Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix DOM Clobbering CVE #5671

Merged
merged 1 commit into from
Sep 21, 2024
Merged

Fix DOM Clobbering CVE #5671

merged 1 commit into from
Sep 21, 2024

Conversation

lukastaegert
Copy link
Member

This PR contains:

  • bugfix
  • feature
  • refactor
  • documentation
  • other

Are tests included?

  • yes (bugfixes and features will not be merged without tests)
  • no

Breaking Changes?

  • yes (breaking changes will not be merged unless absolutely necessary)
  • no

List any relevant issue numbers:

Description

This is a fix for a reported CVE, details will be included there

@vercel Vercel
Copy link

vercel bot commented Sep 21, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
rollup ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 21, 2024 5:45am

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 21, 2024
edited
Loading

Thank you for your contribution! ❤️

You can try out this pull request locally by installing Rollup via

npm install rollup/rollup#dom-clobbering-cve

Notice: Ensure you have installed the latest stable Rust toolchain. If you haven't installed it yet, please see https://www.rust-lang.org/tools/install to learn how to download Rustup and install Rust.

or load it into the REPL:
https://rollup-7zdmawtic-rollup-js.vercel.app/repl/?pr=5671

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 21, 2024
edited
Loading

Performance report!

Rough benchmark

Command Mean [s] Min [s] Max [s] Relative
node _benchmark/previous/bin/rollup -i ./perf/entry.js -o _benchmark/result/previous.js 9.145 ± 0.083 9.051 9.206 1.00
node _benchmark/current/bin/rollup -i ./perf/entry.js -o _benchmark/result/current.js 9.218 ± 0.076 9.149 9.299 1.01 ± 0.01

Internal benchmark

  • BUILD: 8265ms, 753 MB
    • initialize: 0ms, 26.1 MB
    • generate module graph: 3192ms, 575 MB
      • generate ast: 1551ms, 568 MB
    • sort and bind modules: 446ms, 617 MB
    • mark included statements: 4608ms, 753 MB
      • treeshaking pass 1: 1585ms, 718 MB
      • treeshaking pass 2: 758ms, 738 MB
      • treeshaking pass 3: 293ms, 746 MB
      • treeshaking pass 4: 273ms, 744 MB
      • treeshaking pass 5: 315ms, 752 MB
      • treeshaking pass 6: 259ms, 748 MB
      • treeshaking pass 7: 242ms, 754 MB
      • treeshaking pass 8: 235ms, 752 MB
      • treeshaking pass 9: 214ms, 753 MB
      • treeshaking pass 10: 215ms, 753 MB
      • treeshaking pass 11: 213ms, 753 MB
  • GENERATE: 898ms, 1.02 GB
    • initialize render: 0ms, 914 MB
    • generate chunks: 89ms, 917 MB
      • optimize chunks: 0ms, 917 MB
    • render chunks: 786ms, 1 GB
    • transform chunks: 19ms, 1.02 GB
    • generate bundle: 0ms, 1.02 GB

@codecov Codecov
Copy link

codecov bot commented Sep 21, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.39%. Comparing base (10ab90e) to head (72bfc9c).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #5671   +/-   ##
=======================================
  Coverage   99.39%   99.39%           
=======================================
  Files         242      242           
  Lines        9352     9352           
  Branches     2473     2473           
=======================================
  Hits         9295     9295           
  Misses         48       48           
  Partials        9        9

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lukastaegert lukastaegert merged commit e2552c9 into master Sep 21, 2024
39 checks passed
@lukastaegert lukastaegert deleted the dom-clobbering-cve branch September 21, 2024 05:58
@github-actions GitHub Actions
Copy link

This PR has been released as part of rollup@4.22.4. You can test it via npm install rollup.

@fabianszabo fabianszabo mentioned this pull request Sep 24, 2024
Merged
9 tasks
@ybiquitous ybiquitous mentioned this pull request Sep 28, 2024
Merged
@himself65 himself65 mentioned this pull request Oct 4, 2024
Merged
This was referenced Oct 19, 2024
Open
Open
Open
@nerds-github nerds-github mentioned this pull request Oct 24, 2024
Open
@leonardoadame leonardoadame mentioned this pull request Oct 28, 2024
Open
@YashGovekar YashGovekar mentioned this pull request Oct 30, 2024
Open
@FuhuXia FuhuXia mentioned this pull request Nov 2, 2024
Merged
@leonardoadame leonardoadame mentioned this pull request Nov 2, 2024
Open
@YashGovekar YashGovekar mentioned this pull request Nov 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lukastaegert