chore(deps): bump rollup from 4.58.0 to 4.60.2#41
Conversation
Bumps [rollup](https://github.com/rollup/rollup) from 4.58.0 to 4.60.2. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.58.0...v4.60.2) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.60.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM, straightforward dependabot patch bump for the rollup dev dependency.
Extended reasoning...
Overview
This PR bumps rollup from 4.58.0 to 4.60.2 in package-lock.json only. Rollup is a devDependency (devOptional: true in the lockfile), so the change affects the build toolchain rather than runtime code. The diff is purely the resolved versions, integrity hashes, and tarball URLs for rollup and its platform-specific optional deps.
Security risks
None apparent. Integrity hashes are updated alongside the version bumps, which is the standard npm lockfile pattern. The upstream releases (4.59.x and 4.60.x) are bug-fix releases according to the changelog (variable rendering bug, side-effect import caching).
Level of scrutiny
Low. Dependabot-generated lockfile-only patch bump on a dev-only build tool. Mechanical change with no application code modified.
Other factors
No bugs flagged by the bug hunting system, no outstanding reviewer comments, and package.json is not modified (so the declared semver range is unchanged).
1 participant
Bumps rollup from 4.58.0 to 4.60.2.
Release notes
Sourced from rollup's releases.
... (truncated)
Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
a6be82b4.60.25e6fb9ffix: reset variable render names between outputs in the same generate (#6350)7542834chore: remove cross-env from devDeps (#6358)1fa79d0chore(deps): update cross-platform-actions/action action to v1 (#6352)819332echore(deps): update dependency lru-cache to v11 (#6353)fd464a9chore(deps): lock file maintenance (#6356)e6d2ff9chore(deps): lock file maintenance (#6355)32e8517chore(deps): update minor/patch updates (#6351)1d5bcb4chore(deps): lock file maintenance (#6354)f58d278fix(deps): update swc monorepo (major) (#6348)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.