Skip to content

[Snyk] Upgrade rollup from 4.13.0 to 4.41.0 #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

[Snyk] Upgrade rollup from 4.13.0 to 4.41.0 #5

wants to merge 1 commit into from

Conversation

lordpython
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade rollup from 4.13.0 to 4.41.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 88 versions ahead of your current version.

  • The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JS-ROLLUP-8073097		 576 Proof of Concept
Release notes
Package name: rollup
  • 4.41.0 - 2025-05-18

    4.41.0

    2025-05-18

    Features

    • Detect named exports in more dynamic import scenarios (#5954)

    Pull Requests

  • 4.40.2 - 2025-05-06

    4.40.2

    2025-05-06

    Bug Fixes

    • Create correct IIFE/AMD/UMD bundles when using a mutable default export (#5934)
    • Fix execution order when using top-level await for dynamic imports with inlineDynamicImports (#5937)
    • Throw when the output is watched in watch mode (#5939)

    Pull Requests

    • #5934: fix(exports): avoid "exports is not defined" ReferenceError (@ dasa)
    • #5937: consider TLA imports have higher execution priority (@ TrickyPi)
    • #5939: fix: watch mode input should not be an output subpath (@ btea)
    • #5940: chore(deps): update dependency vite to v6.3.4 [security] (@ renovate[bot])
    • #5941: chore(deps): update dependency eslint-plugin-unicorn to v59 (@ renovate[bot])
    • #5942: fix(deps): lock file maintenance minor/patch updates (@ renovate[bot])
    • #5943: fix(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • 4.40.1 - 2025-04-28

    4.40.1

    2025-04-28

    Bug Fixes

    • Limit hash size for asset file names to the supported 21 (#5921)
    • Do not inline user-defined entry chunks or chunks with explicit file name (#5923)
    • Avoid top-level-await cycles when non-entry chunks use top-level await (#5930)
    • Expose package.json via exports (#5931)

    Pull Requests

    • #5921: fix(assetFileNames): reduce max hash size to 21 (@ shulaoda)
    • #5923: fix: generate the separate chunk for the entry module with explicated chunk filename or name (@ TrickyPi)
    • #5926: fix(deps): update rust crate swc_compiler_base to v18 (@ renovate[bot])
    • #5927: fix(deps): lock file maintenance minor/patch updates (@ renovate[bot])
    • #5928: fix(deps): lock file maintenance minor/patch updates (@ renovate[bot])
    • #5930: Avoid chunks TLA dynamic import circular when TLA dynamic import used in non-entry modules (@ TrickyPi)
    • #5931: chore: add new ./package.json entry (@ JounQin, @ lukastaegert)
    • #5936: fix(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • 4.40.0 - 2025-04-12

    4.40.0

    2025-04-12

    Features

    • Only show eval warnings on first render and only when the call is not tree-shaken (#5892)
    • Tree-shake non-included dynamic import members when the handler just maps to one named export (#5898)

    Bug Fixes

    • Consider dynamic imports nested within top-level-awaited dynamic import expressions to be awaited as well (#5900)
    • Fix namespace rendering when tree-shaking is disabled (#5908)
    • When using multiple transform hook filters, all of them need to be satisfied together (#5909)

    Pull Requests

  • 4.39.0 - 2025-04-02

    4.39.0

    2025-04-02

    Features

    • Do not create separate facade chunks if a chunk would contain several entry modules that allow export extension if there are no export name conflicts (#5891)

    Bug Fixes

    • Mark the id property as optional in the filter for the resolveId hook (#5896)

    Pull Requests

  • 4.38.0 - 2025-03-29

    4.38.0

    2025-03-29

    Features

    • Support .filter option in resolveId, load and transform hooks (#5882)

    Pull Requests

  • 4.37.0 - 2025-03-23

    4.37.0

    2025-03-23

    Features

    • Support Musl Linux on Riscv64 architectures (#5726)
    • Handles class decorators placed before the export keyword (#5871)

    Bug Fixes

    • Log Rust panic messages to the console when using the WASM build (#5875)

    Pull Requests

  • 4.36.0 - 2025-03-17

    4.36.0

    2025-03-17

    Features

    • Extend renderDynamicImport hook to provide information about static dependencies of the imported module (#5870)
    • Export several additional types used by Vite (#5879)

    Bug Fixes

    • Do not merge chunks if that would create a top-level await cycle between chunks (#5843)

    Pull Requests

  • 4.35.0 - 2025-03-08

    4.35.0

    2025-03-08

    Features

    • Pass build errors to the closeBundle hook (#5867)

    Pull Requests

  • 4.34.9 - 2025-03-01

    4.34.9

    2025-03-01

    Bug Fixes

    • Support JSX modes in WASM (#5866)
    • Allow the CustomPluginOptions to be extended (#5850)

    Pull Requests

  • 4.34.8 - 2025-02-17
  • 4.34.7 - 2025-02-14
  • 4.34.6 - 2025-02-07
  • 4.34.5 - 2025-02-07
  • 4.34.4 - 2025-02-05
  • 4.34.3 - 2025-02-05
  • 4.34.2 - 2025-02-04
  • 4.34.1 - 2025-02-03
  • 4.34.0 - 2025-02-01
  • 4.33.0 - 2025-02-01
  • 4.33.0-0 - 2025-01-28
  • 4.32.1 - 2025-01-28
  • 4.32.0 - 2025-01-24
  • 4.31.0 - 2025-01-19
  • 4.31.0-0 - 2025-01-14
  • 4.30.1 - 2025-01-07
  • 4.30.0 - 2025-01-06
  • 4.30.0-1 - 2024-12-30
  • 4.30.0-0 - 2024-12-21
  • 4.29.2 - 2025-01-05
  • 4.29.1 - 2024-12-21
  • 4.29.0 - 2024-12-20
  • 4.29.0-2 - 2024-12-20
  • 4.29.0-1 - 2024-12-19
  • 4.29.0-0 - 2024-12-16
  • 4.28.1 - 2024-12-06
  • 4.28.0 - 2024-11-30
  • 4.27.4 - 2024-11-23
  • 4.27.3 - 2024-11-18
  • 4.27.2 - 2024-11-15
  • 4.27.1 - 2024-11-15
  • 4.27.1-1 - 2024-11-15
  • 4.27.1-0 - 2024-11-15
  • 4.27.0 - 2024-11-15
  • 4.27.0-1 - 2024-11-14
  • 4.27.0-0 - 2024-11-13
  • 4.26.0 - 2024-11-13
  • 4.25.0 - 2024-11-09
  • 4.25.0-0 - 2024-10-29
  • 4.24.4 - 2024-11-04
  • 4.24.3 - 2024-10-29
  • 4.24.2 - 2024-10-27
  • 4.24.1 - 2024-10-27
  • 4.24.0 - 2024-10-02
  • 4.23.0 - 2024-10-01
  • 4.22.5 - 2024-09-27
  • 4.22.4 - 2024-09-21
  • 4.22.3 - 2024-09-21
  • 4.22.3-0 - 2024-09-20
  • 4.22.2 - 2024-09-20
  • 4.22.1 - 2024-09-20
  • 4.22.0 - 2024-09-19
  • 4.21.3 - 2024-09-12
  • 4.21.2 - 2024-08-30
  • 4.21.1 - 2024-08-26
  • 4.21.0 - 2024-08-18
  • 4.20.0 - 2024-08-03
  • 4.19.2 - 2024-08-01
  • 4.19.1 - 2024-07-27
  • 4.19.0 - 2024-07-20
  • 4.18.1 - 2024-07-08
  • 4.18.0 - 2024-05-22
  • 4.17.2 - 2024-04-30
  • 4.17.1 - 2024-04-29
  • 4.17.0 - 2024-04-27
  • 4.16.4 - 2024-04-23
  • 4.16.3 - 2024-04-23
  • 4.16.2 - 2024-04-22
  • 4.16.1 - 2024-04-21
  • 4.16.0 - 2024-04-21
  • 4.15.0 - 2024-04-20
  • 4.14.3 - 2024-04-15
  • 4.14.2 - 2024-04-12
  • 4.14.1 - 2024-04-07
  • 4.14.0 - 2024-04-03
  • 4.13.2 - 2024-03-28
  • 4.13.1 - 2024-03-27
  • 4.13.1-1 - 2024-03-24
  • 4.13.0 - 2024-03-12
from rollup GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade rollup from 4.13.0 to 4.41.0
aafb43e 
Snyk has created this PR to upgrade rollup from 4.13.0 to 4.41.0.

See this package in npm:
rollup

See this project in Snyk:
https://app.snyk.io/org/lordpython/project/71a0b313-7a80-4097-a7f0-2101aa3b377c?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lordpython @snyk-bot