Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

rollup

Package Overview
Dependencies
Maintainers
5
Versions
836
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

rollup - npm Package Versions

1
84

3.29.5

Diff

Changelog

Source

3.29.5

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

  • #5671: Fix DOM Clobbering CVE (@lukastaegert)
lukastaegert
published 4.22.4 •

Changelog

Source

4.22.4

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

  • #5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)
  • #5671: Fix DOM Clobbering CVE (@lukastaegert)
lukastaegert
published 4.22.3 •

Changelog

Source

4.22.3

2024-09-21

Bug Fixes

  • Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

  • #5669: Ensure impure dependencies of pure modules are added (@lukastaegert)
lukastaegert
published 4.22.3-0 •

lukastaegert
published 4.22.2 •

Changelog

Source

4.22.2

2024-09-20

Bug Fixes

  • Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

  • #5667: Partially revert #5658 and re-apply #5644 (@lukastaegert)
lukastaegert
published 4.22.1 •

Changelog

Source

4.22.1

2024-09-20

Bug Fixes

  • Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

  • #5663: chore(deps): update dependency inquirer to v11 (@renovate[bot], @lukastaegert)
  • #5664: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
  • #5665: fix: type in CI file (@YuHyeonWook)
  • #5666: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
lukastaegert
published 4.22.0 •

Changelog

Source

4.22.0

2024-09-19

Features

  • Add additional known global values to avoid access side effects (#5651)

Bug Fixes

  • Ensure deterministic chunk hash generation despite async renderChunk hook (#5644)
  • Improve side effect detection when using "smallest" treeshaking preset when imports are optimized away (#5658)

Pull Requests

  • #5644: fix: apply final hashes deterministically with stable placeholders set (@mattkubej, @lukastaegert)
  • #5646: chore(deps): update dependency @mermaid-js/mermaid-cli to v11 (@renovate[bot])
  • #5647: chore(deps): update dependency concurrently to v9 (@renovate[bot])
  • #5648: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
  • #5651: feat: add AggregateError, FinalizationRegistry, WeakRef to knownGlobals (@re-taro)
  • #5653: Fix example selection in REPL (@lukastaegert)
  • #5657: chore(deps): update dependency vite to v5.4.6 [security] (@renovate[bot])
  • #5658: Detect variable reassignments in modules without side effects (@lukastaegert)
lukastaegert
published 4.21.3 •

Changelog

Source

4.21.3

2024-09-12

Bug Fixes

  • Always respect side effects in left-hand side of optional chain (#5642)
  • Update stack trace for augmented errors to not hide relevant information (#5640)

Pull Requests

  • #5636: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
  • #5637: chore(deps): lock file maintenance (@renovate[bot])
  • #5640: fix: keep the message of stack up-to-date (@TrickyPi)
  • #5642: fix: include left-side effect of optional chaining in the end of hasEffectsAsChainElement (@TrickyPi)
lukastaegert
published 4.21.2 •

Changelog

Source

4.21.2

2024-08-30

Bug Fixes

  • Handle IIFE/UMD namespace definitions conflicting with a builtin property (#5605)

Pull Requests

  • #5605: fix: Wrong namespace property definition (@thirumurugan-git, @lukastaegert)
  • #5630: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
  • #5631: chore(deps): lock file maintenance (@renovate[bot])
  • #5632: chore(deps): lock file maintenance (@renovate[bot])
lukastaegert
published 4.21.1 •

Changelog

Source

4.21.1

2024-08-26

Bug Fixes

  • Ensure closeWatcher hook is called when watch mode is aborted via Ctrl+C (#5618)
  • Do not produce invalid code for import.meta.url in compact mode (#5624)
  • Do not throw when generating chunk names when preserving modules in Windows (#5625)

Pull Requests

  • #5591: chore(deps): update dependency @types/eslint to v9 (@renovate[bot], @lukastaegert)
  • #5618: preload the WASM file even though the version is undefined. (@TrickyPi)
  • #5619: Call and await closeWatcher hooks on exit signals (@lukastaegert)
  • #5622: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)
  • #5624: fix: add space for DOCUMENT_CURRENT_SCRIPT template (@TrickyPi)
  • #5625: fix: get the right chunk name for preserve modules in Windows (@TrickyPi, @lukastaegert)
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc