Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

rollup

Package Overview
Dependencies
Maintainers
5
Versions
838
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

rollup - npm Package Versions

1
84

4.22.5

Diff

Changelog

Source

4.22.5

2024-09-27

Bug Fixes

  • Allow parsing of certain unicode characters again (#5674)

Pull Requests

  • #5674: Fix panic with unicode characters (@sapphi-red, @lukastaegert)
  • #5675: chore(deps): update dependency rollup to v4.22.4 [security] (@renovate[bot])
  • #5680: chore(deps): update dependency @rollup/plugin-commonjs to v28 (@renovate[bot], @lukastaegert)
  • #5681: chore(deps): update dependency @rollup/plugin-replace to v6 (@renovate[bot])
  • #5682: chore(deps): update dependency @rollup/plugin-typescript to v12 (@renovate[bot])
  • #5684: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
lukastaegert
published 2.79.2 •

Changelog

Source

2.79.2

2024-09-26

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

  • #5671: Fix DOM Clobbering CVE (@lukastaegert)
lukastaegert
published 3.29.5 •

Changelog

Source

3.29.5

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

  • #5671: Fix DOM Clobbering CVE (@lukastaegert)
lukastaegert
published 4.22.4 •

Changelog

Source

4.22.4

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

  • #5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)
  • #5671: Fix DOM Clobbering CVE (@lukastaegert)
lukastaegert
published 4.22.3 •

Changelog

Source

4.22.3

2024-09-21

Bug Fixes

  • Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

  • #5669: Ensure impure dependencies of pure modules are added (@lukastaegert)
lukastaegert
published 4.22.3-0 •

lukastaegert
published 4.22.2 •

Changelog

Source

4.22.2

2024-09-20

Bug Fixes

  • Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

  • #5667: Partially revert #5658 and re-apply #5644 (@lukastaegert)
lukastaegert
published 4.22.1 •

Changelog

Source

4.22.1

2024-09-20

Bug Fixes

  • Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

  • #5663: chore(deps): update dependency inquirer to v11 (@renovate[bot], @lukastaegert)
  • #5664: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
  • #5665: fix: type in CI file (@YuHyeonWook)
  • #5666: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
lukastaegert
published 4.22.0 •

Changelog

Source

4.22.0

2024-09-19

Features

  • Add additional known global values to avoid access side effects (#5651)

Bug Fixes

  • Ensure deterministic chunk hash generation despite async renderChunk hook (#5644)
  • Improve side effect detection when using "smallest" treeshaking preset when imports are optimized away (#5658)

Pull Requests

  • #5644: fix: apply final hashes deterministically with stable placeholders set (@mattkubej, @lukastaegert)
  • #5646: chore(deps): update dependency @mermaid-js/mermaid-cli to v11 (@renovate[bot])
  • #5647: chore(deps): update dependency concurrently to v9 (@renovate[bot])
  • #5648: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
  • #5651: feat: add AggregateError, FinalizationRegistry, WeakRef to knownGlobals (@re-taro)
  • #5653: Fix example selection in REPL (@lukastaegert)
  • #5657: chore(deps): update dependency vite to v5.4.6 [security] (@renovate[bot])
  • #5658: Detect variable reassignments in modules without side effects (@lukastaegert)
lukastaegert
published 4.21.3 •

Changelog

Source

4.21.3

2024-09-12

Bug Fixes

  • Always respect side effects in left-hand side of optional chain (#5642)
  • Update stack trace for augmented errors to not hide relevant information (#5640)

Pull Requests

  • #5636: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
  • #5637: chore(deps): lock file maintenance (@renovate[bot])
  • #5640: fix: keep the message of stack up-to-date (@TrickyPi)
  • #5642: fix: include left-side effect of optional chaining in the end of hasEffectsAsChainElement (@TrickyPi)
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc