[Snyk] Upgrade rollup from 2.18.2 to 2.68.0

[snyk-bot]

Snyk has created this PR to upgrade rollup from 2.18.2 to 2.68.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 132 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2022-02-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-AJV-584908	405/1000 Why? CVSS 8.1	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	405/1000 Why? CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	405/1000 Why? CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	405/1000 Why? CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	405/1000 Why? CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	405/1000 Why? CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	405/1000 Why? CVSS 8.1	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-THREE-2359738	405/1000 Why? CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

• 2.68.0 - 2022-02-22
  

  2022-02-22

  Features

  • provide information about cached import resolutions in shouldTransformCachedModule (#4414)
  • Add "types" field to Rollup's package exports (#4416)

  Pull Requests

  • #4410: refactor: use map for declarations and name suggestions (@ dnalborczyk)
  • #4411: refactor: use map for namespace reexports by name (@ dnalborczyk)
  • #4412: refactor: use includes where appropriate (@ dnalborczyk)
  • #4414: Add resolved sources to shouldTransformCachedModule (@ lukastaegert)
  • #4416: Add Typescript 4.5 nodenext node12 module resolution support (@ frank-dspeed)
• 2.67.3 - 2022-02-18
  

  2022-02-18

  Bug Fixes

  • Do not swallow other errors when unfinished hook actions are detected (#4409)
  • Add additional information to output when there are unfinished hook actions (#4409)

  Pull Requests

  • #4399: docs: remove const (@ TrickyPi)
  • #4401: Improve test stability by getting independent of module id ordering in more places (@ lukastaegert)
  • #4403: fix: remove unnecessary property descriptor spread (@ dnalborczyk)
  • #4404: refactor: use map for import descriptions + re-export descriptions (@ dnalborczyk)
  • #4405: refactor: module exports to map (@ dnalborczyk)
  • #4406: Fix a typo in 'Direct plugin communication' code example (@ younesmln)
  • #4407: Document how resolveId is cached (@ lukastaegert)
  • #4409: Print ids for unfinished moduleParsed and shouldTransformCachedModule hooks (@ lukastaegert)
• 2.67.2 - 2022-02-10
  

  2022-02-10

  Bug Fixes

  • Ensure consistent order between manual chunks to fix hashing issues (#4397)

  Pull Requests

  • #4390: refactor: add @ types/estree explicitly, fix dynamic type imports (@ dnalborczyk)
  • #4391: chore: remove acorn-walk ambient type definitions (@ dnalborczyk)
  • #4397: Sort manual chunks generated via a function by name (@ lukastaegert)
• 2.67.1 - 2022-02-07
  

  2022-02-07

  Bug Fixes

  • Make chunk file and variable names more deterministic when emitting chunks (#4386)
  • Improve default module resolver performance by using non-blocking IO (#4386)

  Pull Requests

  • #4373: fix: even more types (@ dnalborczyk)
  • #4382: Update contribution tut link desc (@ lemredd)
  • #4383: chore: bump deps (@ dnalborczyk)
  • #4384: chore: move "wait" to utils + re-use (@ dnalborczyk)
  • #4385: refactor: convert watch tests to async functions (@ dnalborczyk)
  • #4386: refactor: use fs.promises in resolve id, Part 4 (@ dnalborczyk and @ lukastaegert)
  • #4389: refactor: use fs.promises in generate license file, rollup config, Part 5 (@ dnalborczyk)
• 2.67.0 - 2022-02-02
  

  2022-02-02

  Features

  • Improve side effect detection when using Array.prototype.groupBy/groupByToMap (#4360)
  • Allow changing moduleSideEffects at any time during the build (#4379)
  • Soft-deprecate ModuleInfo.hasModuleSideEffects in favour of ModuleInfo.moduleSideEffects (#4379)

  Bug Fixes

  • Do not include queries and hashes in generated file names when preserving modules (#4374)

  Pull Requests

  • #4319: refactor: use fs, fs-extra, remove sander (@ dnalborczyk)
  • #4360: feat: add Array.prototype.groupBy/groupByToMap (@ dnalborczyk)
  • #4361: fix: more types (@ dnalborczyk)
  • #4369: fix: remove acorn-walk patch (@ dnalborczyk)
  • #4371: refactor: use fs.promises in cli/run (@ dnalborczyk)
  • #4372: refactor: use fs.promises in module loader (@ dnalborczyk)
  • #4374: Ignore queries and hashes in file names when preserving modules (@ lukastaegert)
  • #4375: Fix typo in _config.js (@ eltociear)
  • #4376: refactor: fs.promises, move mkdir to writeoutputfile, Part 3 (@ dnalborczyk)
  • #4379: Deprecate hasModuleSideEffects in favor of moduleSideEffects and ensure it is mutable on ModuleInfo (@ lukastaegert)
• 2.66.1 - 2022-01-25
  

  2022-01-25

  Bug Fixes

  • Only warn for conflicting names in namespace reexports if it actually causes problems (#4363)
  • Only allow explicit exports or reexports as synthetic namespaces and hide them from namespace reexports (#4364)

  Pull Requests

  • #4362: refactor: convert exportsByName object to map (@ dnalborczyk)
  • #4363: Do not warn unnecessarily for namespace conflicts (@ lukastaegert)
  • #4364: Do not expose synthetic namespace export in entries and namespaces (@ lukastaegert)
• 2.66.0 - 2022-01-22
  

  2022-01-22

  Features

  • Note if a module has a default export in ModuleInfo to allow writing better proxy modules (#4356)
  • Add option to wait until all imported ids have been resolved when awaiting this.load (#4358)

  Pull Requests

  • #4356: Add hasDefaultExport to ModuleInfo (@ lukastaegert)
  • #4358: Add "resolveDependencies" option to "this.load" (@ lukastaegert)
• 2.65.0 - 2022-01-21
  Read more
• 2.64.0 - 2022-01-14
  Read more
• 2.63.0 - 2022-01-04
  Read more
• 2.62.0 - 2021-12-24
• 2.61.1 - 2021-12-11
• 2.61.0 - 2021-12-09
• 2.60.2 - 2021-11-30
• 2.60.1 - 2021-11-22
• 2.60.0 - 2021-11-12
• 2.59.0 - 2021-11-01
• 2.59.0-1 - 2021-11-11
• 2.59.0-0 - 2021-10-23
• 2.58.3 - 2021-10-25
• 2.58.2 - 2021-10-25
• 2.58.1 - 2021-10-25
• 2.58.0 - 2021-10-01
• 2.57.0 - 2021-09-22
• 2.56.3 - 2021-08-23
• 2.56.2 - 2021-08-10
• 2.56.1 - 2021-08-08
• 2.56.0 - 2021-08-05
• 2.55.1 - 2021-07-29
• 2.55.0 - 2021-07-28
• 2.54.0 - 2021-07-25
• 2.53.3 - 2021-07-21
• 2.53.2 - 2021-07-15
• 2.53.1 - 2021-07-11
• 2.53.0 - 2021-07-09
• 2.52.8 - 2021-07-07
• 2.52.7 - 2021-07-02
• 2.52.6 - 2021-07-01
• 2.52.5 - 2021-07-01
• 2.52.4 - 2021-06-30
• 2.52.3 - 2021-06-25
• 2.52.2 - 2021-06-21
• 2.52.1 - 2021-06-17
• 2.52.0 - 2021-06-16
• 2.51.2 - 2021-06-11
• 2.51.1 - 2021-06-08
• 2.51.0 - 2021-06-06
• 2.50.6 - 2021-06-03
• 2.50.5 - 2021-05-30
• 2.50.4 - 2021-05-29
• 2.50.3 - 2021-05-28
• 2.50.2 - 2021-05-27
• 2.50.1 - 2021-05-26
• 2.50.0 - 2021-05-25
• 2.49.0 - 2021-05-23
• 2.49.0-1 - 2021-05-20
• 2.49.0-0 - 2021-05-18
• 2.48.0 - 2021-05-15
• 2.47.0 - 2021-05-04
• 2.46.0 - 2021-04-29
• 2.45.2 - 2021-04-13
• 2.45.1 - 2021-04-10
• 2.45.0 - 2021-04-09
• 2.44.0 - 2021-03-29
• 2.43.1 - 2021-03-28
• 2.43.0 - 2021-03-27
• 2.42.4 - 2021-03-24
• 2.42.3 - 2021-03-22
• 2.42.2 - 2021-03-22
• 2.42.1 - 2021-03-20
• 2.42.0 - 2021-03-19
• 2.41.5 - 2021-03-18
• 2.41.4 - 2021-03-16
• 2.41.3 - 2021-03-16
• 2.41.2 - 2021-03-12
• 2.41.1 - 2021-03-11
• 2.41.0 - 2021-03-09
• 2.40.0 - 2021-02-26
• 2.39.1 - 2021-02-23
• 2.39.0 - 2021-02-12
• 2.38.5 - 2021-02-05
• 2.38.4 - 2021-02-02
• 2.38.3 - 2021-02-01
• 2.38.2 - 2021-01-31
• 2.38.1 - 2021-01-28
• 2.38.0 - 2021-01-22
• 2.37.1 - 2021-01-20
• 2.37.0 - 2021-01-19
• 2.36.2 - 2021-01-16
• 2.36.1 - 2021-01-06
• 2.36.0 - 2021-01-05
• 2.35.1 - 2020-12-14
• 2.35.0 - 2020-12-14
• 2.34.2 - 2020-12-06
• 2.34.1 - 2020-12-03
• 2.34.0 - 2020-11-29
• 2.33.3 - 2020-11-18
• 2.33.2 - 2020-11-14
• 2.33.1 - 2020-11-02
• 2.33.0 - 2020-11-01
• 2.32.1 - 2020-10-21
• 2.32.0 - 2020-10-16
• 2.31.0 - 2020-10-15
• 2.30.0 - 2020-10-13
• 2.29.0 - 2020-10-08
• 2.28.2 - 2020-09-24
• 2.28.1 - 2020-09-21
• 2.28.0 - 2020-09-21
• 2.27.1 - 2020-09-17
• 2.27.0 - 2020-09-16
• 2.26.11 - 2020-09-08
• 2.26.10 - 2020-09-04
• 2.26.9 - 2020-09-01
• 2.26.8 - 2020-08-29
• 2.26.7 - 2020-08-28
• 2.26.6 - 2020-08-27
• 2.26.5 - 2020-08-22
• 2.26.4 - 2020-08-19
• 2.26.3 - 2020-08-16
• 2.26.2 - 2020-08-16
• 2.26.1 - 2020-08-16
• 2.26.0 - 2020-08-15
• 2.25.0 - 2020-08-14
• 2.24.0 - 2020-08-13
• 2.23.1 - 2020-08-07
• 2.23.0 - 2020-07-23
• 2.22.2 - 2020-07-22
• 2.22.1 - 2020-07-18
• 2.22.0 - 2020-07-18
• 2.21.0 - 2020-07-07
• 2.20.0 - 2020-07-06
• 2.19.0 - 2020-07-05
• 2.18.2 - 2020-07-02

from rollup GitHub release notes

Commit messages

Package name: rollup

• 51cab92 2.68.0
• 7ca27a3 Update changelog
• 7cc87f1 Add resolved sources to shouldTransformCachedModule (Update RenderableObject.html mrdoob/three.js#4414)
• 3106ec9 refactor: use map for namespace reexports by name (Allow Object3D collision and stop propagation behaviour mrdoob/three.js#4411)
• 2cca505 Add Typescript 4.5 nodenext node12 module resolution support (Update Path.html mrdoob/three.js#4416)
• 70d0025 refactor: use includes where appropriate (Update PointLight.html mrdoob/three.js#4412)
• 213e721 refactor: use map for declarations and name suggestions (Update Mesh.html mrdoob/three.js#4410)
• fa4e1b7 2.67.3
• ab14a76 Update changelog
• fda4427 Print ids for unfinished moduleParsed and shouldTransformCachedModule hooks (Update ParticleSystemMaterial.html mrdoob/three.js#4409)
• d4471b4 Document how resolveId is cached (Update MeshDepthMaterial.html mrdoob/three.js#4407)
• 5bd96df Fix a typo in 'Direct plugin communication' code example (Update Material.html mrdoob/three.js#4406)
• 69eb721 fix: remove unnecessary property descriptor spread (Problem replacing Vertex with Vector3 mrdoob/three.js#4403)
• 61d6820 refactor: use map for import descriptions + re-export descriptions (Update ImmediateRenderObject.html mrdoob/three.js#4404)
• 16c3b24 Improve test stability by getting independent of module id ordering in more places (Update OrbitControls.js mrdoob/three.js#4401)
• 1d76887 refactor: module exports to map (Update LineDashedMaterial.html mrdoob/three.js#4405)
• f715e3c docs: remove const (Blender exporter change mrdoob/three.js#4399)
• 60706c3 2.67.2
• ed12682 Update changelog
• 1738215 Sort manual chunks generated via a function by name (Incremental loading and non-blocking parsing and rendering mrdoob/three.js#4397)
• 5f4d04f refactor: add @ types/estree explicitly, fix dynamic type imports (Update BufferGeometry.html mrdoob/three.js#4390)
• 903b464 chore: remove acorn-walk ambient type definitions (Update CameraHelper.html mrdoob/three.js#4391)
• efd71e9 2.67.1
• be1b87d Update changelog

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs