vite 4.3.9 → 4.4.0-beta.1

package/dist/node-cjs/publicUtils.cjs

@@ -119,7 +119,7 @@ var colors = /*@__PURE__*/getDefaultExportFromCjs(picocolorsExports);
 
 var src = {exports: {}};
 
-var browser = {exports: {}};
+var browser$1 = {exports: {}};
 
 /**
  * Helpers.
@@ -579,7 +579,7 @@ function requireCommon () {
 var hasRequiredBrowser;
 
 function requireBrowser () {
-	if (hasRequiredBrowser) return browser.exports;
+	if (hasRequiredBrowser) return browser$1.exports;
 	hasRequiredBrowser = 1;
 	(function (module, exports) {
 		/**
@@ -849,8 +849,8 @@ function requireBrowser () {
 				return '[UnexpectedJSONParseError]: ' + error.message;
 			}
 		}; 
-	} (browser, browser.exports));
-	return browser.exports;
+	} (browser$1, browser$1.exports));
+	return browser$1.exports;
 }
 
 var node = {exports: {}};
@@ -3351,6 +3351,19 @@ function isParentDirectory(dir, file) {
     return (file.startsWith(dir) ||
         (isCaseInsensitiveFS && file.toLowerCase().startsWith(dir.toLowerCase())));
 }
+/**
+ * Check if 2 file name are identical
+ *
+ * Warning: parameters are not validated, only works with normalized absolute paths
+ *
+ * @param file1 - normalized absolute path
+ * @param file2 - normalized absolute path
+ * @returns true if both files url are identical
+ */
+function isSameFileUri(file1, file2) {
+    return (file1 === file2 ||
+        (isCaseInsensitiveFS && file1.toLowerCase() === file2.toLowerCase()));
+}
 const postfixRE = /[?#].*$/s;
 function cleanUrl(url) {
     return url.replace(postfixRE, '');
@@ -3438,6 +3451,9 @@ function mergeConfigRecursively(defaults, overrides, rootPath) {
     return merged;
 }
 function mergeConfig(defaults, overrides, isRoot = true) {
+    if (typeof defaults === 'function' || typeof overrides === 'function') {
+        throw new Error(`Cannot merge config in form of callback`);
+    }
     return mergeConfigRecursively(defaults, overrides, isRoot ? '' : '.');
 }
 function mergeAlias(a, b) {
@@ -3561,6 +3577,8 @@ function splitVendorChunkPlugin() {
                             }
                             // else, leave the object form of manualChunks untouched, as
                             // we can't safely replicate rollup handling.
+                            // eslint-disable-next-line no-console
+                            console.warn("(!) the `splitVendorChunk` plugin doesn't have any effect when using the object form of `build.rollupOptions.manualChunks`. Consider using the function form instead.");
                         }
                         else {
                             output.manualChunks = viteManualChunks;
@@ -3604,7 +3622,7 @@ var etag_1 = etag;
  * @private
  */
 
-var crypto = require$$0$2;
+var crypto$1 = require$$0$2;
 var Stats = fs$2.Stats;
 
 /**
@@ -3629,7 +3647,7 @@ function entitytag (entity) {
   }
 
   // compute hash of entity
-  var hash = crypto
+  var hash = crypto$1
     .createHash('sha1')
     .update(entity, 'utf8')
     .digest('base64')
@@ -3942,7 +3960,7 @@ function isFileServingAllowed(url, server) {
         return false;
     if (server.moduleGraph.safeModulesPath.has(file))
         return true;
-    if (server.config.server.fs.allow.some((dir) => isParentDirectory(dir, file)))
+    if (server.config.server.fs.allow.some((uri) => isSameFileUri(uri, file) || isParentDirectory(uri, file)))
         return true;
     return false;
 }
@@ -3950,14 +3968,14 @@ function isFileServingAllowed(url, server) {
 var main$1 = {exports: {}};
 
 var name = "dotenv";
-var version$1 = "16.0.3";
+var version$1 = "16.3.1";
 var description = "Loads environment variables from .env file";
 var main = "lib/main.js";
 var types = "lib/main.d.ts";
 var exports$1 = {
 	".": {
-		require: "./lib/main.js",
 		types: "./lib/main.d.ts",
+		require: "./lib/main.js",
 		"default": "./lib/main.js"
 	},
 	"./config": "./config.js",
@@ -3981,6 +3999,7 @@ var repository = {
 	type: "git",
 	url: "git://github.com/motdotla/dotenv.git"
 };
+var funding = "https://github.com/motdotla/dotenv?sponsor=1";
 var keywords = [
 	"dotenv",
 	"env",
@@ -3993,21 +4012,24 @@ var keywords = [
 var readmeFilename = "README.md";
 var license = "BSD-2-Clause";
 var devDependencies = {
-	"@types/node": "^17.0.9",
+	"@definitelytyped/dtslint": "^0.0.133",
+	"@types/node": "^18.11.3",
 	decache: "^4.6.1",
-	dtslint: "^3.7.0",
-	sinon: "^12.0.1",
-	standard: "^16.0.4",
+	sinon: "^14.0.1",
+	standard: "^17.0.0",
 	"standard-markdown": "^7.1.0",
-	"standard-version": "^9.3.2",
-	tap: "^15.1.6",
+	"standard-version": "^9.5.0",
+	tap: "^16.3.0",
 	tar: "^6.1.11",
-	typescript: "^4.5.4"
+	typescript: "^4.8.4"
 };
 var engines = {
 	node: ">=12"
 };
-var require$$3 = {
+var browser = {
+	fs: false
+};
+var require$$4 = {
 	name: name,
 	version: version$1,
 	description: description,
@@ -4016,23 +4038,26 @@ var require$$3 = {
 	exports: exports$1,
 	scripts: scripts,
 	repository: repository,
+	funding: funding,
 	keywords: keywords,
 	readmeFilename: readmeFilename,
 	license: license,
 	devDependencies: devDependencies,
-	engines: engines
+	engines: engines,
+	browser: browser
 };
 
 const fs = fs$2;
 const path = require$$0$1;
 const os = require$$2;
-const packageJson = require$$3;
+const crypto = require$$0$2;
+const packageJson = require$$4;
 
 const version = packageJson.version;
 
 const LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;
 
-// Parser src into an Object
+// Parse src into an Object
 function parse (src) {
   const obj = {};
 
@@ -4071,20 +4096,142 @@ function parse (src) {
   return obj
 }
 
+function _parseVault (options) {
+  const vaultPath = _vaultPath(options);
+
+  // Parse .env.vault
+  const result = DotenvModule.configDotenv({ path: vaultPath });
+  if (!result.parsed) {
+    throw new Error(`MISSING_DATA: Cannot parse ${vaultPath} for an unknown reason`)
+  }
+
+  // handle scenario for comma separated keys - for use with key rotation
+  // example: DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=prod,dotenv://:key_7890@dotenv.org/vault/.env.vault?environment=prod"
+  const keys = _dotenvKey(options).split(',');
+  const length = keys.length;
+
+  let decrypted;
+  for (let i = 0; i < length; i++) {
+    try {
+      // Get full key
+      const key = keys[i].trim();
+
+      // Get instructions for decrypt
+      const attrs = _instructions(result, key);
+
+      // Decrypt
+      decrypted = DotenvModule.decrypt(attrs.ciphertext, attrs.key);
+
+      break
+    } catch (error) {
+      // last key
+      if (i + 1 >= length) {
+        throw error
+      }
+      // try next key
+    }
+  }
+
+  // Parse decrypted .env string
+  return DotenvModule.parse(decrypted)
+}
+
 function _log (message) {
+  console.log(`[dotenv@${version}][INFO] ${message}`);
+}
+
+function _warn (message) {
+  console.log(`[dotenv@${version}][WARN] ${message}`);
+}
+
+function _debug (message) {
   console.log(`[dotenv@${version}][DEBUG] ${message}`);
 }
 
+function _dotenvKey (options) {
+  // prioritize developer directly setting options.DOTENV_KEY
+  if (options && options.DOTENV_KEY && options.DOTENV_KEY.length > 0) {
+    return options.DOTENV_KEY
+  }
+
+  // secondary infra already contains a DOTENV_KEY environment variable
+  if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) {
+    return process.env.DOTENV_KEY
+  }
+
+  // fallback to empty string
+  return ''
+}
+
+function _instructions (result, dotenvKey) {
+  // Parse DOTENV_KEY. Format is a URI
+  let uri;
+  try {
+    uri = new URL(dotenvKey);
+  } catch (error) {
+    if (error.code === 'ERR_INVALID_URL') {
+      throw new Error('INVALID_DOTENV_KEY: Wrong format. Must be in valid uri format like dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=development')
+    }
+
+    throw error
+  }
+
+  // Get decrypt key
+  const key = uri.password;
+  if (!key) {
+    throw new Error('INVALID_DOTENV_KEY: Missing key part')
+  }
+
+  // Get environment
+  const environment = uri.searchParams.get('environment');
+  if (!environment) {
+    throw new Error('INVALID_DOTENV_KEY: Missing environment part')
+  }
+
+  // Get ciphertext payload
+  const environmentKey = `DOTENV_VAULT_${environment.toUpperCase()}`;
+  const ciphertext = result.parsed[environmentKey]; // DOTENV_VAULT_PRODUCTION
+  if (!ciphertext) {
+    throw new Error(`NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate environment ${environmentKey} in your .env.vault file.`)
+  }
+
+  return { ciphertext, key }
+}
+
+function _vaultPath (options) {
+  let dotenvPath = path.resolve(process.cwd(), '.env');
+
+  if (options && options.path && options.path.length > 0) {
+    dotenvPath = options.path;
+  }
+
+  // Locate .env.vault
+  return dotenvPath.endsWith('.vault') ? dotenvPath : `${dotenvPath}.vault`
+}
+
 function _resolveHome (envPath) {
   return envPath[0] === '~' ? path.join(os.homedir(), envPath.slice(1)) : envPath
 }
 
-// Populates process.env from .env file
-function config (options) {
+function _configVault (options) {
+  _log('Loading env from encrypted .env.vault');
+
+  const parsed = DotenvModule._parseVault(options);
+
+  let processEnv = process.env;
+  if (options && options.processEnv != null) {
+    processEnv = options.processEnv;
+  }
+
+  DotenvModule.populate(processEnv, parsed, options);
+
+  return { parsed }
+}
+
+function configDotenv (options) {
   let dotenvPath = path.resolve(process.cwd(), '.env');
   let encoding = 'utf8';
   const debug = Boolean(options && options.debug);
-  const override = Boolean(options && options.override);
 
   if (options) {
     if (options.path != null) {
@@ -4099,41 +4246,120 @@ function config (options) {
     // Specifying an encoding returns a string instead of a buffer
     const parsed = DotenvModule.parse(fs.readFileSync(dotenvPath, { encoding }));
 
-    Object.keys(parsed).forEach(function (key) {
-      if (!Object.prototype.hasOwnProperty.call(process.env, key)) {
-        process.env[key] = parsed[key];
-      } else {
-        if (override === true) {
-          process.env[key] = parsed[key];
-        }
+    let processEnv = process.env;
+    if (options && options.processEnv != null) {
+      processEnv = options.processEnv;
+    }
 
-        if (debug) {
-          if (override === true) {
-            _log(`"${key}" is already defined in \`process.env\` and WAS overwritten`);
-          } else {
-            _log(`"${key}" is already defined in \`process.env\` and was NOT overwritten`);
-          }
-        }
-      }
-    });
+    DotenvModule.populate(processEnv, parsed, options);
 
     return { parsed }
   } catch (e) {
     if (debug) {
-      _log(`Failed to load ${dotenvPath} ${e.message}`);
+      _debug(`Failed to load ${dotenvPath} ${e.message}`);
     }
 
     return { error: e }
   }
 }
 
+// Populates process.env from .env file
+function config (options) {
+  const vaultPath = _vaultPath(options);
+
+  // fallback to original dotenv if DOTENV_KEY is not set
+  if (_dotenvKey(options).length === 0) {
+    return DotenvModule.configDotenv(options)
+  }
+
+  // dotenvKey exists but .env.vault file does not exist
+  if (!fs.existsSync(vaultPath)) {
+    _warn(`You set DOTENV_KEY but you are missing a .env.vault file at ${vaultPath}. Did you forget to build it?`);
+
+    return DotenvModule.configDotenv(options)
+  }
+
+  return DotenvModule._configVault(options)
+}
+
+function decrypt (encrypted, keyStr) {
+  const key = Buffer.from(keyStr.slice(-64), 'hex');
+  let ciphertext = Buffer.from(encrypted, 'base64');
+
+  const nonce = ciphertext.slice(0, 12);
+  const authTag = ciphertext.slice(-16);
+  ciphertext = ciphertext.slice(12, -16);
+
+  try {
+    const aesgcm = crypto.createDecipheriv('aes-256-gcm', key, nonce);
+    aesgcm.setAuthTag(authTag);
+    return `${aesgcm.update(ciphertext)}${aesgcm.final()}`
+  } catch (error) {
+    const isRange = error instanceof RangeError;
+    const invalidKeyLength = error.message === 'Invalid key length';
+    const decryptionFailed = error.message === 'Unsupported state or unable to authenticate data';
+
+    if (isRange || invalidKeyLength) {
+      const msg = 'INVALID_DOTENV_KEY: It must be 64 characters long (or more)';
+      throw new Error(msg)
+    } else if (decryptionFailed) {
+      const msg = 'DECRYPTION_FAILED: Please check your DOTENV_KEY';
+      throw new Error(msg)
+    } else {
+      console.error('Error: ', error.code);
+      console.error('Error: ', error.message);
+      throw error
+    }
+  }
+}
+
+// Populate process.env with parsed values
+function populate (processEnv, parsed, options = {}) {
+  const debug = Boolean(options && options.debug);
+  const override = Boolean(options && options.override);
+
+  if (typeof parsed !== 'object') {
+    throw new Error('OBJECT_REQUIRED: Please check the processEnv argument being passed to populate')
+  }
+
+  // Set process.env
+  for (const key of Object.keys(parsed)) {
+    if (Object.prototype.hasOwnProperty.call(processEnv, key)) {
+      if (override === true) {
+        processEnv[key] = parsed[key];
+      }
+
+      if (debug) {
+        if (override === true) {
+          _debug(`"${key}" is already defined and WAS overwritten`);
+        } else {
+          _debug(`"${key}" is already defined and was NOT overwritten`);
+        }
+      }
+    } else {
+      processEnv[key] = parsed[key];
+    }
+  }
+}
+
 const DotenvModule = {
+  configDotenv,
+  _configVault,
+  _parseVault,
   config,
-  parse
+  decrypt,
+  parse,
+  populate
 };
 
+main$1.exports.configDotenv = DotenvModule.configDotenv;
+main$1.exports._configVault = DotenvModule._configVault;
+main$1.exports._parseVault = DotenvModule._parseVault;
 main$1.exports.config = DotenvModule.config;
+main$1.exports.decrypt = DotenvModule.decrypt;
 var parse_1 = main$1.exports.parse = DotenvModule.parse;
+main$1.exports.populate = DotenvModule.populate;
+
 main$1.exports = DotenvModule;
 
 function _interpolate (envValue, environment, config) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vite",
-  "version": "4.3.9",
+  "version": "4.4.0-beta.1",
   "type": "module",
   "license": "MIT",
   "author": "Evan You",
@@ -49,6 +49,7 @@
     "url": "https://github.com/vitejs/vite/issues"
   },
   "homepage": "https://github.com/vitejs/vite/tree/main/#readme",
+  "funding": "https://github.com/vitejs/vite?sponsor=1",
   "scripts": {
     "dev": "rimraf dist && pnpm run build-bundle -w",
     "build": "rimraf dist && run-s build-bundle build-types",
@@ -56,7 +57,7 @@
     "build-types": "run-s build-types-temp build-types-pre-patch build-types-roll build-types-post-patch build-types-check",
     "build-types-temp": "tsc --emitDeclarationOnly --outDir temp/node -p src/node",
     "build-types-pre-patch": "tsx scripts/prePatchTypes.ts",
-    "build-types-roll": "api-extractor run && rimraf temp",
+    "build-types-roll": "tsx scripts/api-extractor.ts run && rimraf temp",
     "build-types-post-patch": "tsx scripts/postPatchTypes.ts",
     "build-types-check": "tsx scripts/checkBuiltTypes.ts && tsc --project tsconfig.check.json",
     "typecheck": "tsc --noEmit",
@@ -66,8 +67,8 @@
   },
   "//": "READ CONTRIBUTING.md to understand what to put under deps vs. devDeps!",
   "dependencies": {
-    "esbuild": "^0.17.5",
-    "postcss": "^8.4.23",
+    "esbuild": "^0.18.6",
+    "postcss": "^8.4.24",
     "rollup": "^3.21.0"
   },
   "optionalDependencies": {
@@ -75,19 +76,19 @@
   },
   "devDependencies": {
     "@ampproject/remapping": "^2.2.1",
-    "@babel/parser": "^7.21.4",
-    "@babel/types": "^7.21.4",
+    "@babel/parser": "^7.22.5",
+    "@babel/types": "^7.22.5",
     "@jridgewell/trace-mapping": "^0.3.18",
     "@rollup/plugin-alias": "^4.0.4",
-    "@rollup/plugin-commonjs": "^24.1.0",
+    "@rollup/plugin-commonjs": "^25.0.1",
     "@rollup/plugin-dynamic-import-vars": "^2.0.3",
     "@rollup/plugin-json": "^6.0.0",
-    "@rollup/plugin-node-resolve": "15.0.2",
-    "@rollup/plugin-typescript": "^11.1.0",
+    "@rollup/plugin-node-resolve": "15.1.0",
+    "@rollup/plugin-typescript": "^11.1.1",
     "@rollup/pluginutils": "^5.0.2",
     "@types/pnpapi": "^0.0.2",
     "@types/escape-html": "^1.0.2",
-    "acorn": "^8.8.2",
+    "acorn": "^8.9.0",
     "acorn-walk": "^8.2.0",
     "cac": "^6.7.14",
     "chokidar": "^3.5.3",
@@ -98,9 +99,9 @@
     "cross-spawn": "^7.0.3",
     "debug": "^4.3.4",
     "dep-types": "link:./src/types",
-    "dotenv": "^16.0.3",
+    "dotenv": "^16.3.1",
     "dotenv-expand": "^9.0.0",
-    "es-module-lexer": "^1.2.1",
+    "es-module-lexer": "^1.3.0",
     "escape-html": "^1.0.3",
     "estree-walker": "^3.0.3",
     "etag": "^1.8.1",
@@ -108,9 +109,10 @@
     "http-proxy": "^1.18.1",
     "json-stable-stringify": "^1.0.2",
     "launch-editor-middleware": "^2.6.0",
+    "lightningcss": "^1.21.0",
     "magic-string": "^0.30.0",
     "micromatch": "^4.0.5",
-    "mlly": "^1.2.0",
+    "mlly": "^1.3.0",
     "mrmime": "^1.0.1",
     "okie": "^1.0.1",
     "open": "^8.4.2",
@@ -123,14 +125,14 @@
     "postcss-modules": "^6.0.0",
     "resolve.exports": "^2.0.2",
     "rollup-plugin-license": "^3.0.1",
-    "sirv": "^2.0.2",
+    "sirv": "^2.0.3",
     "source-map-support": "^0.5.21",
-    "strip-ansi": "^7.0.1",
+    "strip-ansi": "^7.1.0",
     "strip-literal": "^1.0.1",
     "tsconfck": "^2.1.1",
-    "tslib": "^2.5.0",
+    "tslib": "^2.5.3",
     "types": "link:./types",
-    "ufo": "^1.1.1",
+    "ufo": "^1.1.2",
     "ws": "^8.13.0"
   },
   "peerDependencies": {
@@ -139,6 +141,7 @@
     "sass": "*",
     "stylus": "*",
     "sugarss": "*",
+    "lightningcss": "^1.21.0",
     "terser": "^5.4.0"
   },
   "peerDependenciesMeta": {
@@ -157,6 +160,9 @@
     "sugarss": {
       "optional": true
     },
+    "lightningcss": {
+      "optional": true
+    },
     "terser": {
       "optional": true
     }

package/types/customEvent.d.ts

@@ -12,6 +12,18 @@ export interface CustomEventMap {
   'vite:beforeFullReload': FullReloadPayload
   'vite:error': ErrorPayload
   'vite:invalidate': InvalidatePayload
+  'vite:ws:connect': WebSocketConnectionPayload
+  'vite:ws:disconnect': WebSocketConnectionPayload
+}
+
+export interface WebSocketConnectionPayload {
+  /**
+   * @experimental
+   * We expose this instance experimentally to see potential usage.
+   * This might be removed in the future if we didn't find reasonable use cases.
+   * If you find this useful, please open an issue with details so we can discuss and make it stable API.
+   */
+  webSocket: WebSocket
 }
 
 export interface InvalidatePayload {