[Snyk] Upgrade rollup from 2.75.6 to 4.13.0

[Clemens-git76]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade rollup from 2.75.6 to 4.13.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 177 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-03-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Origin Validation Error SNYK-JS-KOACORS-6117545	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

• 4.13.0 - 2024-03-12
  

  4.13.0

  2024-03-12

  Features

  • Ensure that the location of parse errors and other logs is encoded in the error message as well (#5424)

  Pull Requests

  • #5417: chore(deps): lock file maintenance minor/patch updates ( @ renovate[bot])
  • #5418: chore(deps): lock file maintenance (@ renovate[bot])
  • #5419: chore: fix typo (@ OnlyWick)
  • #5424: Add locations to logs, warnings and error messages ( @ lukastaegert)
• 4.12.1 - 2024-03-06
  

  4.12.1

  2024-03-06

  Bug Fixes

  • Escape special characters in file references (#5404)

  Pull Requests

  • #5398: Rename getRollupEror to getRollupError (@ MrRefactoring)
  • #5399: chore(deps): lock file maintenance minor/patch updates ( @ renovate[bot])
  • #5404: fix: escape ids in import.meta.ROLLUP_FILE_URL_referenceId correctly (@ sapphi-red)
  • #5406: chore(deps): lock file maintenance minor/patch updates ( @ renovate[bot])
  • #5407: chore(deps): lock file maintenance (@ renovate[bot])
  • #5411: Chunk assignment - Fix comment line breaks and typo (@ yoavweiss, @ lukastaegert)
• 4.12.0 - 2024-02-16
  

  4.12.0

  2024-02-16

  Features

  • Improve raw bundling performance by 10-15% when not using the cache or plugins that return an AST (#5391)

  Pull Requests

  • #5391: Improve performance by directly constructing AST from buffer (@ lukastaegert)
  • #5393: chore(deps): update dependency eslint-plugin-unicorn to v51 (@ renovate[bot])
  • #5394: chore(deps): update typescript-eslint monorepo to v7 (major) (@ renovate[bot])
  • #5395: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
• 4.11.0 - 2024-02-15
  

  4.11.0

  2024-02-15

  Features

  • Add output.reexportProtoFromExternal option to disable special code for handling __proto__ reexports (#5380)

  Bug Fixes

  • Ensure namespace reexport code can be parsed by cjs-module-lexer (#5380)
  • Throw when trying to reassing const variables (#5388)

  Pull Requests

  • #5380: fix: separately export __proto__ for compatibility with CJS Transpiler Re-exports (@ TrickyPi)
  • #5388: Add const reassign rule (@ TrickyPi)
• 4.10.0 - 2024-02-10
  

  4.10.0

  2024-02-10

  Features

  • Support base-36 and base-16 hashes again via new output.hashCharacters option (#5371)

  Bug Fixes

  • Do not crash process for panics in native code but throw them as JavaScript errors (#5383)

  Pull Requests

  • #5359: chore(deps): update actions/cache action to v4 (@ renovate[bot])
  • #5360: chore(deps): update dependency pretty-ms to v9 (@ renovate[bot])
  • #5366: chore(deps): update dependency husky to v9 (@ renovate[bot])
  • #5367: chore(deps): update peter-evans/create-or-update-comment action to v4 (@ renovate[bot])
  • #5368: chore(deps): update peter-evans/find-comment action to v3 (@ renovate[bot])
  • #5369: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • #5370: Fix dependency range for Node types (@ lukastaegert)
  • #5371: Implement "output.hashCharacters" option to define character set for file hashes (@ lukastaegert)
  • #5372: Roll back vitepress as 1.0.0-rc.40 breaks the development build (@ lukastaegert)
  • #5382: Update documentation (@ TrickyPi)
  • #5383: Catch Rust panics and then throw them in JS (@ TrickyPi)
  • #5384: chore(deps): update codecov/codecov-action action to v4 (@ renovate[bot])
  • #5385: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • #5386: Resolve all rollup imports to node_modules to avoid type conflict (@ TrickyPi)
• 4.9.6 - 2024-01-21
  

  4.9.6

  2024-01-21

  Bug Fixes

  • Detect side effects when an element that was pushed into an array is modified via the array (#5352)

  Pull Requests

  • #5337: Generate AST transformers from config (@ lukastaegert)
  • #5340: Also type-check d.ts files (@ lukastaegert)
  • #5348: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • #5351: chore(deps): update dependency vite to v5.0.12 [security] (@ renovate[bot])
  • #5352: Track mutations of elements pushed into arrays (@ lukastaegert)
• 4.9.5 - 2024-01-12
  

  4.9.5

  2024-01-12

  Bug Fixes

  • Fix issue where on Windows, Rollup would not load due to problems with the MSVC executable (#5335)

  Pull Requests

  • #5334: Fix typo in commondir.ts (@ akiomik)
  • #5335: build: static link msvc runtime on Windows x64 platform (@ Brooooooklyn)
  • #5338: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
• 4.9.4 - 2024-01-06
  

  4.9.4

  2024-01-06

  Bug Fixes

  • Use quotes for keys in namespaces that are only numbers but are not valid integers (#5328)
  • Allow to have comments between pure annotations and the annoted node (#5332)

  Pull Requests

  • #5328: Correctly handling number key (@ LongTengDao)
  • #5332: Handle pure annotations that are separated by a comment (@ lukastaegert)
• 4.9.3 - 2024-01-05
  Read more
• 4.9.2 - 2023-12-30
• 4.9.1 - 2023-12-17
• 4.9.0 - 2023-12-13
• 4.8.0 - 2023-12-11
• 4.7.0 - 2023-12-08
• 4.6.1 - 2023-11-30
• 4.6.0 - 2023-11-26
• 4.5.2 - 2023-11-24
• 4.5.1 - 2023-11-21
• 4.5.0 - 2023-11-18
• 4.4.1 - 2023-11-14
• 4.4.0 - 2023-11-12
• 4.3.1 - 2023-11-11
• 4.3.0 - 2023-11-03
• 4.2.0 - 2023-10-31
• 4.1.6 - 2023-10-31
• 4.1.5 - 2023-10-28
• 4.1.4 - 2023-10-16
• 4.1.3 - 2023-10-15
• 4.1.1 - 2023-10-15
• 4.1.0 - 2023-10-14
• 4.0.2 - 2023-10-06
• 4.0.1 - 2023-10-06
• 4.0.0 - 2023-10-05
• 4.0.0-25 - 2023-10-05
• 4.0.0-24 - 2023-10-03
• 4.0.0-23 - 2023-09-26
• 4.0.0-22 - 2023-09-26
• 4.0.0-21 - 2023-09-24
• 4.0.0-20 - 2023-09-24
• 4.0.0-19 - 2023-09-15
• 4.0.0-18 - 2023-09-15
• 4.0.0-17 - 2023-09-15
• 4.0.0-16 - 2023-09-15
• 4.0.0-15 - 2023-09-15
• 4.0.0-14 - 2023-09-15
• 4.0.0-13 - 2023-08-24
• 4.0.0-12 - 2023-08-23
• 4.0.0-10 - 2023-08-21
• 4.0.0-9 - 2023-08-20
• 4.0.0-8 - 2023-08-20
• 4.0.0-7 - 2023-08-20
• 4.0.0-6 - 2023-08-20
• 4.0.0-5 - 2023-08-20
• 4.0.0-4 - 2023-08-04
• 4.0.0-3 - 2023-08-04
• 4.0.0-2 - 2023-08-01
• 4.0.0-1 - 2023-08-01
• 3.29.4 - 2023-09-28
• 3.29.3 - 2023-09-24
• 3.29.2 - 2023-09-15
• 3.29.1 - 2023-09-10
• 3.29.0 - 2023-09-06
• 3.28.1 - 2023-08-22
• 3.28.0 - 2023-08-09
• 3.27.2 - 2023-08-04
• 3.27.1 - 2023-08-03
• 3.27.0 - 2023-07-28
• 3.26.3 - 2023-07-17
• 3.26.2 - 2023-07-06
• 3.26.1 - 2023-07-05
• 3.26.0 - 2023-06-30
• 3.25.3 - 2023-06-26
• 3.25.2 - 2023-06-24
• 3.25.1 - 2023-06-12
• 3.25.0 - 2023-06-11
• 3.24.1 - 2023-06-10
• 3.24.0 - 2023-06-07
• 3.23.1 - 2023-06-04
• 3.23.0 - 2023-05-22
• 3.22.1 - 2023-05-21
• 3.22.0 - 2023-05-17
• 3.22.0-0 - 2023-05-13
• 3.21.8 - 2023-05-16
• 3.21.7 - 2023-05-13
• 3.21.6 - 2023-05-09
• 3.21.5 - 2023-05-05
• 3.21.4 - 2023-05-03
• 3.21.3 - 2023-05-02
• 3.21.2 - 2023-04-30
• 3.21.1 - 2023-04-29
• 3.21.0 - 2023-04-23
• 3.20.7 - 2023-04-21
• 3.20.6 - 2023-04-18
• 3.20.5 - 2023-04-18
• 3.20.4 - 2023-04-17
• 3.20.3 - 2023-04-16
• 3.20.3-0 - 2023-04-14
• 3.20.2 - 2023-03-24
• 3.20.1 - 2023-03-23
• 3.20.0 - 2023-03-20
• 3.19.1 - 2023-03-10
• 3.19.0 - 2023-03-09
• 3.18.0 - 2023-03-01
• 3.18.0-0 - 2023-02-27
• 3.17.3 - 2023-02-25
• 3.17.3-1 - 2023-02-23
• 3.17.3-0 - 2023-02-22
• 3.17.2 - 2023-02-20
• 3.17.1 - 2023-02-18
• 3.17.0 - 2023-02-18
• 3.16.0 - 2023-02-17
• 3.15.1-1 - 2023-02-14
• 3.15.1-0 - 2023-02-13
• 3.15.0 - 2023-02-10
• 3.14.0 - 2023-02-05
• 3.13.0 - 2023-02-03
• 3.12.1 - 2023-02-01
• 3.12.0 - 2023-01-28
• 3.11.0 - 2023-01-26
• 3.10.1 - 2023-01-20
• 3.10.0 - 2023-01-12
• 3.9.1 - 2023-01-02
• 3.9.0 - 2022-12-28
• 3.8.1 - 2022-12-23
• 3.8.0 - 2022-12-22
• 3.7.6-0 - 2022-12-18
• 3.7.5 - 2022-12-17
• 3.7.5-0 - 2022-12-16
• 3.7.4 - 2022-12-13
• 3.7.3 - 2022-12-11
• 3.7.3-0 - 2022-12-10
• 3.7.2 - 2022-12-10
• 3.7.1 - 2022-12-09
• 3.7.1-0 - 2022-12-08
• 3.7.0 - 2022-12-08
• 3.6.1-0 - 2022-12-06
• 3.6.0 - 2022-12-05
• 3.6.0-1 - 2022-12-05
• 3.6.0-0 - 2022-11-27
• 3.5.1 - 2022-12-01
• 3.5.0 - 2022-11-27
• 3.5.0-0 - 2022-11-25
• 3.4.0 - 2022-11-22
• 3.4.0-1 - 2022-11-21
• 3.4.0-0 - 2022-11-18
• 3.3.0 - 2022-11-12
• 3.3.0-0 - 2022-11-08
• 3.2.5 - 2022-11-01
• 3.2.4 - 2022-10-31
• 3.2.3 - 2022-10-18
• 3.2.2 - 2022-10-16
• 3.2.1 - 2022-10-16
• 3.2.0 - 2022-10-15
• 3.1.0 - 2022-10-12
• 3.0.1 - 2022-10-12
• 3.0.0 - 2022-10-11
• 3.0.0-8 - 2022-10-11
• 3.0.0-7 - 2022-09-23
• 3.0.0-6 - 2022-09-06
• 3.0.0-5 - 2022-08-31
• 3.0.0-4 - 2022-08-15
• 3.0.0-3 - 2022-07-30
• 3.0.0-2 - 2022-07-15
• 3.0.0-1 - 2022-07-08
• 3.0.0-0 - 2022-07-05
• 2.79.1 - 2022-09-22
• 2.79.0 - 2022-08-31
• 2.78.1 - 2022-08-19
• 2.78.0 - 2022-08-14
• 2.77.4-1 - 2022-12-07
• 2.77.4-0 - 2022-12-04
• 2.77.3 - 2022-08-11
• 2.77.2 - 2022-07-27
• 2.77.1 - 2022-07-26
• 2.77.0 - 2022-07-15
• 2.76.0 - 2022-07-08
• 2.75.7 - 2022-06-20
• 2.75.6 - 2022-06-07

from rollup GitHub release notes

Commit messages

Package name: rollup

• 1c8afed 4.13.0
• 341d987 Add locations to logs, warnings and error messages (linter fails after running make test-addons nodejs/node#5424)
• bbcdac3 chore: fix typo (http_parser: use MakeCallback nodejs/node#5419)
• 10bdaa3 chore(deps): lock file maintenance (src,tools: allow utf-8 in built-in js source code nodejs/node#5418)
• c2c37ec chore(deps): lock file maintenance minor/patch updates (Ability to obtain the default gateway nodejs/node#5417)
• f44dac3 4.12.1
• cc7003f Chunk assignment - Fix comment line breaks and typo (Unexpected token error for rest parameter nodejs/node#5411)
• ce6cb93 fix: escape ids in `import.meta.ROLLUP_FILE_URL_referenceId` correctly (Release proposal: v0.10.43 (Maintenance) nodejs/node#5404)
• 240be0b Improve documentation for AST nodes
• 536444c chore(deps): lock file maintenance (dgram: handle default address case when offset and length are specified nodejs/node#5407)
• 7207ff0 chore(deps): lock file maintenance minor/patch updates (doc: explicit about VS 2015 support in readme nodejs/node#5406)
• 27690dc Update contributing guide
• 265bb9a chore(deps): lock file maintenance minor/patch updates (doc: copyedit util doc nodejs/node#5399)
• 67d7f10 Rename `getRollupEror` to `getRollupError` (dgram: socket.send without address fails with weird error on 5.7 nodejs/node#5398)
• c9b3655 List all authors in release notes
• 0146b84 4.12.0
• 14c9662 Improve performance by directly constructing AST from buffer (doc, installer: win - new logo in installer nodejs/node#5391)
• 5493159 chore(deps): lock file maintenance minor/patch updates (Linter breaking since update to eslint 2.x nodejs/node#5395)
• 4d92403 chore(deps): update typescript-eslint monorepo to v7 (major) (url: fix off-by-one error with parse() nodejs/node#5394)
• cae6935 chore(deps): update dependency eslint-plugin-unicorn to v51 (url.parse result differences in 5.7.x to 5.6.x nodejs/node#5393)
• 90ad652 4.11.0
• d6fd383 Add const reassign rule (repl: accept no arguments to start() nodejs/node#5388)
• f74d0a9 fix: separately export `__proto__` for compatibility with CJS Transpiler Re-exports (url: group slashed protocols by protocol name nodejs/node#5380)
• 7624208 4.10.0

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs