[Snyk] Upgrade microbundle from 0.12.0 to 0.13.1

[snyk-bot]

Snyk has created this PR to upgrade microbundle from 0.12.0 to 0.13.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-05-27.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	265/1000 Why? CVSS 5.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	265/1000 Why? CVSS 5.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	265/1000 Why? CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	265/1000 Why? CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	265/1000 Why? CVSS 5.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	265/1000 Why? CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: microbundle

• 0.13.1 - 2021-05-27
  

  Patch Changes

  • 54402ac #830 Thanks @ JounQin! - fix: add generateTypes cli option, check false value correctly

  • edcd777 #823 Thanks @ rschristian! - Ensures ambient type declaration for CSS Modules is included in the published bundle

  • d87a5dc Thanks @ developit! - - Fix --sourcemap=false to match --no-sourcemap and actually turn sourcemaps off.

  • 6f1a20f #777 Thanks @ rschristian! - Fixing a bug that would cause a CSS file to be generated to match each JS build output

  • 25b73d2 #834 Thanks @ cometkim! - Add support for configuration overrides using the publishConfig package.json field.

  • a7f7265 #802 Thanks @ aheissenberger! - fix default extension to cjs for package.json "type":"module"

  • 4f7fbc4 Thanks @ developit! - Fix transform-fast-rest to support referencing ...rest params from within closures.

  • 0c91795 #841 Thanks @ rschristian! - Ensures JS format is not included in CSS filename output

• 0.13.0 - 2020-12-21
  

  Minor Changes

  • bd5d15e #738 Thanks @ wardpeet! - Upgrade rollup to version latest and upgrade all its dependencies

  • 967f8d5 #769 Thanks @ developit! - Add --css inline option. The default CSS output for all formats is now external files (as it was supposed to be).

  • 8142704 #741 Thanks @ whitetrefoil! - Use user's typescript first, fallback to bundled

  Patch Changes

  • 12668b9 #687 Thanks @ developit! - Add friendly microbundle-specific errors when modules can't be resolved.

  • 8b60fc8 #754 Thanks @ stipsan! - Enable sourcemaps for CSS

  • fdafaf7 #764 Thanks @ bakerkretzmar! - Add support for generating inline sourcemaps

  • 52a1771 #768 Thanks @ developit! - Add ambient typescript declaration for CSS Modules

• 0.12.4 - 2020-09-28
  

  Patch Changes

  • ffcc9d9 #713 Thanks @ developit! - Support extending a UMD global by prefixing the package.json "amdName" field (eg: "global.xyz").

  • 0527862 #722 Thanks @ developit! - Support "esm" (-f esm) as an alias of "es" format.

  • d08f977 #702 Thanks @ wardpeet! - Use @ babel/preset-env with bugfixes instead of preset-modules to enable "Optional chaining" & "nullish coalescing" by default.

  • d33a7ba #731 Thanks @ vaneenige! - Add jsxImportSource flag for new JSX runtime

  • 0fec414 #716 Thanks @ wardpeet! - Don't transpile generators and async for Node

  • ba1c047 #701 Thanks @ wardpeet! - re-enable unpkg alias for umd bundles as described in the readme

  • 3488411 #700 Thanks @ wardpeet! - Disable warnings for node's builtin-modules when using node as a target environment.

• 0.12.3 - 2020-07-14
  

  Features & Improvements

  • New onStart, onError callbacks for programmatic Microbundle usage! (#668, thanks @ katywings!)
  • allow multi-file output and code splitting (#674, thanks @ katywings!)
  • Strip comments from output (#548)

  Bug Fixes

  • don't mark --alias modules as externals (#671, thanks @ katywings!)
• 0.12.2 - 2020-06-20
  
  • Updated Babel and preset-env to 7.10 (#660)
  • Fixed an version conflict caused by multiple copies of Babel (#664)
  • Fixed globals generation when --external values include dashes (#667, thanks @ katywings!)
• 0.12.1 - 2020-06-15
  

  Features

  • New --no-pkg-main option for disabling filename inference (#658, thanks @ katywings)
  • Allow the use of import.meta (#627, thanks @ developit)

  Bugfixes

  • Fix non-alphanumeric values for --external (#650, thanks @ katywings)
  • Preserve comments when --no-compress is enabled (#648, thanks @ developit)
  • Fix TypeScript issue when "module" is set to "CommonJS" (#638, thanks @ marvinhagemeister)
  • Fix TypeScript declaration emit target (#629, thanks @ marvinhagemeister)
  • Fix TypeScript declarationDir option so it respects the cwd (#643) (#646, thanks @ katywings)
  • Fix TypeScript Fragments breaking when jsxFactory is set (#623, thanks @ marvinhagemeister)

  General Improvements

  • Dependency updates (#634 #616, thanks @ teodragovic, @ merceyz)
  • Documentation updates for 0.12 and --externals (#636 #628 #625 #609 #611 #614, thanks @ gtrufitt, @ developit, @ SeanBannister, @ adrienpoly & @ i-like-robots)
• 0.12.0 - 2020-05-08
  Read more

from microbundle GitHub release notes

Commit messages

Package name: microbundle

• 2b37c12 Version Packages (hideExplorer flag is not working in sdk stackblitz/core#800)
• 6f1a20f fix: Extra CSS files generated (While typing on Stackblitz it takes a long time to show up what we typed. stackblitz/core#777)
• 0a4cddf create changeset for 802 (Hide Preview URL doesn't work for embedded stackblitz links. stackblitz/core#842)
• 89ab03d docs: Swapping out references of ES format to ESM (JSZip is not a constructor stackblitz/core#778)
• a415645 README: syntax highlighting (Can't find package:src stackblitz/core#839)
• 0c91795 Fix/css filename output (Cannot able to view image. stackblitz/core#841)
• a7f7265 wenn package.json "type":"module" switch default type to ".cjs" for CommonJS build (Spread syntax works unexpectedly with String stackblitz/core#802)
• 25b73d2 feat: enabled config overriding by publishConfig (Feature request: Link to GitHub repo stackblitz/core#834)
• 4f7fbc4 Create red-pigs-provide.md
• 7426218 fix(transform-fast-rest): rest parameters references with closures (Support for Swift Language via Sourcekit-LSP stackblitz/core#798)
• 2c9eaa1 docs: use "exports" key in all examples (Dropping the MIT license without any acknowledgement stackblitz/core#794)
• 54402ac fix: add generateTypes cli option, check false value correctly (Add Magenta.js support stackblitz/core#830)
• edcd777 Fix/css module types (Can't load file as a module. stackblitz/core#823)
• fa3eac6 Add missing `./` (Stencil.js Starter stackblitz/core#803)
• d87a5dc changeset for Hot reload trigger always behaves as "Edit (auto)" if editor is refreshed stackblitz/core#799
• bb5789a fix(cli): corrects the --sourcemap=false option parsing (Hot reload trigger always behaves as "Edit (auto)" if editor is refreshed stackblitz/core#799)
• eb5cfd9 Version Packages (Console disappear from embed url after view change with devtoolsheight parameter stackblitz/core#735)
• 9ccf400 restore CSS sourcemap support (ionic 4 : ion-icon not showing stackblitz/core#770)
• 52a1771 Add ambient typescript declaration for CSS Modules (Previously working project w/o changes now fails to build due to CORS errors stackblitz/core#768)
• 94bd8ed Add link to inlining guide
• 967f8d5 Add --css inline option (CORS error loading @angular/elements stackblitz/core#769)
• 25b2b62 Add --generate-types option (why not show properly stackblitz/core#589)
• fdafaf7 Add support for generating inline sourcemaps (Drag and Drop not working stackblitz/core#764)
• 2ed5633 Rollup upgrade size fixes (how to install extensions in stackblitz stackblitz/core#767)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
53e905a0-cf47-11eb-98e8-b796f4ca311c

[guardrails]

⚠️ We detected 11 security issues in this pull request:

Mode: paranoid | Total findings: 11 | Considered vulnerability: 11

Vulnerable Libraries (11)

Severity	Details
High	axios@0.18.0 upgrade to >0.21.0
High	bl@1.2.2 upgrade to `>1.2.2
High	microbundle@0.13.1 upgrade to >=0.11.0
High	dot-prop@4.2.0 upgrade to `>=4.2.1
High	googleapis@23.0.2 upgrade to >48.0.0
High	http-proxy@1.16.2 upgrade to >=1.18.1
High	lodash@4.17.11 upgrade to >4.17.20
High	lodash.merge@4.6.1 upgrade to >=4.6.2
High	node-forge@0.7.6 upgrade to >0.9.2
Medium	websocket-extensions@unknown upgrade to >=0.1.4
High	y18n@3.2.1 upgrade to >=5.0.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.