chore(deps): update dependency terser to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
terser (source)	^4.8.1 -> ^5.0.0

---

Release Notes

terser/terser (terser)

v5.37.0

Compare Source

• Reserved object properties from chrome extensions (domprops)
• Fix semicolon insertion between a class property without a semicolon a and a computed class property ["prop"]

v5.36.0

Compare Source

• Support import attributes with syntax

v5.35.0

Compare Source

• Ensure parent directory exists when using --output on CLI (#​1530)

v5.34.1

Compare Source

• bump the rollup devDependency to disable CVE warnings (Terser was not affected)

v5.34.0

Compare Source

• internal: stop assigning properties to objects they don't belong in
• internal: run compress tests in parallel
• drop_console: emit an empty function if the return value of console.METHOD(...) may be called.

v5.33.0

Compare Source

• reduce_vars improved when dealing with hoisted function definitions (#​1544)

v5.32.0

Compare Source

• import("module") can now be input and output from ESTree AST (#​1557)
• BigInt literals can now be input and output from ESTree AST (#​1555)
• typeof an object or array (typeof {} and typeof []) can now be statically evaluated. (#​1546)

v5.31.6

Compare Source

• Retain side effects in a case when the expression is a sequence (comma) expression

v5.31.5

Compare Source

• Revert v5.31.4, which created mysterious issues #​1548, #​1549

v5.31.4

Compare Source

• drop_unused: drop classes which only have side effects in the extends part

v5.31.3

Compare Source

• drop_unused: drop unused parameters from IIFEs in some more situations.

v5.31.2

Compare Source

• drop_unused: scan variables in self-referential class declarations that contain side effects.
• Don't add parens to arrow function when it's the default for an argument (#​1540)
• Update domprops (#​1538)

v5.31.1

Compare Source

• Allow drop-unused to drop the whole assignment (not just the assigned name) in more situations, in order to avoid duplication of long strings.

v5.31.0

Compare Source

• Sync up property mangler exceptions with current contents of Firefox and Chrome environments
• Add more webcomponent properties to property mangler exceptions (#​1525)
• Drop non-nullish constants in ...spreads in objects (#​1141)

v5.30.4

Compare Source

• Fix parsing #private in ... when next to other operators

v5.30.3

Compare Source

• Fix precedence of #private in ... operator

v5.30.2

Compare Source

• Avoid optimizations inside computed keys, because they can cause js-engine-specific bugs.

v5.30.1

Compare Source

• Removed useless \ escapes for non-ascii characters
• Make modern identifier characters quoted for older environments (#​1512)

v5.30.0

Compare Source

• Improve removal of classes referring to themselves

v5.29.2

Compare Source

• Make sure 'computed_props' creates string keys
• Take into account the evaluated size when inlining

v5.29.1

Compare Source

• fix optimisation of all-bits mask check

v5.29.0

Compare Source

• Re-releases previously reverted 5.28.0
• Fix crash while optimizing some bitwise ops
• (internal) Remove needless wrapper for from_moz (#​1499)

v5.28.1

Compare Source

(hotfix release)

• Reverts v5.28.0

v5.28.0

Compare Source

• Optimise redundant or shrinkable bitwise operations (|, ^, &, >>, <<)
• Evaluate some BigInt math operations

v5.27.2

Compare Source

• Recognise this as a reference to the surrounding class in drop_unused. Closes #​1472

v5.27.1

Compare Source

• Fixed case where collapse_vars inlines await expressions into non-async functions.

v5.27.0

Compare Source

• Created minify_sync() alternative to minify() since there's no async code left.

v5.26.0

Compare Source

• Do not take the /*#__PURE__*/ annotation into account when the side_effects compress option is off.
• The preserve_annotations option now automatically opts annotation comments in, instead of requiring the comments option to be configured for this.
• Refuse to parse empty parenthesized expressions (())

v5.25.0

Compare Source

• Regex properties added to reserved property mangler (#​1471)
• pure_new option added to drop unused new expressions.

v5.24.0

Compare Source

• Improve formatting performance in V8 by keeping a small work string and a large output string

v5.23.0

Compare Source

• When top_retain will keep a variable assignment around, inline the assignee when it's shorter than the name (#​1434)
• Remove empty class static {} blocks.

v5.22.0

Compare Source

• Do not unsafely shorten expressions like a?.toString() when they're conditional.
• Avoid running drop_unused in nodes that aren't scopes. Fixes a rare crash.
• When 'module' is enabled, assume strict mode when figuring out scopes.

v5.21.0

Compare Source

• Do not inline functions that would be retained in the toplevel (as this would cause code duplication).
• Fix precedence of arrow function and ternary operator when formatting output.

v5.20.0

Compare Source

• Passing minify() zero files will now throw a clean exception (#​1450)
• drop_console supports passing in an array of console.* method names (#​1445)
• New DOM properties from the WebGPU API have been added for use in the property mangler (#​1436)
• Internal code simplification (#​1437)

v5.19.4

Compare Source

• Prevent creating very deeply nested ternaries from a long list of if..return
• Prevent inlining classes into other functions, to avoid constructors being compared.

v5.19.3

Compare Source

• Fix side effect detection of optional?.chains.
• Add roundRect to domprops.js (#​1426)

v5.19.2

Compare Source

• fix performance hit from avoiding HTML comments in the output

v5.19.1

Compare Source

• Better avoid outputting </script> and HTML comments.
• Fix unused variables in class static blocks not being dropped correctly.
• Fix sourcemap names of methods that are async or static

v5.19.0

Compare Source

• Allow /*@​__MANGLE_PROP__*/ annotation in object.property, in addition to property declarations.

v5.18.2

Compare Source

• Stop using recursion in hoisted defuns fix.

v5.18.1

Compare Source

• Fix major performance issue caused by hoisted defuns' scopes bugfix.

v5.18.0

Compare Source

• Add new /*@​__MANGLE_PROP__*/ annotation, to mark properties that should be mangled.

v5.17.7

Compare Source

• Update some dependencies
• Add consistent sorting for v RegExp flag
• Add inert DOM attribute to domprops

v5.17.6

Compare Source

• Fixes to mozilla AST input and output, for class properties, private properties and static blocks
• Fix outputting a shorthand property in quotes when safari10 and ecma=2015 options are enabled
• configurable and enumerable, used in Object.defineProperty, added to domprops (#​1393)

v5.17.5

Compare Source

• Take into account the non-deferred bits of a class, such as static properties, while dropping unused code.

v5.17.4

Compare Source

• Fix crash when trying to negate a class (!class{})
• Avoid outputting comments between yield/await and its argument
• Fix detection of left-hand-side of assignment, to avoid optimizing it like any other expression in some edge cases

v5.17.3

Compare Source

• Fix issue with trimming a static class property's contents accessing the class as this.

v5.17.2

Compare Source

• Be less conservative when detecting use-before-definition of var in hoisted functions.
• Support unusual (but perfectly valid) initializers of for-in and for-of loops.
• Fix issue where hoisted function would be dropped if it was after a continue statement

v5.17.1

Compare Source

• Fix evaluating .length when the source array might've been mutated

v5.17.0

Compare Source

• Drop vestigial = undefined default argument in IIFE calls (#​1366)
• Evaluate known arrays' .length property when statically determinable
• Add @__KEY__ annotation to mangle string literals (#​1365)

v5.16.9

Compare Source

• Fix parentheses in output of optional chains (a?.b) (#​1374)
• More documentation on source maps (#​1368)
• New lhs_constants option, allowing to stop Terser from swapping comparison operands (#​1361)

v5.16.8

Compare Source

• Become even less conservative around function definitions for reduce_vars
• Fix parsing context of import.meta expressions such that method calls are allowed

v5.16.6

Compare Source

• Become less conservative with analyzing function definitions for reduce_vars
• Parse import.meta as a real AST node and not an object.property

v5.16.5

Compare Source

• Correctly handle AST transform functions that mutate children arrays
• Don't mutate the options object passed to Terser (#​1342)
• Do not treat BigInt like a number

v5.16.4

Compare Source

• Keep (defaultArg = undefined) => ..., because default args don't count for function length
• Prevent inlining variables into ?. optional chains
• Avoid removing unused arguments while transforming
• Optimize iterating AST node lists
• Make sure catch and finally aren't children of try in the AST
• Use modern unicode property escapes (\p{...}) to parse identifiers when available

v5.16.3

Compare Source

• Ensure function definitions, don't assume the values of variables defined after them.

v5.16.2

Compare Source

• Fix sourcemaps with non-ascii characters (#​1318)
• Support string module name and export * as (#​1336)
• Do not move let out of for initializers, as it can change scoping
• Fix a corner case that would generate the invalid syntax if (something) let x ("let" in braceless if body)
• Knowledge of more native object properties (#​1330)
• Got rid of Travis (#​1323)
• Added semi-secret asObject sourcemap option to typescript defs (#​1321)

v5.16.1

Compare Source

• Properly handle references in destructurings (const { [reference]: val } = ...)
• Allow parsing of .#privatefield in nested classes
• Do not evaluate operations that return large strings if that would make the output code larger
• Make collapse_vars handle block scope correctly
• Internal improvements: Typos (#​1311), more tests, small-scale refactoring

v5.16.0

Compare Source

• Disallow private fields in object bodies (#​1011)
• Parse #privatefield in object (#​1279)
• Compress #privatefield in object

v5.15.1

Compare Source

• Fixed missing parentheses around optional chains
• Avoid bare let or const as the bodies of if statements (#​1253)
• Small internal fixes (#​1271)
• Avoid inlining a class twice and creating two equivalent but !== classes.

v5.15.0

Compare Source

• Basic support for ES2022 class static initializer blocks.
• Add AudioWorkletNode constructor options to domprops list (#​1230)
• Make identity function inliner not inline id(...expandedArgs)

v5.14.2

Compare Source

• Security fix for RegExps that should not be evaluated (regexp DDOS)
• Source maps improvements (#​1211)
• Performance improvements in long property access evaluation (#​1213)

v5.14.1

Compare Source

• keep_numbers option added to TypeScript defs (#​1208)
• Fixed parsing of nested template strings (#​1204)

v5.14.0

Compare Source

• Switched to @​jridgewell/source-map for sourcemap generation (#​1190, #​1181)
• Fixed source maps with non-terminated segments (#​1106)
• Enabled typescript types to be imported from the package (#​1194)
• Extra DOM props have been added (#​1191)
• Delete the AST while generating code, as a means to save RAM

v5.13.1

Compare Source

• Removed self-assignments (varname=varname) (closes #​1081)
• Separated inlining code (for inlining things into references, or removing IIFEs)
• Allow multiple identifiers with the same name in var destructuring (eg var { a, a } = x) (#​1176)

v5.13.0

Compare Source

• All calls to eval() were removed (#​1171, #​1184)
• source-map was updated to 0.8.0-beta.0 (#​1164)
• NavigatorUAData was added to domprops to avoid property mangling (#​1166)

v5.12.1

Compare Source

• Fixed an issue with function definitions inside blocks (#​1155)
• Fixed parens of new in some situations (closes #​1159)

v5.12.0

Compare Source

• TERSER_DEBUG_DIR environment variable
• @​copyright comments are now preserved with the comments="some" option (#​1153)

v5.11.0

Compare Source

• Unicode code point escapes (\u{abcde}) are not emitted inside RegExp literals anymore (#​1147)
• acorn is now a regular dependency

v5.10.0

Compare Source

• Massive optimization to max_line_len (#​1109)
• Basic support for import assertions
• Marked ES2022 Object.hasOwn as a pure function
• Fix delete optional?.property
• New CI/CD pipeline with github actions (#​1057)
• Fix reordering of switch branches (#​1092), (#​1084)
• Fix error when creating a class property called get
• Acorn dependency is now an optional peerDependency
• Fix mangling collision with exported variables (#​1072)
• Fix an issue with return someVariable = (async () => { ... })() (#​1073)

v5.9.0

Compare Source

• Collapsing switch cases with the same bodies (even if they're not next to each other) (#​1070).
• Fix evaluation of optional chain expressions (#​1062)
• Fix mangling collision in ESM exports (#​1063)
• Fix issue with mutating function objects after a second pass (#​1047)
• Fix for inlining object spread { ...obj } (#​1071)
• Typescript typings fix (#​1069)

v5.8.0

Compare Source

• Fixed shadowing variables while moving code in some cases (#​1065)
• Stop mangling computed & quoted properties when keep_quoted is enabled.
• Fix for mangling private getter/setter and .#private access (#​1060, #​1068)
• Array.from has a new optimization when the unsafe option is set (#​737)
• Mangle/propmangle let you generate your own identifiers through the nth_identifier option (#​1061)
• More optimizations to switch statements (#​1044)

v5.7.2

Compare Source

• Fixed issues with compressing functions defined in global_defs option (#​1036)
• New recipe for using Terser in gulp was added to RECIPES.md (#​1035)
• Fixed issues with ?? and ?. (#​1045)
• Future reserved words such as package no longer require you to disable strict mode to be used as names.
• Refactored huge compressor file into multiple more focused files.
• Avoided unparenthesized in operator in some for loops (it breaks parsing because of for..in loops)
• Improved documentation (#​1021, #​1025)
• More type definitions (#​1021)

v5.7.1

Compare Source

• Avoided collapsing assignments together if it would place a chain assignment on the left hand side, which is invalid syntax (a?.b = c)
• Removed undefined from object expansions ({ ...void 0 } -> {})
• Fix crash when checking if something is nullish or undefined (#​1009)
• Fixed comparison of private class properties (#​1015)
• Minor performance improvements (#​993)
• Fixed scope of function defs in strict mode (they are block scoped)

v5.7.0

Compare Source

• Several compile-time evaluation and inlining fixes
• Allow reduce_funcs to be disabled again.
• Add spidermonkey options to parse and format (#​974)
• Accept {get = "default val"} and {set = "default val"} in destructuring arguments.
• Change package.json export map to help require.resolve (#​971)
• Improve docs
• Fix export default of an anonymous class with extends

v5.6.1

Compare Source

• Mark assignments to the .prototype of a class as pure
• Parenthesize await on the left of ** (while accepting legacy non-parenthesised input)
• Avoided outputting NUL bytes in optimized RegExps, to stop the output from breaking other tools
• Added exports to domprops (#​939)
• Fixed a crash when spreading ...this
• Fixed the computed size of arrow functions, which improves their inlining

v5.6.0

Compare Source

• Added top-level await
• Beautify option has been removed in #​895
• Private properties, getters and setters have been added in #​913 and some more commits
• Docs improvements: #​896, #​903, #​916

v5.5.1

Compare Source

• Fixed object properties with unicode surrogates on safari.

v5.5.0

Compare Source

• Fixed crash when inlining uninitialized variable into template string.
• The sourcemap for dist was removed for being too large.

v5.4.0

Compare Source

• Logical assignment
• Change let x = undefined to just let x
• Removed some optimizations for template strings, placing them behind unsafe options. Reason: adding strings is not equivalent to template strings, due to valueOf differences.
• The AST_Token class was slimmed down in order to use less memory.

v5.3.8

Compare Source

• Restore node 13 support

v5.3.7

Compare Source

Hotfix release, fixes package.json "engines" syntax

v5.3.6

Compare Source

• Fixed parentheses when outputting ?? mixed with || and &&
• Improved hygiene of the symbol generator

v5.3.5

Compare Source

• Avoid moving named functions into default exports.
• Enabled transform() for chain expressions. This allows AST transformers to reach inside chain expressions.

v5.3.4

Compare Source

• Fixed a crash when hoisting (with hoist_vars) a destructuring variable declaration

v5.3.3

Compare Source

• source-map library has been updated, bringing memory usage and CPU time improvements when reading input source maps (the SourceMapConsumer is now WASM based).
• The wrap_func_args option now also wraps arrow functions, as opposed to only function expressions.

v5.3.2

Compare Source

• Prevented spread operations from being expanded when the expanded array/object contains getters, setters, or array holes.
• Fixed very slow self-recursion in some cases of removing extraneous parentheses from + operations.

v5.3.1

Compare Source

• An issue with destructuring declarations when pure_getters is enabled has been fixed
• Fixed a crash when chain expressions need to be shallowly compared
• Made inlining functions more conservative to make sure a function that contains a reference to itself isn't moved into a place that can create multiple instances of itself.

v5.3.0

Compare Source

• Fixed a crash when compressing object spreads in some cases
• Fixed compiletime evaluation of optional chains (caused typeof a?.b to always return "object")
• domprops has been updated to contain every single possible prop

v5.2.1

Compare Source

• The parse step now doesn't accept an ecma option, so that all ES code is accepted.
• Optional dotted chains now accept keywords, just like dotted expressions (foo?.default)

v5.2.0

Compare Source

• Optional chaining syntax is now supported.
• Consecutive await expressions don't have unnecessary parens
• Taking the variable name's length (after mangling) into consideration when deciding to inline

v5.1.0

Compare Source

• import.meta is now supported
• Typescript typings have been improved

v5.0.0

Compare Source

• in operator now taken into account during property mangle.
• Fixed infinite loop in face of a reference loop in some situations.
• Kept exports and imports around even if there's something which will throw before them.
• The main exported bundle for commonjs, dist/bundle.min.js is no longer minified.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

package.json

Package	Version	License	Issue Type
terser	^5.37.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
npm/terser	^5.37.0	🟢 6.1	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 1 Found 3/27 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 27 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.