rollup-plugin-off-main-thread
rollup-plugin-off-main-thread copied to clipboard
surma
Use Rollup with workers and ES6 modules today.
The `string.prototype.matchall` dependency to implement `String.prototype.matchAll()` in Node v10 was added because "The Workbox project [...] need to continue support Node v10 until our next major release version" (see #49)....
As the version is 0.x, npm refuses to automatically use a newer minor version. All users, including all workbox users, see 'npm WARN deprecated [email protected]: Please use @jridgewell/sourcemap-codec instead'
Ref nvd: [https://nvd.nist.gov/vuln/detail/CVE-2023-29827](url) Dependency Path: **react-scripts (5.0.1) -> workbox-build (6.6.0) -> @surma/rollup-plugin-off-main-thread (2.2.3) -> ejs(3.1.9)** **Img nvd**  **Img black duck** 
Is the input to the EJS render method sanitized? Reference from EJS documentation [Out-of-Scope Vulnerabilities](https://github.com/mde/ejs/blob/main/SECURITY.md#out-of-scope-vulnerabilities) Do we have to worry about this potential security issue ?
Current version of `magic-string` 0.25.0 dependency use `sourcemap-codec` dependency that is deprecated. In version 0.27.0 it's replaced with `@jridgewell/sourcemap-codec`. `magic-string` dependency needs to be updated. ### Steps to reproduce -...
Removes `string-prototype-matchall`. Support for `String.prototype.matchAll` landed in Node.js v12, and Node.js v16 reached EOL in September 2023, so I agree with the poster of #58 that the need for this...
*Description:* Using Tirvy to scan packages for security vulnerabilities and other issues, this module includes the following Dockerfile: ``` FROM selenium/node-chrome:latest USER root RUN apt-get update -qqy \ && rm...
Bumps [rollup](https://github.com/rollup/rollup) from 2.2.0 to 2.79.2. Changelog Sourced from rollup's changelog. rollup changelog 4.22.4 2024-09-21 Bug Fixes Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}