[Snyk] Upgrade rollup from 2.75.6 to 4.13.0 #4

Clemens-git76 · 2024-04-16T15:44:05Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade rollup from 2.75.6 to 4.13.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 177 versions ahead of your current version.
The recommended version was released a month ago, on 2024-03-12.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Origin Validation Error SNYK-JS-KOACORS-6117545	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

4.13.0 - 2024-03-12
4.13.0

2024-03-12

Features
- Ensure that the location of parse errors and other logs is encoded in the error message as well (#5424)
Pull Requests
- #5417: chore(deps): lock file maintenance minor/patch updates ( @ renovate[bot])
- #5418: chore(deps): lock file maintenance (@ renovate[bot])
- #5419: chore: fix typo (@ OnlyWick)
- #5424: Add locations to logs, warnings and error messages ( @ lukastaegert)
4.12.1 - 2024-03-06
4.12.1

2024-03-06

Bug Fixes
- Escape special characters in file references (#5404)
Pull Requests
- #5398: Rename getRollupEror to getRollupError (@ MrRefactoring)
- #5399: chore(deps): lock file maintenance minor/patch updates ( @ renovate[bot])
- #5404: fix: escape ids in import.meta.ROLLUP_FILE_URL_referenceId correctly (@ sapphi-red)
- #5406: chore(deps): lock file maintenance minor/patch updates ( @ renovate[bot])
- #5407: chore(deps): lock file maintenance (@ renovate[bot])
- #5411: Chunk assignment - Fix comment line breaks and typo (@ yoavweiss, @ lukastaegert)
4.12.0 - 2024-02-16
4.12.0

2024-02-16

Features
- Improve raw bundling performance by 10-15% when not using the cache or plugins that return an AST (#5391)
Pull Requests
- #5391: Improve performance by directly constructing AST from buffer (@ lukastaegert)
- #5393: chore(deps): update dependency eslint-plugin-unicorn to v51 (@ renovate[bot])
- #5394: chore(deps): update typescript-eslint monorepo to v7 (major) (@ renovate[bot])
- #5395: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
4.11.0 - 2024-02-15
4.11.0

2024-02-15

Features
- Add output.reexportProtoFromExternal option to disable special code for handling __proto__ reexports (#5380)
Bug Fixes
- Ensure namespace reexport code can be parsed by cjs-module-lexer (#5380)
- Throw when trying to reassing const variables (#5388)
Pull Requests
- #5380: fix: separately export __proto__ for compatibility with CJS Transpiler Re-exports (@ TrickyPi)
- #5388: Add const reassign rule (@ TrickyPi)
4.10.0 - 2024-02-10
4.10.0

2024-02-10

Features
- Support base-36 and base-16 hashes again via new output.hashCharacters option (#5371)
Bug Fixes
- Do not crash process for panics in native code but throw them as JavaScript errors (#5383)
Pull Requests
- #5359: chore(deps): update actions/cache action to v4 (@ renovate[bot])
- #5360: chore(deps): update dependency pretty-ms to v9 (@ renovate[bot])
- #5366: chore(deps): update dependency husky to v9 (@ renovate[bot])
- #5367: chore(deps): update peter-evans/create-or-update-comment action to v4 (@ renovate[bot])
- #5368: chore(deps): update peter-evans/find-comment action to v3 (@ renovate[bot])
- #5369: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
- #5370: Fix dependency range for Node types (@ lukastaegert)
- #5371: Implement "output.hashCharacters" option to define character set for file hashes (@ lukastaegert)
- #5372: Roll back vitepress as 1.0.0-rc.40 breaks the development build (@ lukastaegert)
- #5382: Update documentation (@ TrickyPi)
- #5383: Catch Rust panics and then throw them in JS (@ TrickyPi)
- #5384: chore(deps): update codecov/codecov-action action to v4 (@ renovate[bot])
- #5385: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
- #5386: Resolve all rollup imports to node_modules to avoid type conflict (@ TrickyPi)
4.9.6 - 2024-01-21
4.9.6

2024-01-21

Bug Fixes
- Detect side effects when an element that was pushed into an array is modified via the array (#5352)
Pull Requests
- #5337: Generate AST transformers from config (@ lukastaegert)
- #5340: Also type-check d.ts files (@ lukastaegert)
- #5348: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
- #5351: chore(deps): update dependency vite to v5.0.12 [security] (@ renovate[bot])
- #5352: Track mutations of elements pushed into arrays (@ lukastaegert)
4.9.5 - 2024-01-12
4.9.5

2024-01-12

Bug Fixes
- Fix issue where on Windows, Rollup would not load due to problems with the MSVC executable (#5335)
Pull Requests
- #5334: Fix typo in commondir.ts (@ akiomik)
- #5335: build: static link msvc runtime on Windows x64 platform (@ Brooooooklyn)
- #5338: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
4.9.4 - 2024-01-06
4.9.4

2024-01-06

Bug Fixes
- Use quotes for keys in namespaces that are only numbers but are not valid integers (#5328)
- Allow to have comments between pure annotations and the annoted node (#5332)
Pull Requests
- #5328: Correctly handling number key (@ LongTengDao)
- #5332: Handle pure annotations that are separated by a comment (@ lukastaegert)
4.9.3 - 2024-01-05
Read more
4.9.2 - 2023-12-30
4.9.1 - 2023-12-17
4.9.0 - 2023-12-13
4.8.0 - 2023-12-11
4.7.0 - 2023-12-08
4.6.1 - 2023-11-30
4.6.0 - 2023-11-26
4.5.2 - 2023-11-24
4.5.1 - 2023-11-21
4.5.0 - 2023-11-18
4.4.1 - 2023-11-14
4.4.0 - 2023-11-12
4.3.1 - 2023-11-11
4.3.0 - 2023-11-03
4.2.0 - 2023-10-31
4.1.6 - 2023-10-31
4.1.5 - 2023-10-28
4.1.4 - 2023-10-16
4.1.3 - 2023-10-15
4.1.1 - 2023-10-15
4.1.0 - 2023-10-14
4.0.2 - 2023-10-06
4.0.1 - 2023-10-06
4.0.0 - 2023-10-05
4.0.0-25 - 2023-10-05
4.0.0-24 - 2023-10-03
4.0.0-23 - 2023-09-26
4.0.0-22 - 2023-09-26
4.0.0-21 - 2023-09-24
4.0.0-20 - 2023-09-24
4.0.0-19 - 2023-09-15
4.0.0-18 - 2023-09-15
4.0.0-17 - 2023-09-15
4.0.0-16 - 2023-09-15
4.0.0-15 - 2023-09-15
4.0.0-14 - 2023-09-15
4.0.0-13 - 2023-08-24
4.0.0-12 - 2023-08-23
4.0.0-10 - 2023-08-21
4.0.0-9 - 2023-08-20
4.0.0-8 - 2023-08-20
4.0.0-7 - 2023-08-20
4.0.0-6 - 2023-08-20
4.0.0-5 - 2023-08-20
4.0.0-4 - 2023-08-04
4.0.0-3 - 2023-08-04
4.0.0-2 - 2023-08-01
4.0.0-1 - 2023-08-01
3.29.4 - 2023-09-28
3.29.3 - 2023-09-24
3.29.2 - 2023-09-15
3.29.1 - 2023-09-10
3.29.0 - 2023-09-06
3.28.1 - 2023-08-22
3.28.0 - 2023-08-09
3.27.2 - 2023-08-04
3.27.1 - 2023-08-03
3.27.0 - 2023-07-28
3.26.3 - 2023-07-17
3.26.2 - 2023-07-06
3.26.1 - 2023-07-05
3.26.0 - 2023-06-30
3.25.3 - 2023-06-26
3.25.2 - 2023-06-24
3.25.1 - 2023-06-12
3.25.0 - 2023-06-11
3.24.1 - 2023-06-10
3.24.0 - 2023-06-07
3.23.1 - 2023-06-04
3.23.0 - 2023-05-22
3.22.1 - 2023-05-21
3.22.0 - 2023-05-17
3.22.0-0 - 2023-05-13
3.21.8 - 2023-05-16
3.21.7 - 2023-05-13
3.21.6 - 2023-05-09
3.21.5 - 2023-05-05
3.21.4 - 2023-05-03
3.21.3 - 2023-05-02
3.21.2 - 2023-04-30
3.21.1 - 2023-04-29
3.21.0 - 2023-04-23
3.20.7 - 2023-04-21
3.20.6 - 2023-04-18
3.20.5 - 2023-04-18
3.20.4 - 2023-04-17
3.20.3 - 2023-04-16
3.20.3-0 - 2023-04-14
3.20.2 - 2023-03-24
3.20.1 - 2023-03-23
3.20.0 - 2023-03-20
3.19.1 - 2023-03-10
3.19.0 - 2023-03-09
3.18.0 - 2023-03-01
3.18.0-0 - 2023-02-27
3.17.3 - 2023-02-25
3.17.3-1 - 2023-02-23
3.17.3-0 - 2023-02-22
3.17.2 - 2023-02-20
3.17.1 - 2023-02-18
3.17.0 - 2023-02-18
3.16.0 - 2023-02-17
3.15.1-1 - 2023-02-14
3.15.1-0 - 2023-02-13
3.15.0 - 2023-02-10
3.14.0 - 2023-02-05
3.13.0 - 2023-02-03
3.12.1 - 2023-02-01
3.12.0 - 2023-01-28
3.11.0 - 2023-01-26
3.10.1 - 2023-01-20
3.10.0 - 2023-01-12
3.9.1 - 2023-01-02
3.9.0 - 2022-12-28
3.8.1 - 2022-12-23
3.8.0 - 2022-12-22
3.7.6-0 - 2022-12-18
3.7.5 - 2022-12-17
3.7.5-0 - 2022-12-16
3.7.4 - 2022-12-13
3.7.3 - 2022-12-11
3.7.3-0 - 2022-12-10
3.7.2 - 2022-12-10
3.7.1 - 2022-12-09
3.7.1-0 - 2022-12-08
3.7.0 - 2022-12-08
3.6.1-0 - 2022-12-06
3.6.0 - 2022-12-05
3.6.0-1 - 2022-12-05
3.6.0-0 - 2022-11-27
3.5.1 - 2022-12-01
3.5.0 - 2022-11-27
3.5.0-0 - 2022-11-25
3.4.0 - 2022-11-22
3.4.0-1 - 2022-11-21
3.4.0-0 - 2022-11-18
3.3.0 - 2022-11-12
3.3.0-0 - 2022-11-08
3.2.5 - 2022-11-01
3.2.4 - 2022-10-31
3.2.3 - 2022-10-18
3.2.2 - 2022-10-16
3.2.1 - 2022-10-16
3.2.0 - 2022-10-15
3.1.0 - 2022-10-12
3.0.1 - 2022-10-12
3.0.0 - 2022-10-11
3.0.0-8 - 2022-10-11
3.0.0-7 - 2022-09-23
3.0.0-6 - 2022-09-06
3.0.0-5 - 2022-08-31
3.0.0-4 - 2022-08-15
3.0.0-3 - 2022-07-30
3.0.0-2 - 2022-07-15
3.0.0-1 - 2022-07-08
3.0.0-0 - 2022-07-05
2.79.1 - 2022-09-22
2.79.0 - 2022-08-31
2.78.1 - 2022-08-19
2.78.0 - 2022-08-14
2.77.4-1 - 2022-12-07
2.77.4-0 - 2022-12-04
2.77.3 - 2022-08-11
2.77.2 - 2022-07-27
2.77.1 - 2022-07-26
2.77.0 - 2022-07-15
2.76.0 - 2022-07-08
2.75.7 - 2022-06-20
2.75.6 - 2022-06-07

from rollup GitHub release notes

Commit messages

Package name: rollup

1c8afed 4.13.0
341d987 Add locations to logs, warnings and error messages (linter fails after running make test-addons nodejs/node#5424)
bbcdac3 chore: fix typo (http_parser: use MakeCallback nodejs/node#5419)
10bdaa3 chore(deps): lock file maintenance (src,tools: allow utf-8 in built-in js source code nodejs/node#5418)
c2c37ec chore(deps): lock file maintenance minor/patch updates (Ability to obtain the default gateway nodejs/node#5417)
f44dac3 4.12.1
cc7003f Chunk assignment - Fix comment line breaks and typo (Unexpected token error for rest parameter nodejs/node#5411)
ce6cb93 fix: escape ids in `import.meta.ROLLUP_FILE_URL_referenceId` correctly (Release proposal: v0.10.43 (Maintenance) nodejs/node#5404)
240be0b Improve documentation for AST nodes
536444c chore(deps): lock file maintenance (dgram: handle default address case when offset and length are specified nodejs/node#5407)
7207ff0 chore(deps): lock file maintenance minor/patch updates (doc: explicit about VS 2015 support in readme nodejs/node#5406)
27690dc Update contributing guide
265bb9a chore(deps): lock file maintenance minor/patch updates (doc: copyedit util doc nodejs/node#5399)
67d7f10 Rename `getRollupEror` to `getRollupError` (dgram: socket.send without address fails with weird error on 5.7 nodejs/node#5398)
c9b3655 List all authors in release notes
0146b84 4.12.0
14c9662 Improve performance by directly constructing AST from buffer (doc, installer: win - new logo in installer nodejs/node#5391)
5493159 chore(deps): lock file maintenance minor/patch updates (Linter breaking since update to eslint 2.x nodejs/node#5395)
4d92403 chore(deps): update typescript-eslint monorepo to v7 (major) (url: fix off-by-one error with parse() nodejs/node#5394)
cae6935 chore(deps): update dependency eslint-plugin-unicorn to v51 (url.parse result differences in 5.7.x to 5.6.x nodejs/node#5393)
90ad652 4.11.0
d6fd383 Add const reassign rule (repl: accept no arguments to start() nodejs/node#5388)
f74d0a9 fix: separately export `__proto__` for compatibility with CJS Transpiler Re-exports (url: group slashed protocols by protocol name nodejs/node#5380)
7624208 4.10.0

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade rollup from 2.75.6 to 4.13.0. See this package in npm: https://www.npmjs.com/package/rollup See this project in Snyk: https://app.snyk.io/org/cmaier274/project/5dd2da43-0126-40f8-9b8a-3a8f98cde033?utm_source=github&utm_medium=referral&page=upgrade-pr

[Snyk] Upgrade rollup from 2.75.6 to 4.13.0 #4

Are you sure you want to change the base?

[Snyk] Upgrade rollup from 2.75.6 to 4.13.0 #4

Uh oh!

Conversation

Clemens-git76 commented Apr 16, 2024

Snyk has created this PR to upgrade rollup from 2.75.6 to 4.13.0.

4.13.0

Features

Pull Requests

4.12.1

Bug Fixes

Pull Requests

4.12.0

Features

Pull Requests

4.11.0

Features

Bug Fixes

Pull Requests

4.10.0

Features

Bug Fixes

Pull Requests

4.9.6

Bug Fixes

Pull Requests

4.9.5

Bug Fixes

Pull Requests

4.9.4

Bug Fixes

Pull Requests

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants