Skip to content

[Snyk] Upgrade rollup from 1.31.1 to 1.32.1#21

Open
snyk-sa-branch wants to merge 1 commit into
masterfrom
snyk-upgrade-f8ec07921e5d8bf03d5abccc971d290c
Open

[Snyk] Upgrade rollup from 1.31.1 to 1.32.1#21
snyk-sa-branch wants to merge 1 commit into
masterfrom
snyk-upgrade-f8ec07921e5d8bf03d5abccc971d290c

Conversation

@snyk-sa-branch

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to upgrade rollup from 1.31.1 to 1.32.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.

  • The recommended version was released 6 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469
59 No Known Exploit
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860
59 No Known Exploit
high severity Infinite loop
SNYK-JS-BRACEEXPANSION-15789759
59 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026
59 No Known Exploit
high severity Prototype Pollution
SNYK-JS-CACHEDPATHRELATIVE-2342653
59 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
59 Proof of Concept
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484
59 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8172694
59 No Known Exploit
high severity Improper Removal of Sensitive Information Before Storage or Transfer
SNYK-JS-FOLLOWREDIRECTS-16032162
59 No Known Exploit
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137
59 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GETFUNCNAME-5923417
59 Proof of Concept
high severity Prototype Pollution
SNYK-JS-INI-1048974
59 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724
59 Proof of Concept
high severity Arbitrary Code Injection
SNYK-JS-LODASH-15869625
59 No Known Exploit
high severity Prototype Pollution
SNYK-JS-LODASH-567746
59 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086
59 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
59 Proof of Concept
high severity Arbitrary File Write
SNYK-JS-TAR-1579155
59 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504
59 Proof of Concept
medium severity Infinite loop
SNYK-JS-BNJS-15274301
59 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899
59 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-LODASH-15869619
59 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
59 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-15789761
59 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
59 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-8482416
59 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-PATHVAL-596926
59 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
59 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073
59 Proof of Concept
critical severity Function Call With Incorrect Argument Type
SNYK-JS-CIPHERBASE-12084814
59 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916
59 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917
59 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918
59 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8187303
59 Proof of Concept
critical severity Information Exposure
SNYK-JS-ELLIPTIC-8720086
59 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
59 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867
59 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
59 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
59 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139
59 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
59 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-LODASH-15053838
59 No Known Exploit
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
59 No Known Exploit
critical severity Generation of Predictable Numbers or Identifiers
SNYK-JS-PBKDF2-10495496
59 Proof of Concept
critical severity Generation of Predictable Numbers or Identifiers
SNYK-JS-PBKDF2-10495498
59 No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-QS-14724253
59 Proof of Concept
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-QS-15268416
59 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490
59 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
59 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
59 Proof of Concept
low severity Cross-site Scripting
SNYK-JS-SEND-7926862
59 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865
59 No Known Exploit
critical severity Function Call With Incorrect Argument Type
SNYK-JS-SHAJS-12089400
59 Proof of Concept
critical severity Arbitrary Command Injection
SNYK-JS-SHELLQUOTE-16799355
59 Proof of Concept
high severity Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506
59 No Known Exploit
high severity Directory Traversal
SNYK-JS-TAR-15307072
59 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528
59 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531
59 No Known Exploit
high severity Symlink Attack
SNYK-JS-TAR-15416075
59 No Known Exploit
high severity Symlink Attack
SNYK-JS-TAR-15456201
59 Proof of Concept
high severity Arbitrary File Write
SNYK-JS-TAR-1579147
59 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152
59 No Known Exploit
medium severity Directory Traversal
SNYK-JS-TAR-15032660
59 Proof of Concept
medium severity Improper Handling of Unicode Encoding
SNYK-JS-TAR-15038581
59 Proof of Concept
medium severity Directory Traversal
SNYK-JS-TAR-15127355
59 No Known Exploit
medium severity Interpretation Conflict
SNYK-JS-TAR-17342362
59 Proof of Concept

Breaking Change Risk

Merge Risk: Low

Notice: This assessment is enhanced by AI.

Release notes
Package name: rollup
  • 1.32.1 - 2020-03-06

    2020-03-06

    Bug Fixes

    • Handle default export detection for AMD and IIFE externals that do not have a prototype (#3420)
    • Handle missing whitespace when the else branch of an if-statement is simplified (#3421)
    • Mention the importing module when reporting errors for missing named exports (#3401)
    • Add code to warning for missing output.name of IIFE bundles (#3372)

    Pull Requests

    • #3372: Add warning code for missing output.name of IIFE bundle that has export (@ rail44)
    • #3401: Missing exports errors now print the importing module (@ timiyay)
    • #3418: Structure lifecycle hooks, add links to build time hooks (@ lukastaegert)
    • #3420: Update generated code of getInteropBlock() to work with null prototype objects (@ jdalton)
    • #3421: Avoid invalid code when "else" branch is simplified (@ lukastaegert)
  • 1.32.0 - 2020-02-28

    2020-02-28

    Features

    • Allow adding plugins on the command line via --plugin <plugin> (#3379)

    Pull Requests

  • 1.31.1 - 2020-02-14

    2020-02-14

    Bug Fixes

    • Make sure errored files are always re-evaluated in watch mode to avoid an issue in the typescript plugin (#3388)

    Pull Requests

from rollup GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-sa-branch

Copy link
Copy Markdown
Author

Merge Risk: Low

This is a minor version upgrade that includes bug fixes and a new feature. No breaking changes are documented in the release notes for versions 1.32.0 and 1.32.1.

Changes include:

  • A new maxParallelFileReads option to prevent "too many open files" errors.
  • Various bug fixes related to export detection, code simplification, error reporting, and dynamic imports.

No developer action is required for this upgrade.

Source: Rollup v1.x Changelog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants