f8f3ad16ec3c524651ccc9ca4eb5f40cec44525"><code>4f8f3ad</code></a> Rename Input and add output</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/11a6e5f38f8fa069a6961f13d7e66aa4b78b62da"><code>11a6e5f</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/364">#364</a> from zmynx/master</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/35d037abf5810698ff3d047321be58dda3323986"><code>35d037a</code></a> Update README.md</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/bf425dc136587d034a8be6cec4b7fc67611d6e05"><code>bf425dc</code></a> Merge branch 'master' into master</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/cfd6ac4a3bab2e8adaa26e0374379af334adfc43"><code>cfd6ac4</code></a> Update git-auto-commit.bats</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/19379b46c9475e7b57e9a487de999197e859098a"><code>19379b4</code></a> Update git-auto-commit.bats</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/12e100dacb907a92e0dc82346eaf871f83e7847a"><code>12e100d</code></a> Update entrypoint.sh</li> <li>Additional commits viewable in <a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/e348103e9026cc0eee72ae06630dbe30c8bf7a79...b863ae1933cb653a53c021fe36dbb774e1fb9403">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=5.1.0&new-version=5.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@octokit/openapi](https://github.com/octokit/openapi) from 18.2.0 to 19.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/openapi/releases"><code>@octokit/openapi</code>'s releases</a>.</em></p> <blockquote> <h2>v19.0.0</h2> <h1><a href="https://github.com/octokit/openapi/compare/v18.2.0...v19.0.0">19.0.0</a> (2025-04-09)</h1> <h3>Features</h3> <ul> <li>new <code>/orgs/{org}/campaigns</code>, <code>/orgs/{org}/campaigns/{campaign_number}</code> endpoints, remove Copilot usage endpoints, description updates, remove GHES 3.12 (<a href="https://redirect.github.com/octokit/openapi/issues/491">#491</a>) (<a href="https://github.com/octokit/openapi/commit/709a8f01d55625236867dc02d452edb9545e0cf5">709a8f0</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>Drop GHES 3.12</li> <li>Remove Copilot usage endpoints</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/openapi/commit/709a8f01d55625236867dc02d452edb9545e0cf5"><code>709a8f0</code></a> feat: new <code>/orgs/{org}/campaigns</code>, <code>/orgs/{org}/campaigns/{campaign_number}</code> ...</li> <li><a href="https://github.com/octokit/openapi/commit/329c7ebe3749dc3e7f258df7abbad171a3228c71"><code>329c7eb</code></a> ci(action): update actions/create-github-app-token action to v2 (<a href="https://redirect.github.com/octokit/openapi/issues/490">#490</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/e2e9e6ede217eac96876c9165bc35a35411b51ee"><code>e2e9e6e</code></a> ci: replace <code>OCTOKITBOT_PROJECT_ACTION_TOKEN</code> and <code>OCTOKITBOT_PAT</code> with a tok...</li> <li><a href="https://github.com/octokit/openapi/commit/d59338c42c80d9dd122b7c589a49ba0e773fae8d"><code>d59338c</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/488">#488</a>)</li> <li>See full diff in <a href="https://github.com/octokit/openapi/compare/v18.2.0...v19.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@octokit/openapi&package-manager=npm_and_yarn&previous-version=18.2.0&new-version=19.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ectory with 3 updates (#244) Bumps the development-dependencies group with 3 updates in the / directory: [ava](https://github.com/avajs/ava), [dotenv](https://github.com/motdotla/dotenv) and [esbuild](https://github.com/evanw/esbuild). Updates `ava` from 6.2.0 to 6.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/avajs/ava/releases">ava's releases</a>.</em></p> <blockquote> <h2>v6.3.0</h2> <h2>What's Changed</h2> <ul> <li>Update dependencies, addressing <code>npm audit</code> warnings by <a href="https://github.com/novemberborn"><code>@novemberborn</code></a> in <a href="https://redirect.github.com/avajs/ava/pull/3377">avajs/ava#3377</a></li> <li>Do not count writes to stdout/stderr as non-idling activity for timeouts by <a href="https://github.com/mdouglass"><code>@mdouglass</code></a> in <a href="https://redirect.github.com/avajs/ava/pull/3374">avajs/ava#3374</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mdouglass"><code>@mdouglass</code></a> made their first contribution in <a href="https://redirect.github.com/avajs/ava/pull/3374">avajs/ava#3374</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/avajs/ava/compare/v6.2.0...v6.3.0">https://github.com/avajs/ava/compare/v6.2.0...v6.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/avajs/ava/commit/ca4240db7f81f67a540f9e20c4c1375110dbe598"><code>ca4240d</code></a> 6.3.0</li> <li><a href="https://github.com/avajs/ava/commit/f243cab3b3c2dc7d7b882121fe9ce4a54ec882f2"><code>f243cab</code></a> Do not count writes to stdout/stderr as non-idling activity for timeouts</li> <li><a href="https://github.com/avajs/ava/commit/4abb780b5baad1ccbeb9f57de03ce06a75a68c17"><code>4abb780</code></a> Update dependencies</li> <li>See full diff in <a href="https://github.com/avajs/ava/compare/v6.2.0...v6.3.0">compare view</a></li> </ul> </details> <br /> Updates `dotenv` from 16.4.7 to 16.5.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0">16.5.0</a> (2025-04-07)</h2> <h3>Added</h3> <ul> <li>🎉 Added new sponsor <a href="https://graphite.dev/?utm_source=github&utm_medium=repo&utm_campaign=dotenv">Graphite</a> - <em>the AI developer productivity platform helping teams on GitHub ship higher quality software, faster</em>.</li> </ul> <blockquote> <p>[!TIP] <strong><a href="https://github.com/sponsors/motdotla">Become a sponsor</a></strong></p> <p>The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.</p> </blockquote> <h3>Changed</h3> <ul> <li>Remove <code>_log</code> method. Use <code>_debug</code> <a href="https://redirect.github.com/motdotla/dotenv/pull/862">#862</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/motdotla/dotenv/commit/d39cc9a94ef80b534d02401ab99d17463e902385"><code>d39cc9a</code></a> 16.5.0</li> <li><a href="https://github.com/motdotla/dotenv/commit/2f4e407c73e66b822a96b6439b40ea94ced2409f"><code>2f4e407</code></a> Merge pull request <a href="https://redirect.github.com/motdotla/dotenv/issues/863">#863</a> from Fdawgs/patch-1</li> <li><a href="https://github.com/motdotla/dotenv/commit/a1eef11a7064dcdaf56d2bbdca1e58cfdcdcf5a4"><code>a1eef11</code></a> chore(package): add homepage url</li> <li><a href="https://github.com/motdotla/dotenv/commit/fb7e407892824b29817d02bc0ec911d00efe1dc2"><code>fb7e407</code></a> README update</li> <li><a href="https://github.com/motdotla/dotenv/commit/bf9113fad68ba352a02081ac1fada45f9e85e772"><code>bf9113f</code></a> README update</li> <li><a href="https://github.com/motdotla/dotenv/commit/9326f05f95cbac63f88da96a5b02852f789c9380"><code>9326f05</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/2e8da3018af610f18089c9246497b56943cdea6e"><code>2e8da30</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/3257b3adaf4f3a62346ed185869039325aa6e6db"><code>3257b3a</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/c0ca62c841fe36b2de8030d02533a1b80955abe8"><code>c0ca62c</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/797c5e9d6e9359bfae2b26f5c4aca8890531f7dd"><code>797c5e9</code></a> changelog 🪵</li> <li>Additional commits viewable in <a href="https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.25.2 to 0.25.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.25.3</h2> <ul> <li> <p>Fix lowered <code>async</code> arrow functions before <code>super()</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4141">#4141</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4142">#4142</a>)</p> <p>This change makes it possible to call an <code>async</code> arrow function in a constructor before calling <code>super()</code> when targeting environments without <code>async</code> support, as long as the function body doesn't reference <code>this</code>. Here's an example (notice the change from <code>this</code> to <code>null</code>):</p> <pre lang="js"><code>// Original code class Foo extends Object { constructor() { (async () => await foo())() super() } } <p>// Old output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(this, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }</p> <p>// New output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(null, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }<br /> </code></pre></p> <p>Some background: Arrow functions with the <code>async</code> keyword are transformed into generator functions for older language targets such as <code>--target=es2016</code>. Since arrow functions capture <code>this</code>, the generated code forwards <code>this</code> into the body of the generator function. However, JavaScript class syntax forbids using <code>this</code> in a constructor before calling <code>super()</code>, and this forwarding was problematic since previously happened even when the function body doesn't use <code>this</code>. Starting with this release, esbuild will now only forward <code>this</code> if it's used within the function body.</p> <p>This fix was contributed by <a href="https://github.com/magic-akari"><code>@magic-akari</code></a>.</p> </li> <li> <p>Fix memory leak with <code>--watch=true</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4131">#4131</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4132">#4132</a>)</p> <p>This release fixes a memory leak with esbuild when <code>--watch=true</code> is used instead of <code>--watch</code>. Previously using <code>--watch=true</code> caused esbuild to continue to use more and more memory for every rebuild, but <code>--watch=true</code> should now behave like <code>--watch</code> and not leak memory.</p> <p>This bug happened because esbuild disables the garbage collector when it's not run as a long-lived process for extra speed, but esbuild's checks for which arguments cause esbuild to be a long-lived process weren't updated for the new <code>--watch=true</code> style of boolean command-line flags. This has been an issue since this boolean flag syntax was added in version 0.14.24 in 2022. These checks are unfortunately separate from the regular argument parser because of how esbuild's internals are organized (the command-line interface is exposed as a separate <a href="https://pkg.go.dev/github.com/evanw/esbuild/pkg/cli">Go API</a> so you can build your own custom esbuild CLI).</p> <p>This fix was contributed by <a href="https://github.com/mxschmitt"><code>@mxschmitt</code></a>.</p> </li> <li> <p>More concise output for repeated legal comments (<a href="https://redirect.github.com/evanw/esbuild/issues/4139">#4139</a>)</p> <p>Some libraries have many files and also use the same legal comment text in all files. Previously esbuild would copy each legal comment to the output file. Starting with this release, legal comments duplicated across separate files will now be grouped in the output file by unique comment content.</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.25.3</h2> <ul> <li> <p>Fix lowered <code>async</code> arrow functions before <code>super()</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4141">#4141</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4142">#4142</a>)</p> <p>This change makes it possible to call an <code>async</code> arrow function in a constructor before calling <code>super()</code> when targeting environments without <code>async</code> support, as long as the function body doesn't reference <code>this</code>. Here's an example (notice the change from <code>this</code> to <code>null</code>):</p> <pre lang="js"><code>// Original code class Foo extends Object { constructor() { (async () => await foo())() super() } } <p>// Old output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(this, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }</p> <p>// New output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(null, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }<br /> </code></pre></p> <p>Some background: Arrow functions with the <code>async</code> keyword are transformed into generator functions for older language targets such as <code>--target=es2016</code>. Since arrow functions capture <code>this</code>, the generated code forwards <code>this</code> into the body of the generator function. However, JavaScript class syntax forbids using <code>this</code> in a constructor before calling <code>super()</code>, and this forwarding was problematic since previously happened even when the function body doesn't use <code>this</code>. Starting with this release, esbuild will now only forward <code>this</code> if it's used within the function body.</p> <p>This fix was contributed by <a href="https://github.com/magic-akari"><code>@magic-akari</code></a>.</p> </li> <li> <p>Fix memory leak with <code>--watch=true</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4131">#4131</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4132">#4132</a>)</p> <p>This release fixes a memory leak with esbuild when <code>--watch=true</code> is used instead of <code>--watch</code>. Previously using <code>--watch=true</code> caused esbuild to continue to use more and more memory for every rebuild, but <code>--watch=true</code> should now behave like <code>--watch</code> and not leak memory.</p> <p>This bug happened because esbuild disables the garbage collector when it's not run as a long-lived process for extra speed, but esbuild's checks for which arguments cause esbuild to be a long-lived process weren't updated for the new <code>--watch=true</code> style of boolean command-line flags. This has been an issue since this boolean flag syntax was added in version 0.14.24 in 2022. These checks are unfortunately separate from the regular argument parser because of how esbuild's internals are organized (the command-line interface is exposed as a separate <a href="https://pkg.go.dev/github.com/evanw/esbuild/pkg/cli">Go API</a> so you can build your own custom esbuild CLI).</p> <p>This fix was contributed by <a href="https://github.com/mxschmitt"><code>@mxschmitt</code></a>.</p> </li> <li> <p>More concise output for repeated legal comments (<a href="https://redirect.github.com/evanw/esbuild/issues/4139">#4139</a>)</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/677910b073194b64d5ae01aefd7a7465bbf5b27b"><code>677910b</code></a> publish 0.25.3 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/a41040efdbd6464ee7c3c5590105b4a4ae5a03be"><code>a41040e</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4110">#4110</a>: support custom non-IP <code>host</code> values</li> <li><a href="https://github.com/evanw/esbuild/commit/dfe0e1c632396da248d2d175a24fb0a4fe2c79ef"><code>dfe0e1c</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4114">#4114</a>: add a limit to css nesting expansion</li> <li><a href="https://github.com/evanw/esbuild/commit/a54916b92c128aa0596a65bcbafcde1074acf63d"><code>a54916b</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4139">#4139</a>: deduplicate repeated legal comments</li> <li><a href="https://github.com/evanw/esbuild/commit/dc60e6025da48d13ad2d2cc9e21472738099ce20"><code>dc60e60</code></a> run <code>make update-compat-table</code></li> <li><a href="https://github.com/evanw/esbuild/commit/d917038c97b3e859183cfbe426c46928f54e261a"><code>d917038</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4144">#4144</a>: node path resolution edge case</li> <li><a href="https://github.com/evanw/esbuild/commit/7ed168403b7609f1e557feffb3922955c313070a"><code>7ed1684</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4141">#4141</a>: Avoid redundant <code>this</code> access during async function lowering (<a href="https://redirect.github.com/evanw/esbuild/issues/4142">#4142</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/edc3a2343859404d1ec76e9ed05d01f64d677709"><code>edc3a23</code></a> docs(dev): update alias command for <code>make test-go</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4113">#4113</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/1ee8b6717ecd473b7f0d872a811f38fcd7879d85"><code>1ee8b67</code></a> workaround <code>process.exit()</code> not exiting in node</li> <li><a href="https://github.com/evanw/esbuild/commit/5c56e0737c63e209b6679eb97c940081f4d47772"><code>5c56e07</code></a> changelog note with credit for the fix</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.25.2...v0.25.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

## [2.0.5](v2.0.4...v2.0.5) (2025-05-02) ### Bug Fixes * **deps:** bump the production-dependencies group with 3 updates ([#240](#240)) ([d64d7d7](d64d7d7))

## [2.0.6](v2.0.5...v2.0.6) (2025-05-03) ### Bug Fixes * replace `-` with `_` ([#246](#246)) ([3336784](3336784))

Commits on Apr 10, 2025

docs: fix typo in CONTRIBUTING.md (#233 )

nakatani-yo authored Apr 10, 2025

View commit details

Copy full SHA for a3c826a

Browse repository at this point

a3c826a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Apr 10, 2025

Commits on Apr 25, 2025

Commits on May 1, 2025

Commits on May 2, 2025

Commits on May 3, 2025

This comparison is taking too long to generate.