build(deps): bump esbuild and tsx

[dependabot]

Bumps esbuild to 0.25.3 and updates ancestor dependency tsx. These dependencies need to be updated together.

Updates esbuild from 0.18.20 to 0.25.3

Release notes

Sourced from esbuild's releases.

v0.25.3

• Fix lowered async arrow functions before super() (#4141, #4142)

  This change makes it possible to call an async arrow function in a constructor before calling super() when targeting environments without async support, as long as the function body doesn't reference this. Here's an example (notice the change from this to null):

  // Original code
  class Foo extends Object {
    constructor() {
      (async () => await foo())()
      super()
    }
  }
  // Old output (with --target=es2016)
  class Foo extends Object {
  constructor() {
  (() => __async(this, null, function* () {
  return yield foo();
  }))();
  super();
  }
  }
  // New output (with --target=es2016)
  class Foo extends Object {
  constructor() {
  (() => __async(null, null, function* () {
  return yield foo();
  }))();
  super();
  }
  }

  Some background: Arrow functions with the async keyword are transformed into generator functions for older language targets such as --target=es2016. Since arrow functions capture this, the generated code forwards this into the body of the generator function. However, JavaScript class syntax forbids using this in a constructor before calling super(), and this forwarding was problematic since previously happened even when the function body doesn't use this. Starting with this release, esbuild will now only forward this if it's used within the function body.

  This fix was contributed by @​magic-akari.

• Fix memory leak with --watch=true (#4131, #4132)

  This release fixes a memory leak with esbuild when --watch=true is used instead of --watch. Previously using --watch=true caused esbuild to continue to use more and more memory for every rebuild, but --watch=true should now behave like --watch and not leak memory.

  This bug happened because esbuild disables the garbage collector when it's not run as a long-lived process for extra speed, but esbuild's checks for which arguments cause esbuild to be a long-lived process weren't updated for the new --watch=true style of boolean command-line flags. This has been an issue since this boolean flag syntax was added in version 0.14.24 in 2022. These checks are unfortunately separate from the regular argument parser because of how esbuild's internals are organized (the command-line interface is exposed as a separate Go API so you can build your own custom esbuild CLI).

  This fix was contributed by @​mxschmitt.

• More concise output for repeated legal comments (#4139)

  Some libraries have many files and also use the same legal comment text in all files. Previously esbuild would copy each legal comment to the output file. Starting with this release, legal comments duplicated across separate files will now be grouped in the output file by unique comment content.

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• 677910b publish 0.25.3 to npm
• a41040e fix #4110: support custom non-IP host values
• dfe0e1c fix #4114: add a limit to css nesting expansion
• a54916b fix #4139: deduplicate repeated legal comments
• dc60e60 run make update-compat-table
• d917038 fix #4144: node path resolution edge case
• 7ed1684 fix #4141: Avoid redundant this access during async function lowering (#4142)
• edc3a23 docs(dev): update alias command for make test-go (#4113)
• 1ee8b67 workaround process.exit() not exiting in node
• 5c56e07 changelog note with credit for the fix
• Additional commits viewable in compare view

Updates tsx from 3.14.0 to 4.19.4

Release notes

Sourced from tsx's releases.

v4.19.4

4.19.4 (2025-04-29)

Bug Fixes

• support for Node's --jitless flag (#716) (3c34caa)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.19.3

4.19.3 (2025-02-19)

Bug Fixes

• upgrade esbuild to ~0.25.0 to address vuln report (#698) (e04e6c6)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.19.2

4.19.2 (2024-10-26)

Bug Fixes

• generate sourcesContent when Node.js debugger is enabled (#670) (7c47074)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.19.1

4.19.1 (2024-09-12)

Bug Fixes

... (truncated)

Commits

• 3c34caa fix: support for Node's --jitless flag (#716)
• 3ddd1c4 chore: upgrade pnpm
• 26ef600 chore(deps): update dependency node to v20.18.3 (#677)
• 1982c76 docs: sevalla sponsorship
• e04e6c6 fix: upgrade esbuild to ~0.25.0 to address vuln report (#698)
• 28a3e7d docs: update links to npx (#680)
• 38b7135 docs: add carbon ads
• 7c47074 fix: generate sourcesContent when Node.js debugger is enabled (#670)
• 315d5f4 docs(watch): document --include flag
• 375e39a test: refactor enforce-timeout
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

✅ Deploy Preview for galsendev ready!

Name	Link
🔨 Latest commit	d1ea7f0
🔍 Latest deploy log	https://app.netlify.com/sites/galsendev/deploys/68169d9f54b6be0008a1df1a
😎 Deploy Preview	https://deploy-preview-136--galsendev.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.