[Snyk] Upgrade rollup from 2.7.2 to 2.70.1 #57

snyk-bot · 2022-04-08T10:16:04Z

Snyk has created this PR to upgrade rollup from 2.7.2 to 2.70.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 172 versions ahead of your current version.
The recommended version was released 25 days ago, on 2022-03-14.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-AJV-584908	405/1000 Why? CVSS 8.1	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	405/1000 Why? CVSS 8.1	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	405/1000 Why? CVSS 8.1	Proof of Concept
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	405/1000 Why? CVSS 8.1	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	405/1000 Why? CVSS 8.1	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	405/1000 Why? CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	405/1000 Why? CVSS 8.1	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	405/1000 Why? CVSS 8.1	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	405/1000 Why? CVSS 8.1	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	405/1000 Why? CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	405/1000 Why? CVSS 8.1	Proof of Concept
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	405/1000 Why? CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	405/1000 Why? CVSS 8.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	405/1000 Why? CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

2.70.1 - 2022-03-14
2022-03-14

Bug Fixes
- Handle unfinished hook action errors as regular errors and avoid console logging (#4434)
- Allow access to "dist" folder in a Node 17 compatible way (#4436)
Pull Requests
- #4434: Track unfinished hook actions as regular errors (@ lukastaegert)
- #4436: Update package.json (@ frank-dspeed)
2.70.0 - 2022-03-07
2022-03-07

Features
- Make the watchChange and closeWatcher hooks asynchronous and make Rollup wait for these hooks before continuing (#4427)
Bug Fixes
- Do not abort watch mode for errors in watchChange but display them properly (#4427)
Pull Requests
- #4427: Do not abort watch mode on errors in watchChange (@ lukastaegert)
2.69.2 - 2022-03-06
2022-03-06

Bug Fixes
- Mark Object.entries and Object.fromEntries as pure (#4429)
- Make sure new properties on Array.prototype and Object.prototype are not evaluated as "undefined" (#4428)
Pull Requests
- #4428: Treat unknown prototype props as unknown (@ lukastaegert)
- #4429: Treat unknown prototype props as unknown (@ 869288142)
2.69.1 - 2022-03-04
2022-03-04

Bug Fixes
- Approximate source position instead of ignoring it when using a low-resolution source map in a transform hook (#4334)
Pull Requests
- #4334: fix(sourcemap): fall back to low-resolution line mapping (@ aleclarson and @ lukastaegert)
2.69.0 - 2022-03-02
2022-03-02

Features
- Introduce new output.generatedCode.symbols to control the usage of Symbols in Rollup-generated code (#4378)
- soft-deprecate output.namespaceToStringTag in favor of output.generatedCode.symbols (#4378)
Bug Fixes
- Properly handle ./ and ../ as external dependencies (#4419)
- Make generated "Module" namespace toStringTag non-enumerable for correct Object.assign/spread behaviour (#4378)
- Add file name to error when top-level-await is used in disallowed formats (#4421)
Pull Requests
- #4378: Make namespace @@ toStringTag "Module" non-enumerable (@ dnalborczyk and @ lukastaegert)
- #4413: refactor: some code and type fixes (@ dnalborczyk)
- #4418: chore: bump deps (@ dnalborczyk)
- #4419: Properly handle upper directories as external dependencies (@ lukastaegert)
- #4421: Improve the error prompt and output the error file name (@ caoxiemeihao)
- #4423: Update 999-big-list-of-options.md (@ leoj3n)
2.68.0 - 2022-02-22
2022-02-22

Features
- provide information about cached import resolutions in shouldTransformCachedModule (#4414)
- Add "types" field to Rollup's package exports (#4416)
Pull Requests
- #4410: refactor: use map for declarations and name suggestions (@ dnalborczyk)
- #4411: refactor: use map for namespace reexports by name (@ dnalborczyk)
- #4412: refactor: use includes where appropriate (@ dnalborczyk)
- #4414: Add resolved sources to shouldTransformCachedModule (@ lukastaegert)
- #4416: Add Typescript 4.5 nodenext node12 module resolution support (@ frank-dspeed)
2.67.3 - 2022-02-18
2022-02-18

Bug Fixes
- Do not swallow other errors when unfinished hook actions are detected (#4409)
- Add additional information to output when there are unfinished hook actions (#4409)
Pull Requests
- #4399: docs: remove const (@ TrickyPi)
- #4401: Improve test stability by getting independent of module id ordering in more places (@ lukastaegert)
- #4403: fix: remove unnecessary property descriptor spread (@ dnalborczyk)
- #4404: refactor: use map for import descriptions + re-export descriptions (@ dnalborczyk)
- #4405: refactor: module exports to map (@ dnalborczyk)
- #4406: Fix a typo in 'Direct plugin communication' code example (@ younesmln)
- #4407: Document how resolveId is cached (@ lukastaegert)
- #4409: Print ids for unfinished moduleParsed and shouldTransformCachedModule hooks (@ lukastaegert)
2.67.2 - 2022-02-10
2022-02-10

Bug Fixes
- Ensure consistent order between manual chunks to fix hashing issues (#4397)
Pull Requests
- #4390: refactor: add @ types/estree explicitly, fix dynamic type imports (@ dnalborczyk)
- #4391: chore: remove acorn-walk ambient type definitions (@ dnalborczyk)
- #4397: Sort manual chunks generated via a function by name (@ lukastaegert)
2.67.1 - 2022-02-07
Read more
2.67.0 - 2022-02-02
Read more
2.66.1 - 2022-01-25
2.66.0 - 2022-01-22
2.65.0 - 2022-01-21
2.64.0 - 2022-01-14
2.63.0 - 2022-01-04
2.62.0 - 2021-12-24
2.61.1 - 2021-12-11
2.61.0 - 2021-12-09
2.60.2 - 2021-11-30
2.60.1 - 2021-11-22
2.60.0 - 2021-11-12
2.59.0 - 2021-11-01
2.59.0-1 - 2021-11-11
2.59.0-0 - 2021-10-23
2.58.3 - 2021-10-25
2.58.2 - 2021-10-25
2.58.1 - 2021-10-25
2.58.0 - 2021-10-01
2.57.0 - 2021-09-22
2.56.3 - 2021-08-23
2.56.2 - 2021-08-10
2.56.1 - 2021-08-08
2.56.0 - 2021-08-05
2.55.1 - 2021-07-29
2.55.0 - 2021-07-28
2.54.0 - 2021-07-25
2.53.3 - 2021-07-21
2.53.2 - 2021-07-15
2.53.1 - 2021-07-11
2.53.0 - 2021-07-09
2.52.8 - 2021-07-07
2.52.7 - 2021-07-02
2.52.6 - 2021-07-01
2.52.5 - 2021-07-01
2.52.4 - 2021-06-30
2.52.3 - 2021-06-25
2.52.2 - 2021-06-21
2.52.1 - 2021-06-17
2.52.0 - 2021-06-16
2.51.2 - 2021-06-11
2.51.1 - 2021-06-08
2.51.0 - 2021-06-06
2.50.6 - 2021-06-03
2.50.5 - 2021-05-30
2.50.4 - 2021-05-29
2.50.3 - 2021-05-28
2.50.2 - 2021-05-27
2.50.1 - 2021-05-26
2.50.0 - 2021-05-25
2.49.0 - 2021-05-23
2.49.0-1 - 2021-05-20
2.49.0-0 - 2021-05-18
2.48.0 - 2021-05-15
2.47.0 - 2021-05-04
2.46.0 - 2021-04-29
2.45.2 - 2021-04-13
2.45.1 - 2021-04-10
2.45.0 - 2021-04-09
2.44.0 - 2021-03-29
2.43.1 - 2021-03-28
2.43.0 - 2021-03-27
2.42.4 - 2021-03-24
2.42.3 - 2021-03-22
2.42.2 - 2021-03-22
2.42.1 - 2021-03-20
2.42.0 - 2021-03-19
2.41.5 - 2021-03-18
2.41.4 - 2021-03-16
2.41.3 - 2021-03-16
2.41.2 - 2021-03-12
2.41.1 - 2021-03-11
2.41.0 - 2021-03-09
2.40.0 - 2021-02-26
2.39.1 - 2021-02-23
2.39.0 - 2021-02-12
2.38.5 - 2021-02-05
2.38.4 - 2021-02-02
2.38.3 - 2021-02-01
2.38.2 - 2021-01-31
2.38.1 - 2021-01-28
2.38.0 - 2021-01-22
2.37.1 - 2021-01-20
2.37.0 - 2021-01-19
2.36.2 - 2021-01-16
2.36.1 - 2021-01-06
2.36.0 - 2021-01-05
2.35.1 - 2020-12-14
2.35.0 - 2020-12-14
2.34.2 - 2020-12-06
2.34.1 - 2020-12-03
2.34.0 - 2020-11-29
2.33.3 - 2020-11-18
2.33.2 - 2020-11-14
2.33.1 - 2020-11-02
2.33.0 - 2020-11-01
2.32.1 - 2020-10-21
2.32.0 - 2020-10-16
2.31.0 - 2020-10-15
2.30.0 - 2020-10-13
2.29.0 - 2020-10-08
2.28.2 - 2020-09-24
2.28.1 - 2020-09-21
2.28.0 - 2020-09-21
2.27.1 - 2020-09-17
2.27.0 - 2020-09-16
2.26.11 - 2020-09-08
2.26.10 - 2020-09-04
2.26.9 - 2020-09-01
2.26.8 - 2020-08-29
2.26.7 - 2020-08-28
2.26.6 - 2020-08-27
2.26.5 - 2020-08-22
2.26.4 - 2020-08-19
2.26.3 - 2020-08-16
2.26.2 - 2020-08-16
2.26.1 - 2020-08-16
2.26.0 - 2020-08-15
2.25.0 - 2020-08-14
2.24.0 - 2020-08-13
2.23.1 - 2020-08-07
2.23.0 - 2020-07-23
2.22.2 - 2020-07-22
2.22.1 - 2020-07-18
2.22.0 - 2020-07-18
2.21.0 - 2020-07-07
2.20.0 - 2020-07-06
2.19.0 - 2020-07-05
2.18.2 - 2020-07-02
2.18.1 - 2020-06-26
2.18.0 - 2020-06-22
2.17.1 - 2020-06-19
2.17.0 - 2020-06-17
2.16.1 - 2020-06-13
2.16.0 - 2020-06-12
2.15.0 - 2020-06-08
2.14.0 - 2020-06-07
2.13.1 - 2020-06-04
2.13.0 - 2020-06-03
2.12.1 - 2020-06-02
2.12.0 - 2020-05-31
2.11.2 - 2020-05-28
2.11.1 - 2020-05-28
2.11.0 - 2020-05-27
2.10.9 - 2020-05-24
2.10.8 - 2020-05-23
2.10.7 - 2020-05-22
2.10.6 - 2020-05-22
2.10.5 - 2020-05-19
2.10.4 - 2020-05-19
2.10.3 - 2020-05-18
2.10.2 - 2020-05-15
2.10.1 - 2020-05-15
2.10.0 - 2020-05-13
2.9.1 - 2020-05-11
2.9.0 - 2020-05-10
2.8.2 - 2020-05-07
2.8.1 - 2020-05-07
2.8.0 - 2020-05-06
2.7.6 - 2020-04-30
2.7.5 - 2020-04-29
2.7.4 - 2020-04-29
2.7.3 - 2020-04-27
2.7.2 - 2020-04-22

from rollup GitHub release notes

Commit messages

Package name: rollup

b8315e0 2.70.1
9f28f55 Update changelog
0da55f1 Update package.json (#4436)
35cbfae Track unfinished hook actions as regular errors (Remove outdated content in "Do I have to put all my state into Redux?" reduxjs/redux#4434)
511e9ae Adjust hook order in graph
6d8924c 2.70.0
83c5a1c Update changelog
cf75d71 Do not abort watch mode on errors in watchChange (grammar check for part-2-app-structure.md reduxjs/redux#4427)
6881753 2.69.2
102e006 Update changelog
84c0ea3 Treat unknown prototype props as unknown (Correct for a typo in redux documentation reduxjs/redux#4428)
9c8894e feat: add object-known-globals (JS / TS switch in docs does not change file extension reduxjs/redux#4429)
994c1ec 2.69.1
9df18f0 Update changelog
b255b52 fix(sourcemap): fall back to low-resolution line mapping (#4334)
10dc326 2.69.0
9f83a2f Update changelog
b418337 Update 999-big-list-of-options.md (Redux 4.2.0 breaks PreloadedState type? reduxjs/redux#4423)
5a53919 Improve the error prompt and output the error file name (Redux FAQ: Organizing State Outdated reduxjs/redux#4421)
0b60dd8 Properly handle upper directories as external dependencies (Update combineReducers.md reduxjs/redux#4419)
b74cb92 Make namespace @@ toStringTag "Module" non-enumerable (Rewrite "Testing" page to improve examples and setup instructions reduxjs/redux#4378)
11bd9d9 chore: bump deps (Update part-6-performance-normalization.md reduxjs/redux#4418)
275dc2f refactor: some code and type fixes (On Hover property remained active even if the section/page is changed for the same session reduxjs/redux#4413)
51cab92 2.68.0

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade rollup from 2.7.2 to 2.70.1. See this package in npm: https://www.npmjs.com/package/rollup See this project in Snyk: https://app.snyk.io/org/hafixo/project/9b5e10ab-6024-423a-a5e4-80a2559ec98b?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade rollup from 2.7.2 to 2.70.1 #57

[Snyk] Upgrade rollup from 2.7.2 to 2.70.1 #57

snyk-bot commented Apr 8, 2022

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Features

Pull Requests

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

[Snyk] Upgrade rollup from 2.7.2 to 2.70.1 #57

Are you sure you want to change the base?

[Snyk] Upgrade rollup from 2.7.2 to 2.70.1 #57

Conversation

snyk-bot commented Apr 8, 2022

Snyk has created this PR to upgrade rollup from 2.7.2 to 2.70.1.

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Features

Bug Fixes

Pull Requests

Features

Pull Requests

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests