atob
to disallow depending on 2.0.3
which as a security
vulnerability.Fixed: URLs are now decoded before being passed to read
in Node.js. This
allows reading files with spaces, for example.
Fixed: Missing or empty sources
fields (such as sources: []
) in source
maps are now handled. Previously, such source maps would cause crashes or
callbacks never bing called. Now, an empty result is produced:
sourcesResolved: [],
sourcesContent: []
sourceMapData
property that contain as much as
possible of the intended result of the function up until the error occurred.resolveSources
and resolve
, as well as their *Sync
alternatives, no longer fail when one single source fails to be fetched.
Instead, the sourcesContent
array in the result object will contain error
objects for all failed sources, and strings otherwise. (Backwards-incompatible
change.)ignoreSourceRoot
option of resolveSources
. It has been
replaced with sourceRoot: false
. (Backwards-incompatible change.)sourceRoot
option of resolveSources
. It not only allows to
ignore the source root, it also lets you replace it.parseMapToJSON
method.resolve
method now accepts null, mapUrl, ...
as arguments, in
addition to the existing signature, which will read mapUrl
instead of
looking for a sourceMappingURL in the code.sourceRoot
property of source maps may now be ignored, which can
be useful when resolving sources outside of the browser.resolveSources
is now an object, not an array. The
old result array is available in the sourcesContent
property.
(Backwards-incompatible change.)sources
has been renamed to sourcesContent
in the result object
of resolve
. (Backwards-incompatible change.)resolveSources
now also returns all sources fully resolved, in the
sourcesResolved
property.resolve
now contains the sourcesResolved
property from resolveSources
.sourcesContent
was mis-typed as sourceContents
, which meant that
the sourcesContent
property of source maps never was used when resolving
sources.)]}'
are now parsed correctly. The spec
allows source maps to start with that character sequence to prevent XSSI
attacks.Improved: Make sourceRoot resolving more sensible.
A source root such as /scripts/subdir
is now treated as /scripts/subdir/
— that is, as a directory called “subdir”, not a file called “subdir”.
Pointing to a file as source root does not makes sense.