Skip to content

Fix rollup CVE-2026-27606 in example project lockfiles#8182

Merged
thatmichael85 merged 1 commit intomainfrom
users/thatmichael85/rollup-example-lockfile-fix
Feb 27, 2026
Merged

Fix rollup CVE-2026-27606 in example project lockfiles#8182
thatmichael85 merged 1 commit intomainfrom
users/thatmichael85/rollup-example-lockfile-fix

Conversation

@thatmichael85
Copy link
Contributor

@thatmichael85 thatmichael85 commented Feb 27, 2026

Summary

Regenerate lockfiles for 3 example projects to bump rollup from 4.57.1 to 4.59.0, fixing CVE-2026-27606 (HIGH severity — DOM clobbering in generated code).

Affected examples:

  • extension-vanilla-tailwind
  • extension-sveltekit-ssr-hydration
  • extension-vanilla-react-plugin-host

All other examples already had rollup@4.59.0 from PR #8173.

Test plan

  • Lockfile-only change — no code modifications
  • CI passes

@thatmichael85
Fix rollup CVE-2026-27606 in example project lockfiles
0bb9bf4 
Regenerate lockfiles for 3 example projects to bump rollup from
4.57.1 to 4.59.0, fixing CVE-2026-27606 (HIGH severity).

Affected examples:
- extension-vanilla-tailwind
- extension-sveltekit-ssr-hydration
- extension-vanilla-react-plugin-host
@vercel
Copy link

vercel bot commented Feb 27, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
lexical Building Building Preview, Comment Feb 27, 2026 6:41am
lexical-playground Building Building Preview, Comment Feb 27, 2026 6:41am

Request Review

@meta-cla meta-cla bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Feb 27, 2026
@etrepum etrepum added the extended-tests Run extended e2e tests on a PR label Feb 27, 2026
@thatmichael85 thatmichael85 added this pull request to the merge queue Feb 27, 2026
Merged via the queue into main with commit 9388374 Feb 27, 2026
43 checks passed
@etrepum etrepum mentioned this pull request Mar 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@etrepum etrepum etrepum approved these changes

@zurfyx zurfyx Awaiting requested review from zurfyx zurfyx is a code owner

@fantactuka fantactuka Awaiting requested review from fantactuka fantactuka is a code owner

@acywatson acywatson Awaiting requested review from acywatson acywatson is a code owner

@ivailop7 ivailop7 Awaiting requested review from ivailop7 ivailop7 is a code owner

@potatowagon potatowagon Awaiting requested review from potatowagon potatowagon is a code owner

@takuyakanbr takuyakanbr Awaiting requested review from takuyakanbr takuyakanbr is a code owner

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. extended-tests Run extended e2e tests on a PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thatmichael85 @etrepum