[Snyk] Upgrade rollup from 3.29.4 to 4.0.0 #104
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade rollup from 3.29.4 to 4.0.0. See this package in npm: https://www.npmjs.com/package/rollup See this project in Snyk: https://app.snyk.io/org/woodpile37/project/edb93f5a-17e2-4a56-beb9-1796f0e58302?utm_source=github&utm_medium=referral&page=upgrade-pr
🦋 Changeset detectedLatest commit: 98aed31 The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Pull Request SummaryYour organization has reached the subscribed usage limit. You can upgrade your plan at https://www.codeautopilot.com/#pricing Current plan usage: 100.54% Have feedback or need help? |
|
New dependencies detected. Learn more about Socket for GitHub ↗︎
|
|
Kudos, SonarCloud Quality Gate passed!
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade rollup from 3.29.4 to 4.0.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
Release notes
Package name: rollup
-
4.0.0 - 2023-10-05
- The minimal required Node version is now 18.0.0 (#5142)
- The browser build now relies on a WASM artifact that needs to be provided as well (#5073)
- The NodeJS build now relies on an optional native binary; for unsupported platforms, users can use the
- The "with" syntax for import attributes is not yet supported, awaiting support in SWC (#5073)
- The
- Rollup will now warn for
- If an entry module starts with a shebang comment
- File hashes will now use url-safe base64 encoded hashes (#5155)
- The maximum hash length has been reduced to 22 characters (#5155)
- The
- Acorn plugins are no longer supported, the
- The
- Removed output options (#5143):
- For
- Import assertions now use the new import attribute AST structure (#5073)
- "assertions" have been replaced with "attributes" in various places of the plugin interface (#5073)
- If the import of a module id is handled by the
- The normalized input options provided by
- The
- Improve parsing speed by switching to a native SWC-based parser (#5073)
- Rollup will now warn for
- The parser is now exposed as a separate export
- Rollup no longer tries to watch virtual files if their name corresponds to an actual file name; instead, plugins handle watching via
- #5073: [v4.0] Switch parser to SWC and introduce native/WASM code (@ lukastaegert)
- #5142: [v4.0] Set the default of skipSelf to true (@ TrickyPi)
- #5143: [v4.0] Remove deprecated features (@ lukastaegert)
- #5144: [v4.0] Imporve the performance of generating ast and rollup ast nodes (@ TrickyPi)
- #5147: [v4.0] Remove onwarn from normalized input options (@ lukastaegert)
- #5150: [v4.0] feat: Do not watch files anymore if their content is returned by the load hook (@ TrickyPi)
- #5154: [v4.0] Add parse option to allow return outside function (@ lukastaegert)
- #5155: [v4.0] feat: implement hashing content in Rust (@ TrickyPi)
- #5157: [v4.0] Handle empty exports (@ lukastaegert)
- #5160: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
- #5163: [v4.0] feat: preserve shebang in entry module for CJS and ESM outputs (@ TrickyPi)
- #5164: [v4.0] fix: also strip BOM from code strings in JS (@ TrickyPi)
- #5165: [v4.0] warn for invalid annotations (@ lukastaegert)
- #5168: [v4.0] Ensure we support new import attribute "with" syntax (@ lukastaegert)
- #5169: [v4.0] Expose parser (@ lukastaegert)
-
4.0.0-25 - 2023-10-05
-
4.0.0-24 - 2023-10-03
-
4.0.0-23 - 2023-09-26
-
4.0.0-22 - 2023-09-26
-
4.0.0-21 - 2023-09-24
-
4.0.0-20 - 2023-09-24
-
4.0.0-19 - 2023-09-15
-
4.0.0-18 - 2023-09-15
-
4.0.0-17 - 2023-09-15
-
4.0.0-16 - 2023-09-15
-
4.0.0-15 - 2023-09-15
-
4.0.0-14 - 2023-09-15
-
4.0.0-13 - 2023-08-24
-
4.0.0-12 - 2023-08-23
-
4.0.0-10 - 2023-08-21
-
4.0.0-9 - 2023-08-20
-
4.0.0-8 - 2023-08-20
-
4.0.0-7 - 2023-08-20
-
4.0.0-6 - 2023-08-20
-
4.0.0-5 - 2023-08-20
-
4.0.0-4 - 2023-08-04
-
4.0.0-3 - 2023-08-04
-
4.0.0-2 - 2023-08-01
-
4.0.0-1 - 2023-08-01
-
3.29.4 - 2023-09-28
- Fix static analysis when an exported function uses callbacks (#5158)
- #5158: Deoptimize all parameters when losing track of a function (@ lukastaegert)
from rollup GitHub release notes4.0.0
2023-10-05
BREAKING CHANGES
General Changes
@ rollup/wasm-nodepackage that has the same interface as Rollup but relies on WASM artifacts (#5073)INVALID_IMPORT_ASSERTIONerror code has been replaced withINVALID_IMPORT_ATTRIBUTE(#5073)@ __PURE__and@ __NO_SIDE_EFFECTS__annotations in invalid locations (#5165)#!..., this comment will be prepended to the output foresandcjsformats (#5163)RollupWarningtype has been removed in favor of theRollupLogtype (#5147)Changes to Rollup Options
acornInjectPluginsoption has been removed (#5073)acornoption has been removed (#5073)output.externalImportAssertionshas been deprecated in favor ofoutput.externalImportAttributes(#5073)inlineDynamicImports,manualChunksandpreserveModuleshave been removed on input option level: Please use the corresponding output options of the same names (#5143)output.experimentalDeepDynamicChunkOptimization: This option is no longer needed as Rollup now always runs the full chunking algorithmoutput.dynamicImportFunction: Use therenderDynamicImportplugin hook insteadoutput.namespaceToStringTag: Useoutput.generatedCode.symbolsinsteadoutput.preferConst: Useoutput.generatedCode.constBindingsinsteadPlugin API Changes
this.resolve, the default of theskipSelfoption is nowtrue(#5142)this.parsenow only supports theallowReturnOutsideFunctionoption for now (#5073)loadhook of a plugin,rollup.watchno longer watches the actual file if the module id corresponds to a real path; if this is intended, then the plugin is responsible for callingthis.addWatchFilefor any dependency files (#5150)buildStartand other hooks no longer contain anonwarnhandler; plugins should useonLoginstead (#5147)this.moduleIdshas been removed from the plugin context: Usethis.getModuleIds()instead (#5143)hasModuleSideEffectsflag has been removed from theModuleInforeturned bythi s.getModuleInfo(): UsemoduleSideEffectson theModuleInfoinstead (#5143)Features
@ __PURE__and@ __NO_SIDE_EFFECTS__annotations in invalid locations (#5165)parseAst(#5169)Bug Fixes
this.addWatchFile()(#5150)Pull Requests
4.0.0-25
Check publish
3.29.4
2023-09-28
Bug Fixes
Pull Requests
Commit messages
Package name: rollup
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs