[Snyk] Upgrade rollup from 0.52.3 to 0.68.2

[RockRunner007]

Snyk has created this PR to upgrade rollup from 0.52.3 to 0.68.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 67 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2018-12-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

• 0.68.2 - 2018-12-23

  2018-12-23

  Bug Fixes

  • Do not assume hoisted variables to have been initialized (#2607)

  Pull Requests

  • #2607: Fix an issues where hoisted variables were assumed to have been initialized (@ lye)
• 0.68.1 - 2018-12-19

  2018-12-19

  Bug Fixes

  • Fix an issue with UMD wrappers where a variable is used without being defined (#2600)

  Pull Requests

  • #2600: Fix UMD and IIFE wrapper issues and add comprehensive functional wrapper tests (@ lukastaegert)
• 0.68.0 - 2018-12-16

  2018-12-16

  Breaking Changes

  • optimizeChunks is renamed to experimentalOptimizeChunks to reflect this feature is not production-ready yet (#2575)

  Features

  • Plugins can iterate all module ids via this.moduleIds (#2565)
  • Plugins can get graph information about a module via this.getModuleInfo(id) (#2565)
  • Plugins and JS API users get more information about the generated chunks: dynamicImports, facadeModuleId, isDynamicEntry, name (#2575)
  • Tree-shaken dynamic imports will no longer create chunks or influence chunking in any way (#2575)
  • Dynamic imports will no longer follow the entryFileNames but the chunkFileNames property reflecting those are solely internally used (#2575)
  • If there are chunk naming conflicts, entry chunks will always take precedence (#2575)
  • If an entry facade is created, only the facade chunk is marked as isEntry (#2575)
  • Dynamic chunks will only be marked as isEntry if they are actually entry chunks as well; thus there is now a 1-to-1 correspondence between modules listed in input and chunks marked as isEntry (#2575)
  • Chunks no longer contain imports for variables that are tree-shaken in the chunk but used in other chunks (#2584)
  • Chunks will always import re-exported variables directly from the chunk where they are originally exported from (#2584)
  • Null characters will be pruned from chunk ids to allow for virtually created chunks and make rollup-plugin-multi-entry compatible with code-splitting and thus the upcoming 1.0 version (#2590)
  • Simplify the UMD wrapper code as much as possible, especially if there are no exports (#2594)
  • The UMD wrapper will now work in strict mode by checking for self before this when determining the global variable (#2594)

  Bug Fixes

  • If a facade is created for a dynamic entry point, this facade will be imported instead of the facaded chunk (#2575)
  • Manual chunks that include multiple entry points will have proper facades created for all entry points if necessary (#2575)
  • If missing exports are shimmed, the shim variable will not be global but created on a per-module basis and is deconflicted with variables having the same name (#2584)
  • Missing export shims work properly in SystemJS (#2584)
  • preserveModules now handles dynamic namespace imports (#2584)
  • Fix chunk execution order in certain scenarios (#2584)
  • Exports and assignments using destructuring syntax will properly update the exported variables when generating SystemJS output (#2587)
  • Hashes in chunk names will now also take dynamic imports into account (#2596)

  Pull Requests

  • #2565: Provide module graph information on the plugin context (@ samccone)
  • #2575: Extend bundle information, tree-shake dynamic imports, fix dynamic import facade creation, support manual chunks with multiple entry points, make optimizeImports experimental (@ lukastaegert)
  • #2577: Update dependencies (@ lukastaegert)
  • #2584: Prune tree-shaken chunk imports, fix missing export shimming, support dynamic namespaces when preserving modules, improve chunk execution order (@ lukastaegert)
  • #2587: Support exports using destructuring declarations and assignments in SystemJS (@ lukastaegert)
  • #2590: Make sure chunk ids do not contain invalid characters to allow for chunks to correspond to virtual modules (@ lukastaegert)
  • #2594: Simplify UMD wrapper code and make sure it works in strict mode (@ lukastaegert)
  • #2596: Take both static and dynamic dependencies into account when calculating hashes (@ lukastaegert)
• 0.67.4 - 2018-12-03

  2018-12-03

  Bug Fixes

  • Prevent corrupt source maps for files with very long lines (#2571)

  Pull Requests

  • #2571: Fix an issue with long lines in sourcemaps (@ mislav)
• 0.67.3 - 2018-11-17

  2018-11-17

  Bug Fixes

  • Make sure the ESM browser build is actually published to npm (#2560)
  • Throw proper error when using inlineDynamicImports with experimentalPreserveModules (#2560)

  Pull Requests

  • #2552: Properly include ESM browser build in package (@ lukastaegert)
  • #2560: Show proper error when using inlineDynamicImports with experimentalPreserveModules (@ clarkdo)
• 0.67.2 - 2018-11-17

  2018-11-17

  Bug Fixes

  • Prevent crash when not returning sourcemaps from renderChunk plugin hook (#2558)

  Pull Requests

  • #2558: Prevent crash when not returning sourcemaps from renderChunk (@ kyle1320)
• 0.67.1 - 2018-11-11

  2018-11-11

  Bug Fixes

  • Deconflict CLI entry points with same name but on different paths if no explicit naming is used (#2548)

  Pull Requests

  • #2548: Deconflict CLI entry points with same name but on different paths if no explicit naming is used (@ lukastaegert)
• 0.67.0 - 2018-11-04 Read more
• 0.66.6 - 2018-10-10

  0.66.6

• 0.66.5 - 2018-10-09

  0.66.5

• 0.66.4 - 2018-10-04
• 0.66.3 - 2018-10-03
• 0.66.2 - 2018-09-21
• 0.66.1 - 2018-09-19
• 0.66.0 - 2018-09-16
• 0.65.2 - 2018-09-05
• 0.65.1 - 2018-09-05
• 0.65.0 - 2018-08-25
• 0.64.1 - 2018-08-07
• 0.64.0 - 2018-08-07
• 0.63.5 - 2018-08-01
• 0.63.4 - 2018-07-20
• 0.63.3 - 2018-07-20
• 0.63.2 - 2018-07-18
• 0.63.1 - 2018-07-18
• 0.63.0 - 2018-07-17
• 0.62.0 - 2018-06-27
• 0.61.2 - 2018-06-23
• 0.61.1 - 2018-06-21
• 0.61.0 - 2018-06-20
• 0.60.7 - 2018-06-14
• 0.60.6 - 2018-06-14
• 0.60.5 - 2018-06-14
• 0.60.4 - 2018-06-13
• 0.60.3 - 2018-06-13
• 0.60.2 - 2018-06-11
• 0.60.1 - 2018-06-07
• 0.60.0 - 2018-06-06
• 0.59.4 - 2018-05-28
• 0.59.3 - 2018-05-24
• 0.59.2 - 2018-05-21
• 0.59.1 - 2018-05-16
• 0.59.0 - 2018-05-15
• 0.58.2 - 2018-04-23
• 0.58.1 - 2018-04-18
• 0.58.0 - 2018-04-16
• 0.57.1 - 2018-03-17
• 0.57.0 - 2018-03-15
• 0.56.5 - 2018-03-07
• 0.56.4 - 2018-03-05
• 0.56.3 - 2018-02-25
• 0.56.2 - 2018-02-19
• 0.56.1 - 2018-02-16
• 0.56.0 - 2018-02-15
• 0.55.5 - 2018-02-10
• 0.55.4 - 2018-02-09
• 0.55.3 - 2018-02-01
• 0.55.2 - 2018-02-01
• 0.55.1 - 2018-01-26
• 0.55.0 - 2018-01-23
• 0.54.1 - 2018-01-17
• 0.54.0 - 2018-01-12
• 0.53.4 - 2018-01-10
• 0.53.3 - 2018-01-02
• 0.53.2 - 2017-12-30
• 0.53.1 - 2017-12-28
• 0.53.0 - 2017-12-22
• 0.52.3 - 2017-12-19

from rollup GitHub release notes

Commit messages

Package name: rollup

• f860199 0.68.2
• dc5233c Update changelog
• f8600a9 Hoisting fixes (#2607)
• b42e7fb Update docs for latest rollup 0.x (#2604)
• 325d65f Inline docs (#2602)
• 5516591 0.68.1
• 591692a Update changelog
• 8f71071 Fix UMD wrapper issues and refine wrappers (#2600)
• 7708970 Update changelog
• 824f942 Update changelog
• 790b270 Update changelog
• beac484 0.68.0
• b64f637 Update changelog
• 6f89906 Update changelog
• e12dcc7 Take both static and dynamic dependencies into account when calculating hashes (#2596)
• 61e7a4c Update changelog
• 1ef9f6b Expose Graph information for pluginContext calls (#2565)
• 7924d35 Update changelog
• 551654c Sanitizes chunk names to allow for virtually created chunks (#2590)
• ed67b63 Refactor and simplify umd wrapper (#2594)
• 15e0885 Update changelog
• 371aa62 Properly export destructured export declarations in SystemJS (#2587)
• f58d1e6 Thoroughly improve import resolution (#2584)
• c87132b Refactor chunking algorithm (#2575)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs