vite 2.6.10 → 2.6.14

package/dist/node/chunks/{dep-be032392.js → dep-e0fe87f8.js}

@@ -3883,6 +3883,8 @@ function unwrapId$1(id) {
 const flattenId = (id) => id.replace(/(\s*>\s*)/g, '__').replace(/[\/\.]/g, '_');
 const normalizeId$1 = (id) => id.replace(/(\s*>\s*)/g, ' > ');
 function isBuiltin(id) {
+    const deepMatch = id.match(deepImportRE);
+    id = deepMatch ? deepMatch[1] || deepMatch[2] : id;
     return builtinModules_1.includes(id);
 }
 const bareImportRE = /^[\w@](?!.*:\/\/)/;
@@ -4141,6 +4143,21 @@ function writeFile(filename, content) {
     }
     fs__default.writeFileSync(filename, content);
 }
+/**
+ * Use instead of fs.existsSync(filename)
+ * #2051 if we don't have read permission on a directory, existsSync() still
+ * works and will result in massively slow subsequent checks (which are
+ * unnecessary in the first place)
+ */
+function isFileReadable(filename) {
+    try {
+        fs__default.accessSync(filename, fs__default.constants.R_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
 /**
  * Delete every file and subdirectory. **The given directory must exist.**
  * Pass an optional `skip` array to preserve files in the root directory.
@@ -19873,7 +19890,7 @@ function cssPlugin(config) {
                 const thisModule = moduleGraph.getModuleById(id);
                 if (thisModule) {
                     // CSS modules cannot self-accept since it exports values
-                    const isSelfAccepting = !modules;
+                    const isSelfAccepting = !modules && !inlineRE.test(id);
                     if (deps) {
                         // record deps in the module graph so edits to @import css can trigger
                         // main import to hot update
@@ -19958,13 +19975,10 @@ function cssPostPlugin(config) {
             if (!inlined) {
                 styles.set(id, css);
             }
-            else {
-                css = await minifyCSS(css, config);
-            }
             return {
                 code: modulesCode ||
                     (usedRE.test(id)
-                        ? `export default ${JSON.stringify(css)}`
+                        ? `export default ${JSON.stringify(inlined ? await minifyCSS(css, config) : css)}`
                         : `export default ''`),
                 map: { mappings: '' },
                 // avoid the css module from being tree-shaken so that we can retrieve
@@ -20243,7 +20257,7 @@ async function compileCSS(id, code, config, urlReplacer, atImportResolvers, serv
         replacer: urlReplacer
     }));
     if (isModule) {
-        postcssPlugins.unshift((await Promise.resolve().then(function () { return require('./dep-8e7741a0.js'); }).then(function (n) { return n.index; })).default({
+        postcssPlugins.unshift((await Promise.resolve().then(function () { return require('./dep-c98c5b6d.js'); }).then(function (n) { return n.index; })).default({
             ...modulesOptions,
             getJSON(cssFileName, _modules, outputFileName) {
                 modules = _modules;
@@ -21208,7 +21222,7 @@ const assetAttrsConfig = {
 const isAsyncScriptMap = new WeakMap();
 async function traverseHtml(html, filePath, visitor) {
     // lazy load compiler
-    const { parse, transform } = await Promise.resolve().then(function () { return require('./dep-9b6b378f.js'); }).then(function (n) { return n.compilerDom_cjs; });
+    const { parse, transform } = await Promise.resolve().then(function () { return require('./dep-66b16601.js'); }).then(function (n) { return n.compilerDom_cjs; });
     // @vue/compiler-core doesn't like lowercase doctypes
     html = html.replace(/<!doctype\s/i, '<!DOCTYPE ');
     try {
@@ -29964,16 +29978,10 @@ function tryFsResolve(fsPath, options, preserveSymlinks, tryIndex = true, target
     }
 }
 function tryResolveFile(file, postfix, options, tryIndex, targetWeb, preserveSymlinks, tryPrefix, skipPackageJson) {
-    let isReadable = false;
-    try {
-        // #2051 if we don't have read permission on a directory, existsSync() still
-        // works and will result in massively slow subsequent checks (which are
-        // unnecessary in the first place)
-        fs__default.accessSync(file, fs__default.constants.R_OK);
-        isReadable = true;
-    }
-    catch (e) { }
-    if (isReadable) {
+    // #2051 if we don't have read permission on a directory, existsSync() still
+    // works and will result in massively slow subsequent checks (which are
+    // unnecessary in the first place)
+    if (isFileReadable(file)) {
         if (!fs__default.statSync(file).isDirectory()) {
             return getRealPath(file, preserveSymlinks) + postfix;
         }
@@ -42060,36 +42068,11 @@ function errorMiddleware(server, allowNext = false) {
             next();
         }
         else {
-            if (err instanceof AccessRestrictedError) {
-                res.statusCode = 403;
-                res.write(renderErrorHTML(err.message));
-                res.end();
-            }
             res.statusCode = 500;
             res.end();
         }
     };
 }
-class AccessRestrictedError extends Error {
-    constructor(msg) {
-        super(msg);
-    }
-}
-function renderErrorHTML(msg) {
-    // to have syntax highlighting and autocompletion in IDE
-    const html = String.raw;
-    return html `
-    <body>
-      <h1>403 Restricted</h1>
-      <p>${msg.replace(/\n/g, '<br/>')}</p>
-      <style>
-        body {
-          padding: 1em 2em;
-        }
-      </style>
-    </body>
-  `;
-}
 
 /**
  * This file is refactored into TypeScript based on
@@ -42877,7 +42860,7 @@ function loadFallbackPlugin() {
         name: 'vite:load-fallback',
         async load(id) {
             try {
-                return fs$r.promises.readFile(cleanUrl(id), 'utf-8');
+                return await fs$r.promises.readFile(cleanUrl(id), 'utf-8');
             }
             catch (e) {
                 return fs$r.promises.readFile(id, 'utf-8');
@@ -43041,6 +43024,7 @@ async function doBuild(inlineConfig = {}) {
     const rollup = require('rollup');
     const rollupOptions = {
         input,
+        context: 'globalThis',
         preserveEntrySignatures: ssr
             ? 'allow-extension'
             : libOptions
@@ -49054,7 +49038,7 @@ function readFileIfExists(value) {
  * https://github.com/webpack/webpack-dev-server/blob/master/LICENSE
  */
 async function createCertificate() {
-    const { generate } = await Promise.resolve().then(function () { return require('./dep-b502d052.js'); }).then(function (n) { return n.index; });
+    const { generate } = await Promise.resolve().then(function () { return require('./dep-7113cb3d.js'); }).then(function (n) { return n.index; });
     const pems = generate(null, {
         algorithm: 'sha256',
         days: 30,
@@ -56147,6 +56131,14 @@ function walk(root, { onIdentifier, onImportMeta, onDynamicImport }) {
                 }
             }
             else if (isFunction(node)) {
+                // If it is a function declaration, it could be shadowing an import
+                // Add its name to the scope so it won't get replaced
+                if (node.type === 'FunctionDeclaration') {
+                    const parentFunction = findParentFunction(parentStack);
+                    if (parentFunction) {
+                        setScope(parentFunction, node.id.name);
+                    }
+                }
                 // walk function expressions and add its arguments to known identifiers
                 // so that we don't prefix them
                 node.params.forEach((p) => walk$1(p.type === 'AssignmentPattern' ? p.left : p, {
@@ -56281,6 +56273,10 @@ const isDebug$3 = !!process.env.DEBUG;
 const debug$4 = createDebugger('vite:sourcemap', {
     onlyWhenFocused: true
 });
+// Virtual modules should be prefixed with a null byte to avoid a
+// false positive "missing source" warning. We also check for certain
+// prefixes used for special handling in esbuildDepPlugin.
+const virtualSourceRE = /^(\0|dep:|browser-external:)/;
 async function injectSourcesContent(map, file, logger) {
     let sourceRoot;
     try {
@@ -56290,7 +56286,7 @@ async function injectSourcesContent(map, file, logger) {
     catch { }
     const missingSources = [];
     map.sourcesContent = await Promise.all(map.sources.map((sourcePath) => {
-        if (sourcePath) {
+        if (sourcePath && !virtualSourceRE.test(sourcePath)) {
             sourcePath = decodeURI(sourcePath);
             if (sourceRoot) {
                 sourcePath = path__default.resolve(sourceRoot, sourcePath);
@@ -56568,22 +56564,24 @@ function servePublicMiddleware(dir) {
         serve(req, res, next);
     };
 }
-function serveStaticMiddleware(dir, config) {
+function serveStaticMiddleware(dir, server) {
     const serve = sirv(dir, sirvOptions);
     // Keep the named function. The name is visible in debug logs via `DEBUG=connect:dispatcher ...`
     return function viteServeStaticMiddleware(req, res, next) {
-        // only serve the file if it's not an html request
+        // only serve the file if it's not an html request or ends with `/`
         // so that html requests can fallthrough to our html middleware for
         // special processing
         // also skip internal requests `/@fs/ /@vite-client` etc...
-        if (path__default.extname(cleanUrl(req.url)) === '.html' ||
+        const cleanedUrl = cleanUrl(req.url);
+        if (cleanedUrl.endsWith('/') ||
+            path__default.extname(cleanedUrl) === '.html' ||
             isInternalRequest(req.url)) {
             return next();
         }
         const url = decodeURI(req.url);
         // apply aliases to static requests as well
         let redirected;
-        for (const { find, replacement } of config.resolve.alias) {
+        for (const { find, replacement } of server.config.resolve.alias) {
             const matches = typeof find === 'string' ? url.startsWith(find) : find.test(url);
             if (matches) {
                 redirected = url.replace(find, replacement);
@@ -56595,6 +56593,16 @@ function serveStaticMiddleware(dir, config) {
             if (redirected.startsWith(dir)) {
                 redirected = redirected.slice(dir.length);
             }
+        }
+        const resolvedUrl = redirected || url;
+        let fileUrl = path__default.resolve(dir, resolvedUrl.replace(/^\//, ''));
+        if (resolvedUrl.endsWith('/') && !fileUrl.endsWith('/')) {
+            fileUrl = fileUrl + '/';
+        }
+        if (!ensureServingAccess(fileUrl, server, res, next)) {
+            return;
+        }
+        if (redirected) {
             req.url = redirected;
         }
         serve(req, res, next);
@@ -56611,7 +56619,9 @@ function serveRawFsMiddleware(server) {
         // searching based from fs root.
         if (url.startsWith(FS_PREFIX)) {
             // restrict files outside of `fs.allow`
-            ensureServingAccess(slash$3(path__default.resolve(fsPathFromId(url))), server);
+            if (!ensureServingAccess(slash$3(path__default.resolve(fsPathFromId(url))), server, res, next)) {
+                return;
+            }
             url = url.slice(FS_PREFIX.length);
             if (isWindows$4)
                 url = url.replace(/^[A-Z]:/i, '');
@@ -56627,29 +56637,60 @@ function isFileServingAllowed(url, server) {
     // explicitly disabled
     if (server.config.server.fs.strict === false)
         return true;
-    const file = ensureLeadingSlash(normalizePath$4(cleanUrl(url)));
+    const cleanedUrl = cleanUrl(url);
+    const file = ensureLeadingSlash(normalizePath$4(cleanedUrl));
     if (server.moduleGraph.safeModulesPath.has(file))
         return true;
     if (server.config.server.fs.allow.some((i) => file.startsWith(i + '/')))
         return true;
     if (!server.config.server.fs.strict) {
-        server.config.logger.warnOnce(`Unrestricted file system access to "${url}"`);
-        server.config.logger.warnOnce(`For security concerns, accessing files outside of serving allow list will ` +
-            `be restricted by default in the future version of Vite. ` +
-            `Refer to https://vitejs.dev/config/#server-fs-allow for more details.`);
+        if (isFileReadable(cleanedUrl)) {
+            server.config.logger.warnOnce(`Unrestricted file system access to "${url}"`);
+            server.config.logger.warnOnce(`For security concerns, accessing files outside of serving allow list will ` +
+                `be restricted by default in the future version of Vite. ` +
+                `Refer to https://vitejs.dev/config/#server-fs-allow for more details.`);
+        }
         return true;
     }
     return false;
 }
-function ensureServingAccess(url, server) {
-    if (!isFileServingAllowed(url, server)) {
-        const allow = server.config.server.fs.allow;
-        throw new AccessRestrictedError(`The request url "${url}" is outside of Vite serving allow list:
-
-${allow.map((i) => `- ${i}`).join('\n')}
+function ensureServingAccess(url, server, res, next) {
+    if (isFileServingAllowed(url, server)) {
+        return true;
+    }
+    if (isFileReadable(cleanUrl(url))) {
+        const urlMessage = `The request url "${url}" is outside of Vite serving allow list.`;
+        const hintMessage = `
+${server.config.server.fs.allow.map((i) => `- ${i}`).join('\n')}
 
-Refer to docs https://vitejs.dev/config/#server-fs-allow for configurations and more details.`);
+Refer to docs https://vitejs.dev/config/#server-fs-allow for configurations and more details.`;
+        server.config.logger.error(urlMessage);
+        server.config.logger.warnOnce(hintMessage + '\n');
+        res.statusCode = 403;
+        res.write(renderRestrictedErrorHTML(urlMessage + '\n' + hintMessage));
+        res.end();
+    }
+    else {
+        // if the file doesn't exist, we shouldn't restrict this path as it can
+        // be an API call. Middlewares would issue a 404 if the file isn't handled
+        next();
     }
+    return false;
+}
+function renderRestrictedErrorHTML(msg) {
+    // to have syntax highlighting and autocompletion in IDE
+    const html = String.raw;
+    return html `
+    <body>
+      <h1>403 Restricted</h1>
+      <p>${msg.replace(/\n/g, '<br/>')}</p>
+      <style>
+        body {
+          padding: 1em 2em;
+        }
+      </style>
+    </body>
+  `;
 }
 
 const debugLoad = createDebugger('vite:load');
@@ -57250,7 +57291,6 @@ async function handleHMRUpdate(file, server) {
             const filteredModules = await plugin.handleHotUpdate(hmrContext);
             if (filteredModules) {
                 hmrContext.modules = filteredModules;
-                break;
             }
         }
     }
@@ -66618,10 +66658,7 @@ const ROOT_FILES = [
 // yarn: https://classic.yarnpkg.com/en/docs/workspaces/#toc-how-to-use-it
 function hasWorkspacePackageJSON(root) {
     const path = path$t.join(root, 'package.json');
-    try {
-        fs__default.accessSync(path, fs__default.constants.R_OK);
-    }
-    catch {
+    if (!isFileReadable(path)) {
         return false;
     }
     const content = JSON.parse(fs__default.readFileSync(path, 'utf-8')) || {};
@@ -66839,7 +66876,7 @@ async function createServer(inlineConfig = {}) {
     middlewares.use(transformMiddleware(server));
     // serve static files
     middlewares.use(serveRawFsMiddleware(server));
-    middlewares.use(serveStaticMiddleware(root, config));
+    middlewares.use(serveStaticMiddleware(root, server));
     // spa fallback
     if (!middlewareMode || middlewareMode === 'html') {
         middlewares.use(spaFallbackMiddleware(root));
@@ -92052,4 +92089,4 @@ exports.send = send$1;
 exports.sortUserPlugins = sortUserPlugins;
 exports.source = source;
 exports.transformWithEsbuild = transformWithEsbuild;
-//# sourceMappingURL=dep-be032392.js.map
+//# sourceMappingURL=dep-e0fe87f8.js.map