fix: use base64url encoding to prevent esbuild ?source= corruption

[sallustfire]

Base64-encoded CSS data in virtual file paths as the source query parameter can contain / and // characters, which are susceptible to path normalization in bundler plugin systems. While the source parameter should be opaque it is not URL safe and esbuild configurations can collapse // → /, which corrupts the base64 data preventing compressed source data from being read.

Switching to base64url encoding replaces / with _ and + with -, making the encoded data safe for use in file paths and resilient to this class of error.

[changeset-bot]

🦋 Changeset detected

Latest commit: c461e2b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@vanilla-extract/integration	Patch
@vanilla-extract/compiler	Patch
@vanilla-extract/esbuild-plugin	Patch
@vanilla-extract/jest-transform	Patch
@vanilla-extract/parcel-transformer	Patch
@vanilla-extract/rollup-plugin	Patch
@vanilla-extract/vite-plugin	Patch
@vanilla-extract/webpack-plugin	Patch
@vanilla-extract/next-plugin	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[sallustfire]

We encountered this in production using @vanilla-extract/esbuild-plugin with a CSS file where gzip+base64 produced
a // sequence:

• onResolve receives: ...?source=#H4sI...4//feL... (509 chars)
• onLoad receives: ...?source=#H4sI...4/feL... (508 chars) ← corrupted
• Result: Error: incorrect header check from gunzip

[askoufis]

@sallustfire Thanks for the PR!

[askoufis]

@sallustfire This fix is now available in the latest version of all the bundler plugins.