[Snyk] Upgrade rollup from 1.26.5 to 1.32.1 #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade rollup from 1.26.5 to 1.32.1. See this package in npm: https://www.npmjs.com/package/rollup See this project in Snyk: https://app.snyk.io/org/javakian/project/cda7bf46-0c97-4627-8f06-862a97258585?utm_source=github&utm_medium=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade rollup from 1.26.5 to 1.32.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-Y18N-1021887
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODESASS-535497
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LODASH-608086
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LODASH-590103
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LODASH-1040724
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-INI-1048974
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HANDLEBARS-534988
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HANDLEBARS-534478
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-BL-608877
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-BL-608877
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ACORN-559469
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-UNDEFSAFE-548940
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODESASS-542662
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODEFETCH-674311
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LODASH-567746
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LODASH-1018905
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HTTPPROXY-569139
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HANDLEBARS-567742
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HANDLEBARS-1056767
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-DOTPROP-543489
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-DECOMPRESS-557358
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AXIOS-1038255
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-KINDOF-537849
Why? Proof of Concept exploit, CVSS 7.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: rollup
-
1.32.1 - 2020-03-06
- Handle default export detection for AMD and IIFE externals that do not have a prototype (#3420)
- Handle missing whitespace when the else branch of an if-statement is simplified (#3421)
- Mention the importing module when reporting errors for missing named exports (#3401)
- Add code to warning for missing output.name of IIFE bundles (#3372)
- #3372: Add warning code for missing output.name of IIFE bundle that has export (@ rail44)
- #3401: Missing exports errors now print the importing module (@ timiyay)
- #3418: Structure lifecycle hooks, add links to build time hooks (@ lukastaegert)
- #3420: Update generated code of getInteropBlock() to work with null prototype objects (@ jdalton)
- #3421: Avoid invalid code when "else" branch is simplified (@ lukastaegert)
-
1.32.0 - 2020-02-28
- Allow adding plugins on the command line via
- #3379: introduce CLI --plugin support (@ kzc)
- #3390: fix typo: this.addWatchfile (@ mistlog)
- #3392: Bump codecov from 3.6.1 to 3.6.5
- #3404: Update resolveFileUrl docs (@ jakearchibald)
-
1.31.1 - 2020-02-14
- Make sure errored files are always re-evaluated in watch mode to avoid an issue in the typescript plugin (#3388)
- #3366: Correct spelling minifaction to minification (@ VictorHom)
- #3371: Adjust bug template to mention REPL.it (@ lukastaegert)
- #3388: Run transform hooks again in watch mode on files that errored (@ lukastaegert)
-
1.31.0 - 2020-01-31
- Always disable tree-shaking for asm.js functions to maintain semantics (#3362)
- #3362: Preserve asm.js code (@ lukastaegert)
-
1.30.1 - 2020-01-27
- Do not mistreat static entgry points as dynamic ones when chunking (#3357)
- Resolve a crash when chunking circular dynamic imports (#3357)
- #3357:Resolve issues with circular dynamic entries (@ lukastaegert)
-
1.30.0 - 2020-01-27
- Do not split chunks when dynamically imported modules import modules that are already loaded by all dynamic importers (#3354)
- Add
- Make sure polyfills are always loaded first when each static entry point contains them as first import (#3354)
- #3353: Add option to avoid hoisting transitive imports (@ lukastaegert)
- #3354: Improve chunking algorithm for dynamic imports (@ tjenkinson and @ lukastaegert)
-
1.29.1 - 2020-01-21
- Avoid crashes for circular reexports when named exports cannot be found (#3350)
- #3335: Fix typo (@ robbinworks)
- #3342: Remove ":" from test file names for Windows and update dependencies (@ lukastaegert)
- #3350: Properly handle circular reexports (@ lukastaegert)
-
1.29.0 - 2020-01-08
- Enable top-level await by default (#3089)
- Add typings for watch events (#3302)
- Deconflict files that would conflict only on a case-insensitive OS (#3317)
- Do not fail in certain scenarios where a logical expression inside a sequence expression was being directly included (#3327)
- #3089: Move top-level await out of experimental (@ guybedford)
- #3302: Adds type definitions for RollupWatcher events (@ NotWoods)
- #3317: Fix module id conflict on a case insensitive OS (@ yesmeck)
- #3327: Handle deoptimizations while a node is being included (@ lukastaegert)
-
1.28.0 - 2020-01-04
-
1.27.14 - 2019-12-22
-
1.27.13 - 2019-12-14
-
1.27.12 - 2019-12-13
-
1.27.11 - 2019-12-12
-
1.27.10 - 2019-12-11
-
1.27.9 - 2019-12-07
-
1.27.8 - 2019-12-02
-
1.27.7 - 2019-12-01
-
1.27.6 - 2019-11-30
-
1.27.5 - 2019-11-25
-
1.27.4 - 2019-11-22
-
1.27.3 - 2019-11-20
-
1.27.2 - 2019-11-18
-
1.27.1 - 2019-11-18
-
1.27.0 - 2019-11-12
-
1.26.5 - 2019-11-11
from rollup GitHub release notes2020-03-06
Bug Fixes
Pull Requests
2020-02-28
Features
--plugin <plugin>(#3379)Pull Requests
2020-02-14
Bug Fixes
Pull Requests
2020-01-31
Features
Pull Requests
2020-01-27
Bug Fixes
Pull Requests
2020-01-27
Features
hoistTransitiveImportsoption to disable hoisting imports of static dependencies into entry chunks (#3353)Bug Fixes
Pull Requests
2020-01-21
Bug Fixes
Pull Requests
2020-01-08
Features
Bug Fixes
Pull Requests
Commit messages
Package name: rollup
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs