[Snyk] Upgrade rollup from 2.26.6 to 2.73.0

[snyk-bot]

Snyk has created this PR to upgrade rollup from 2.26.6 to 2.73.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 126 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2022-05-13.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-NANOID-2332193	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

• 2.73.0 - 2022-05-13
  

  2022-05-13

  Features

  • Do not treat Object.defineProperty/ies as side effect when called on an unused object (#4493)
  • Do not assume that assigning a property can create a getter with side effects (#4493)
  • Do not treat string.prototype.replace(All) as side effect when used with two literals (#4493)

  Bug Fixes

  • Detect side effects when manually declaring getters on functions (#4493)

  Pull Requests

  • #4493: Handle getters on functions and improve property deoptimization (@ lukastaegert)
  • #4494: Do not treat string.replace as side effect when used with a literal (@ lukastaegert)
  • #4495: Update docs for --configPlugin using typescript (@ Jimmydalecleveland)
• 2.72.1 - 2022-05-07
  

  2022-05-07

  Bug Fixes

  • Improve tree-shaking of classes with super classes in certain scenarios (#4489)

  Pull Requests

  • #4489: Do not deoptimize entire super class when adding a property (@ lukastaegert)
• 2.72.0 - 2022-05-05
  

  2022-05-05

  Features

  • Add CLI hooks to run external commands at certain points in watch mode (#4457)

  Bug Fixes

  • Fix an issue that could accidentally treat relevant assignments as side effect free (#4486)

  Pull Requests

  • #4457: feat: CLI event hook flags (@ Harris-Miller)
  • #4486: Fix reassignment tracking (@ lukastaegert)
• 2.71.1 - 2022-04-30
  

  2022-04-30

  Bug Fixes

  • Allow importing loadConfigFile without extension (#4483)

  Pull Requests

  • #4483: Add exports exception for loadConfigFile (@ lukastaegert)
• 2.71.0 - 2022-04-30
  

  2022-04-30

  Features

  • Mark Object.hasOwn as pure (#4482)

  Bug Fixes

  • Prevent infinite recursion and display proper warning for recursive reexports (#4472)
  • Fix type issue in TypeScript nightly (#4471)

  Pull Requests

  • #4467: docs: update deprecated option in tools.md (@ kimjh96)
  • #4471: Fix: tsc did not build (@ frank-dspeed)
  • #4472: Throw proper error when indirectly reexporting a recursive binding (@ lukastaegert)
  • #4475: chore: bump deps (#4475) (@ dnalborczyk)
  • #4477: chore: bump github actions (@ dnalborczyk)
  • #4478: ci: test with node.js v18, remove v17 (@ dnalborczyk)
  • #4479: chore(repo): replace git.io in the issue template (@ SukkaW)
  • #4482: feat: add Object.hasOwn as pure function (@ dnalborczyk)
• 2.70.2 - 2022-04-15
  

  2022-04-15

  Bug Fixes

  • Do not enforce undefined return values in TypeScript types (#4463)

  Pull Requests

  • #4463: use void for options hook instead of undefined (@ ycmjason)
• 2.70.1 - 2022-03-14
  

  2022-03-14

  Bug Fixes

  • Handle unfinished hook action errors as regular errors and avoid console logging (#4434)
  • Allow access to "dist" folder in a Node 17 compatible way (#4436)

  Pull Requests

  • #4434: Track unfinished hook actions as regular errors (@ lukastaegert)
  • #4436: Update package.json (@ frank-dspeed)
• 2.70.0 - 2022-03-07
  

  2022-03-07

  Features

  • Make the watchChange and closeWatcher hooks asynchronous and make Rollup wait for these hooks before continuing (#4427)

  Bug Fixes

  • Do not abort watch mode for errors in watchChange but display them properly (#4427)

  Pull Requests

  • #4427: Do not abort watch mode on errors in watchChange (@ lukastaegert)
• 2.69.2 - 2022-03-06
  

  2022-03-06

  Bug Fixes

  • Mark Object.entries and Object.fromEntries as pure (#4429)
  • Make sure new properties on Array.prototype and Object.prototype are not evaluated as "undefined" (#4428)

  Pull Requests

  • #4428: Treat unknown prototype props as unknown (@ lukastaegert)
  • #4429: Treat unknown prototype props as unknown (@ 869288142)
• 2.69.1 - 2022-03-04
  

  2022-03-04

  Bug Fixes

  • Approximate source position instead of ignoring it when using a low-resolution source map in a transform hook (#4334)

  Pull Requests

  • #4334: fix(sourcemap): fall back to low-resolution line mapping (@ aleclarson and @ lukastaegert)
• 2.69.0 - 2022-03-02
• 2.68.0 - 2022-02-22
• 2.67.3 - 2022-02-18
• 2.67.2 - 2022-02-10
• 2.67.1 - 2022-02-07
• 2.67.0 - 2022-02-02
• 2.66.1 - 2022-01-25
• 2.66.0 - 2022-01-22
• 2.65.0 - 2022-01-21
• 2.64.0 - 2022-01-14
• 2.63.0 - 2022-01-04
• 2.62.0 - 2021-12-24
• 2.61.1 - 2021-12-11
• 2.61.0 - 2021-12-09
• 2.60.2 - 2021-11-30
• 2.60.1 - 2021-11-22
• 2.60.0 - 2021-11-12
• 2.59.0 - 2021-11-01
• 2.59.0-1 - 2021-11-11
• 2.59.0-0 - 2021-10-23
• 2.58.3 - 2021-10-25
• 2.58.2 - 2021-10-25
• 2.58.1 - 2021-10-25
• 2.58.0 - 2021-10-01
• 2.57.0 - 2021-09-22
• 2.56.3 - 2021-08-23
• 2.56.2 - 2021-08-10
• 2.56.1 - 2021-08-08
• 2.56.0 - 2021-08-05
• 2.55.1 - 2021-07-29
• 2.55.0 - 2021-07-28
• 2.54.0 - 2021-07-25
• 2.53.3 - 2021-07-21
• 2.53.2 - 2021-07-15
• 2.53.1 - 2021-07-11
• 2.53.0 - 2021-07-09
• 2.52.8 - 2021-07-07
• 2.52.7 - 2021-07-02
• 2.52.6 - 2021-07-01
• 2.52.5 - 2021-07-01
• 2.52.4 - 2021-06-30
• 2.52.3 - 2021-06-25
• 2.52.2 - 2021-06-21
• 2.52.1 - 2021-06-17
• 2.52.0 - 2021-06-16
• 2.51.2 - 2021-06-11
• 2.51.1 - 2021-06-08
• 2.51.0 - 2021-06-06
• 2.50.6 - 2021-06-03
• 2.50.5 - 2021-05-30
• 2.50.4 - 2021-05-29
• 2.50.3 - 2021-05-28
• 2.50.2 - 2021-05-27
• 2.50.1 - 2021-05-26
• 2.50.0 - 2021-05-25
• 2.49.0 - 2021-05-23
• 2.49.0-1 - 2021-05-20
• 2.49.0-0 - 2021-05-18
• 2.48.0 - 2021-05-15
• 2.47.0 - 2021-05-04
• 2.46.0 - 2021-04-29
• 2.45.2 - 2021-04-13
• 2.45.1 - 2021-04-10
• 2.45.0 - 2021-04-09
• 2.44.0 - 2021-03-29
• 2.43.1 - 2021-03-28
• 2.43.0 - 2021-03-27
• 2.42.4 - 2021-03-24
• 2.42.3 - 2021-03-22
• 2.42.2 - 2021-03-22
• 2.42.1 - 2021-03-20
• 2.42.0 - 2021-03-19
• 2.41.5 - 2021-03-18
• 2.41.4 - 2021-03-16
• 2.41.3 - 2021-03-16
• 2.41.2 - 2021-03-12
• 2.41.1 - 2021-03-11
• 2.41.0 - 2021-03-09
• 2.40.0 - 2021-02-26
• 2.39.1 - 2021-02-23
• 2.39.0 - 2021-02-12
• 2.38.5 - 2021-02-05
• 2.38.4 - 2021-02-02
• 2.38.3 - 2021-02-01
• 2.38.2 - 2021-01-31
• 2.38.1 - 2021-01-28
• 2.38.0 - 2021-01-22
• 2.37.1 - 2021-01-20
• 2.37.0 - 2021-01-19
• 2.36.2 - 2021-01-16
• 2.36.1 - 2021-01-06
• 2.36.0 - 2021-01-05
• 2.35.1 - 2020-12-14
• 2.35.0 - 2020-12-14
• 2.34.2 - 2020-12-06
• 2.34.1 - 2020-12-03
• 2.34.0 - 2020-11-29
• 2.33.3 - 2020-11-18
• 2.33.2 - 2020-11-14
• 2.33.1 - 2020-11-02
• 2.33.0 - 2020-11-01
• 2.32.1 - 2020-10-21
• 2.32.0 - 2020-10-16
• 2.31.0 - 2020-10-15
• 2.30.0 - 2020-10-13
• 2.29.0 - 2020-10-08
• 2.28.2 - 2020-09-24
• 2.28.1 - 2020-09-21
• 2.28.0 - 2020-09-21
• 2.27.1 - 2020-09-17
• 2.27.0 - 2020-09-16
• 2.26.11 - 2020-09-08
• 2.26.10 - 2020-09-04
• 2.26.9 - 2020-09-01
• 2.26.8 - 2020-08-29
• 2.26.7 - 2020-08-28
• 2.26.6 - 2020-08-27

from rollup GitHub release notes

Commit messages

Package name: rollup

• 931a199 2.73.0
• 7a78313 Update changelog
• 4079fbe Do not treat string.replace as side effect when used with a literal (add JKW_GAME platform cocos/cocos-engine#4494)
• bbd54b7 Update docs for --configPlugin using typescript (Fix opacity cascading of labelOutLine. cocos/cocos-engine#4495)
• f3a1fa3 Handle getters on functions and improve property deoptimization (add line render cocos/cocos-engine#4493)
• 8c6e0f3 2.72.1
• 5ea1b39 Update changelog
• 47d8d5a Do not deoptimize entire super class when adding a property (refine eulerAngles api doc cocos/cocos-engine#4489)
• 19aef13 2.72.0
• c890249 Update changelog
• 6195638 Fix reassignment tracking (fix euler data problem cocos/cocos-engine#4486)
• 0c75914 feat: CLI event hook flags (fix spine and dragonbones update cache bug cocos/cocos-engine#4457)
• f44a3a3 2.71.1
• e092ea6 Update changelog
• 51972b0 Add exports exception for loadConfigFile (Fix event issues cocos/cocos-engine#4483)
• edd971e Update license
• af62b71 2.71.0
• 3834704 Update changelog
• 2bbdc8e Throw proper error when indirectly reexporting a recursive binding (editbox ios上截取emoji会crash cocos/cocos-engine#4472)
• e3bfe69 ci: test with node.js v18, remove v17 (debug feature: read back mesh data cocos/cocos-engine#4478)
• 6518775 feat: add Object.hasOwn as pure function (Fix builtin physic engine bug cocos/cocos-engine#4482)
• 1b1df9b chore: bump deps (fixed generate animation joint matrix cocos/cocos-engine#4475)
• 241a0d2 chore(repo): replace `git.io` in the issue template (fixed error when call restart cocos/cocos-engine#4479)
• 8b5f329 chore: bump github actions (refine docs cocos/cocos-engine#4477)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs