socket-security[bot]
commented
2 weeks ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/rollup@4.21.3 | None | +1 |
2.3 MB | eventualbuddha, lukastaegert, rich_harris, ...2 more |
🚮 Removed packages: npm/rollup@4.21.2
This PR contains the following updates:
4.21.2->4.24.0Release Notes
rollup/rollup (rollup)
### [`v4.24.0`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4240) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.23.0...v4.24.0) *2024-10-02* ##### Features - Support preserving and transpiling JSX syntax ([#5668](https://redirect.github.com/rollup/rollup/issues/5668)) ##### Pull Requests - [#5668](https://redirect.github.com/rollup/rollup/pull/5668): Introduce JSX support ([@lukastaegert](https://redirect.github.com/lukastaegert), [@Martin-Idel](https://redirect.github.com/Martin-Idel), [@felixhuttmann](https://redirect.github.com/felixhuttmann), [@AlexDroll](https://redirect.github.com/AlexDroll), [@tiptr](https://redirect.github.com/tiptr)) ### [`v4.23.0`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4230) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.22.5...v4.23.0) *2024-10-01* ##### Features - Collect all emitted names and originalFileNames for assets ([#5686](https://redirect.github.com/rollup/rollup/issues/5686)) ##### Pull Requests - [#5686](https://redirect.github.com/rollup/rollup/pull/5686): Add names and originalFileNames to assets ([@lukastaegert](https://redirect.github.com/lukastaegert)) ### [`v4.22.5`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4225) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.22.4...v4.22.5) *2024-09-27* ##### Bug Fixes - Allow parsing of certain unicode characters again ([#5674](https://redirect.github.com/rollup/rollup/issues/5674)) ##### Pull Requests - [#5674](https://redirect.github.com/rollup/rollup/pull/5674): Fix panic with unicode characters ([@sapphi-red](https://redirect.github.com/sapphi-red), [@lukastaegert](https://redirect.github.com/lukastaegert)) - [#5675](https://redirect.github.com/rollup/rollup/pull/5675): chore(deps): update dependency rollup to v4.22.4 \[security] ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5680](https://redirect.github.com/rollup/rollup/pull/5680): chore(deps): update dependency [@rollup/plugin-commonjs](https://redirect.github.com/rollup/plugin-commonjs) to v28 ([@renovate](https://redirect.github.com/renovate)\[bot], [@lukastaegert](https://redirect.github.com/lukastaegert)) - [#5681](https://redirect.github.com/rollup/rollup/pull/5681): chore(deps): update dependency [@rollup/plugin-replace](https://redirect.github.com/rollup/plugin-replace) to v6 ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5682](https://redirect.github.com/rollup/rollup/pull/5682): chore(deps): update dependency [@rollup/plugin-typescript](https://redirect.github.com/rollup/plugin-typescript) to v12 ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5684](https://redirect.github.com/rollup/rollup/pull/5684): chore(deps): lock file maintenance minor/patch updates ([@renovate](https://redirect.github.com/renovate)\[bot]) ### [`v4.22.4`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4224) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.22.3...v4.22.4) *2024-09-21* ##### Bug Fixes - Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context ([#5671](https://redirect.github.com/rollup/rollup/issues/5671)) ##### Pull Requests - [#5670](https://redirect.github.com/rollup/rollup/pull/5670): refactor: Use object.prototype to check for reserved properties ([@YuHyeonWook](https://redirect.github.com/YuHyeonWook)) - [#5671](https://redirect.github.com/rollup/rollup/pull/5671): Fix DOM Clobbering CVE ([@lukastaegert](https://redirect.github.com/lukastaegert)) ### [`v4.22.3`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4223) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.22.2...v4.22.3) *2024-09-21* ##### Bug Fixes - Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies ([#5669](https://redirect.github.com/rollup/rollup/issues/5669)) ##### Pull Requests - [#5669](https://redirect.github.com/rollup/rollup/pull/5669): Ensure impure dependencies of pure modules are added ([@lukastaegert](https://redirect.github.com/lukastaegert)) ### [`v4.22.2`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4222) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.22.1...v4.22.2) *2024-09-20* ##### Bug Fixes - Revert fix for side effect free modules until other issues are investigated ([#5667](https://redirect.github.com/rollup/rollup/issues/5667)) ##### Pull Requests - [#5667](https://redirect.github.com/rollup/rollup/pull/5667): Partially revert [#5658](https://redirect.github.com/rollup/rollup/issues/5658) and re-apply [#5644](https://redirect.github.com/rollup/rollup/issues/5644) ([@lukastaegert](https://redirect.github.com/lukastaegert)) ### [`v4.22.1`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4221) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.22.0...v4.22.1) *2024-09-20* ##### Bug Fixes - Revert [#5644](https://redirect.github.com/rollup/rollup/issues/5644) "stable chunk hashes" while issues are being investigated ##### Pull Requests - [#5663](https://redirect.github.com/rollup/rollup/pull/5663): chore(deps): update dependency inquirer to v11 ([@renovate](https://redirect.github.com/renovate)\[bot], [@lukastaegert](https://redirect.github.com/lukastaegert)) - [#5664](https://redirect.github.com/rollup/rollup/pull/5664): chore(deps): lock file maintenance minor/patch updates ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5665](https://redirect.github.com/rollup/rollup/pull/5665): fix: type in CI file ([@YuHyeonWook](https://redirect.github.com/YuHyeonWook)) - [#5666](https://redirect.github.com/rollup/rollup/pull/5666): chore(deps): lock file maintenance minor/patch updates ([@renovate](https://redirect.github.com/renovate)\[bot]) ### [`v4.22.0`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4220) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.21.3...v4.22.0) *2024-09-19* ##### Features - Add additional known global values to avoid access side effects ([#5651](https://redirect.github.com/rollup/rollup/issues/5651)) ##### Bug Fixes - Ensure deterministic chunk hash generation despite async renderChunk hook ([#5644](https://redirect.github.com/rollup/rollup/issues/5644)) - Improve side effect detection when using "smallest" treeshaking preset when imports are optimized away ([#5658](https://redirect.github.com/rollup/rollup/issues/5658)) ##### Pull Requests - [#5644](https://redirect.github.com/rollup/rollup/pull/5644): fix: apply final hashes deterministically with stable placeholders set ([@mattkubej](https://redirect.github.com/mattkubej), [@lukastaegert](https://redirect.github.com/lukastaegert)) - [#5646](https://redirect.github.com/rollup/rollup/pull/5646): chore(deps): update dependency [@mermaid-js/mermaid-cli](https://redirect.github.com/mermaid-js/mermaid-cli) to v11 ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5647](https://redirect.github.com/rollup/rollup/pull/5647): chore(deps): update dependency concurrently to v9 ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5648](https://redirect.github.com/rollup/rollup/pull/5648): chore(deps): lock file maintenance minor/patch updates ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5651](https://redirect.github.com/rollup/rollup/pull/5651): feat: add `AggregateError`, `FinalizationRegistry`, `WeakRef` to knownGlobals ([@re-taro](https://redirect.github.com/re-taro)) - [#5653](https://redirect.github.com/rollup/rollup/pull/5653): Fix example selection in REPL ([@lukastaegert](https://redirect.github.com/lukastaegert)) - [#5657](https://redirect.github.com/rollup/rollup/pull/5657): chore(deps): update dependency vite to v5.4.6 \[security] ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5658](https://redirect.github.com/rollup/rollup/pull/5658): Detect variable reassignments in modules without side effects ([@lukastaegert](https://redirect.github.com/lukastaegert)) ### [`v4.21.3`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4213) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.21.2...v4.21.3) *2024-09-12* ##### Bug Fixes - Always respect side effects in left-hand side of optional chain ([#5642](https://redirect.github.com/rollup/rollup/issues/5642)) - Update stack trace for augmented errors to not hide relevant information ([#5640](https://redirect.github.com/rollup/rollup/issues/5640)) ##### Pull Requests - [#5636](https://redirect.github.com/rollup/rollup/pull/5636): chore(deps): lock file maintenance minor/patch updates ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5637](https://redirect.github.com/rollup/rollup/pull/5637): chore(deps): lock file maintenance ([@renovate](https://redirect.github.com/renovate)\[bot]) - [#5640](https://redirect.github.com/rollup/rollup/pull/5640): fix: keep the message of stack up-to-date ([@TrickyPi](https://redirect.github.com/TrickyPi)) - [#5642](https://redirect.github.com/rollup/rollup/pull/5642): fix: include left-side effect of optional chaining in the end of hasEffectsAsChainElement ([@TrickyPi](https://redirect.github.com/TrickyPi))Configuration
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.