[Snyk] Upgrade rollup from 2.7.2 to 2.63.0 #56

snyk-bot · 2022-01-31T13:57:33Z

Snyk has created this PR to upgrade rollup from 2.7.2 to 2.63.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 158 versions ahead of your current version.
The recommended version was released a month ago, on 2022-01-04.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-AJV-584908	405/1000 Why? CVSS 8.1	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	405/1000 Why? CVSS 8.1	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	405/1000 Why? CVSS 8.1	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	405/1000 Why? CVSS 8.1	Proof of Concept
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	405/1000 Why? CVSS 8.1	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	405/1000 Why? CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	405/1000 Why? CVSS 8.1	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	405/1000 Why? CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	405/1000 Why? CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

2.63.0 - 2022-01-04
2022-01-04

Features
- Report a helpful error if rollup exits due to an empty event loop when using this.load (#4320)
- Allow directly mutating ModuleInfo.meta for modules and never replace this object (#4328)
- Detect additional side effect free array prototype methods (#4332)
Bug Fixes
- Do not watch if CLI watch options are specified but --watch is missing (#4335)
Pull Requests
- #4320: Detect unfulfilled async hook actions and report error on exit (@ kzc)
- #4328: Make initial ModuleInfo.meta mutable and maintain object identity (@ lukastaegert)
- #4318: Stabilize watch tests (@ lukastaegert)
- #4331: Improve JS docs example (@ lukastaegert)
- #4332: add support for Array.prototype.findLast,findLastIndex (@ dnalborczyk)
- #4333: convert utils.transform to async function (@ dnalborczyk)
- #4335: Do not watch unless --watch is specified explicitly (@ lukastaegert)
- #4338: Add build delay for plugin event test (@ lukastaegert)
2.62.0 - 2021-12-24
2021-12-24

Features
- Mark additional string prototype methods as side-effect-free and correct typings of existing ones (#4299)
- Mark additional array prototype methods as side-effect-free and correct typings of existing ones (#4309)
- Expose if a module is included after tree-shaking in its ModuleInfo (#4305)
Bug Fixes
- Fix how fsevents is included to improve watch mode on MacOS (#4312)
Pull Requests
- #4299: Add additional string prototype methods (@ dnalborczyk)
- #4300: Bump deps, fix expected test result for core-js (@ dnalborczyk)
- #4302: Replace type assertion with type guard (@ dnalborczyk)
- #4304: Re-use reserved names set (@ dnalborczyk)
- #4305: Expose isIncluded in module info (@ william57m)
- #4306: Fix git line breaks on windows (@ dnalborczyk)
- #4307: Add macos to pipeline (@ dnalborczyk)
- #4309: Add additional array prototype methods (@ dnalborczyk)
- #4311: Add Deno instructions to docs (@ jespertheend)
- #4312: fsevents integration (@ dnalborczyk)
- #4313: Remove non-existing static functions from known globals (@ dnalborczyk)
2.61.1 - 2021-12-11
2021-12-11

Bug Fixes
- Only resolve this.load once the code of the module is available (#4296)
Pull Requests
- #4296: Make sure this.load waits for modules that are already loading (@ lukastaegert)
- #4298: use set for reserved words (@ dnalborczyk)
2.61.0 - 2021-12-09
2021-12-09

Features
- Support ergonomic brand checks for private fields (#4293)
Bug Fixes
- Improve handling of directory creation on systems with restrictive open files limit (#4288)
Pull Requests
- #4288: modifymkdirpath (@ mgrabowski84)
- #4293: bump deps (@ dnalborczyk)
2.60.2 - 2021-11-30
2021-11-30

Bug Fixes
- Produce correct output when dynamic import paths contain quotes (#4286)
Pull Requests
- #4286: Escape dynamic import paths (@ danielroe)
2.60.1 - 2021-11-22
2021-11-22

Bug Fixes
- Make sure virtual files have proper file extensions when preserving modules (#4270)
Pull Requests
- #4270: Use entryFileNames when generating filenames for virtual modules (@ BPScott)
2.60.0 - 2021-11-12
2021-11-11

Features
- Add this.load context function to load, transform and parse modules without adding them to the graph (#4234)
- Sanitize non-url-safe characters in generated chunk names by default (#4262)
- Support ESM plugins via command line (#4265)
Pull Requests
- #4234: Plugin context function for pre-loading modules (@ lukastaegert)
- #4262: exclude invalid URL chars (@ danielroe)
- #4265: support loading ESM plugins from the CLI via --plugin (@ kzc)
2.59.0 - 2021-11-01
2021-11-01

Features
- Support static class initialization blocks (#4249)
Bug Fixes
- Fix an issue with the CommonJS plugin when module.exports has inherited properties (#4256)
Pull Requests
- #4236: typescript bug class field initialization order (@ dnalborczyk)
- #4249: Support for class static initialization block (@ dnalborczyk and @ lukastaegert)
- #4256: Skip inherited properties in synthetic namespaces (@ lukastaegert)
2.59.0-1 - 2021-11-11
2.59.0-1
2.59.0-0 - 2021-10-23
2.58.3 - 2021-10-25
2.58.3
2.58.2 - 2021-10-25
2.58.1 - 2021-10-25
2.58.0 - 2021-10-01
2.57.0 - 2021-09-22
2.56.3 - 2021-08-23
2.56.2 - 2021-08-10
2.56.1 - 2021-08-08
2.56.0 - 2021-08-05
2.55.1 - 2021-07-29
2.55.0 - 2021-07-28
2.54.0 - 2021-07-25
2.53.3 - 2021-07-21
2.53.2 - 2021-07-15
2.53.1 - 2021-07-11
2.53.0 - 2021-07-09
2.52.8 - 2021-07-07
2.52.7 - 2021-07-02
2.52.6 - 2021-07-01
2.52.5 - 2021-07-01
2.52.4 - 2021-06-30
2.52.3 - 2021-06-25
2.52.2 - 2021-06-21
2.52.1 - 2021-06-17
2.52.0 - 2021-06-16
2.51.2 - 2021-06-11
2.51.1 - 2021-06-08
2.51.0 - 2021-06-06
2.50.6 - 2021-06-03
2.50.5 - 2021-05-30
2.50.4 - 2021-05-29
2.50.3 - 2021-05-28
2.50.2 - 2021-05-27
2.50.1 - 2021-05-26
2.50.0 - 2021-05-25
2.49.0 - 2021-05-23
2.49.0-1 - 2021-05-20
2.49.0-0 - 2021-05-18
2.48.0 - 2021-05-15
2.47.0 - 2021-05-04
2.46.0 - 2021-04-29
2.45.2 - 2021-04-13
2.45.1 - 2021-04-10
2.45.0 - 2021-04-09
2.44.0 - 2021-03-29
2.43.1 - 2021-03-28
2.43.0 - 2021-03-27
2.42.4 - 2021-03-24
2.42.3 - 2021-03-22
2.42.2 - 2021-03-22
2.42.1 - 2021-03-20
2.42.0 - 2021-03-19
2.41.5 - 2021-03-18
2.41.4 - 2021-03-16
2.41.3 - 2021-03-16
2.41.2 - 2021-03-12
2.41.1 - 2021-03-11
2.41.0 - 2021-03-09
2.40.0 - 2021-02-26
2.39.1 - 2021-02-23
2.39.0 - 2021-02-12
2.38.5 - 2021-02-05
2.38.4 - 2021-02-02
2.38.3 - 2021-02-01
2.38.2 - 2021-01-31
2.38.1 - 2021-01-28
2.38.0 - 2021-01-22
2.37.1 - 2021-01-20
2.37.0 - 2021-01-19
2.36.2 - 2021-01-16
2.36.1 - 2021-01-06
2.36.0 - 2021-01-05
2.35.1 - 2020-12-14
2.35.0 - 2020-12-14
2.34.2 - 2020-12-06
2.34.1 - 2020-12-03
2.34.0 - 2020-11-29
2.33.3 - 2020-11-18
2.33.2 - 2020-11-14
2.33.1 - 2020-11-02
2.33.0 - 2020-11-01
2.32.1 - 2020-10-21
2.32.0 - 2020-10-16
2.31.0 - 2020-10-15
2.30.0 - 2020-10-13
2.29.0 - 2020-10-08
2.28.2 - 2020-09-24
2.28.1 - 2020-09-21
2.28.0 - 2020-09-21
2.27.1 - 2020-09-17
2.27.0 - 2020-09-16
2.26.11 - 2020-09-08
2.26.10 - 2020-09-04
2.26.9 - 2020-09-01
2.26.8 - 2020-08-29
2.26.7 - 2020-08-28
2.26.6 - 2020-08-27
2.26.5 - 2020-08-22
2.26.4 - 2020-08-19
2.26.3 - 2020-08-16
2.26.2 - 2020-08-16
2.26.1 - 2020-08-16
2.26.0 - 2020-08-15
2.25.0 - 2020-08-14
2.24.0 - 2020-08-13
2.23.1 - 2020-08-07
2.23.0 - 2020-07-23
2.22.2 - 2020-07-22
2.22.1 - 2020-07-18
2.22.0 - 2020-07-18
2.21.0 - 2020-07-07
2.20.0 - 2020-07-06
2.19.0 - 2020-07-05
2.18.2 - 2020-07-02
2.18.1 - 2020-06-26
2.18.0 - 2020-06-22
2.17.1 - 2020-06-19
2.17.0 - 2020-06-17
2.16.1 - 2020-06-13
2.16.0 - 2020-06-12
2.15.0 - 2020-06-08
2.14.0 - 2020-06-07
2.13.1 - 2020-06-04
2.13.0 - 2020-06-03
2.12.1 - 2020-06-02
2.12.0 - 2020-05-31
2.11.2 - 2020-05-28
2.11.1 - 2020-05-28
2.11.0 - 2020-05-27
2.10.9 - 2020-05-24
2.10.8 - 2020-05-23
2.10.7 - 2020-05-22
2.10.6 - 2020-05-22
2.10.5 - 2020-05-19
2.10.4 - 2020-05-19
2.10.3 - 2020-05-18
2.10.2 - 2020-05-15
2.10.1 - 2020-05-15
2.10.0 - 2020-05-13
2.9.1 - 2020-05-11
2.9.0 - 2020-05-10
2.8.2 - 2020-05-07
2.8.1 - 2020-05-07
2.8.0 - 2020-05-06
2.7.6 - 2020-04-30
2.7.5 - 2020-04-29
2.7.4 - 2020-04-29
2.7.3 - 2020-04-27
2.7.2 - 2020-04-22

from rollup GitHub release notes

Commit messages

Package name: rollup

ae674c9 2.63.0
27196a0 Update changelog
cf53733 Add build delay for plugin event test (update ecosystem docs formatting reduxjs/redux#4338)
0ceee1d Detect unfulfilled async hook actions and report error on exit (Stop supporting IE 11 reduxjs/redux#4320)
2fea0d7 Make initial ModuleInfo.meta mutable and maintain object identity (Fix typos reduxjs/redux#4328)
a54b798 Improve JS docs example (Update writing-logic-thunks.mdx reduxjs/redux#4331)
342ba2c feat: add support for Array.prototype.findLast,findLastIndex (Add "Why RTK is Redux Today" page and bump Docusaurus reduxjs/redux#4332)
3943111 refactor: convert utils.transform to async function (Typo fix reduxjs/redux#4333)
ba7fc53 Do not watch unless --watch is specified explicitly (Top documentation result in Google 404s reduxjs/redux#4335)
7f55571 Stabilize watch tests (Add explanation for returning payload reduxjs/redux#4318)
2a899d5 Update changelog
81ce56f 2.62.0
0a905e2 Update changelog
edb7982 refactor: re-use reserved names set ([#4299] Fix position of Priority Tags reduxjs/redux#4304)
a993426 fix: replace type assertion with type guard (Create .tas.yml reduxjs/redux#4302)
9927fda chore: remove non-existing static functions from known globals (Added link to React Fragments documentation reduxjs/redux#4313)
84d2382 Add Deno instructions to docs (Revamp rollup.config.js reduxjs/redux#4311)
473568c feat: add additional array prototype methods (There is no need to change innerHTML to insert values from the store there - it is enough to change innerText reduxjs/redux#4309)
e17a379 ci: add macos to pipeline (#4307)
48f0e31 fix: fsevents integration (experiment: clean $CombinedState out from getState reduxjs/redux#4312)
83af3aa feat: add additional string prototype methods ([Docs Fix] Align Tag with Heading in Style Guide reduxjs/redux#4299)
a37e6ad Expose isIncluded in module info (Fix incorrect component/file name reduxjs/redux#4305)
5d43bd6 build: fix git line breaks on windows ([DOCS] Fix incorrect component/file name reduxjs/redux#4306)
28cc198 chore: bump deps, fix expected test result for core-js (Reference to old redux-devtools-extension reduxjs/redux#4300)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade rollup from 2.7.2 to 2.63.0. See this package in npm: https://www.npmjs.com/package/rollup See this project in Snyk: https://app.snyk.io/org/hafixo/project/9b5e10ab-6024-423a-a5e4-80a2559ec98b?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade rollup from 2.7.2 to 2.63.0 #56

[Snyk] Upgrade rollup from 2.7.2 to 2.63.0 #56

snyk-bot commented Jan 31, 2022

Features

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Features

Pull Requests

Features

Bug Fixes

Pull Requests

[Snyk] Upgrade rollup from 2.7.2 to 2.63.0 #56

Are you sure you want to change the base?

[Snyk] Upgrade rollup from 2.7.2 to 2.63.0 #56

Conversation

snyk-bot commented Jan 31, 2022

Snyk has created this PR to upgrade rollup from 2.7.2 to 2.63.0.

Features

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Features

Pull Requests

Features

Bug Fixes

Pull Requests