[Snyk] Upgrade rollup from 4.18.0 to 4.28.1

[snyk-io]

Snyk has created this PR to upgrade rollup from 4.18.0 to 4.28.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 36 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	124	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	124	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	124	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	124	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	124	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	124	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-AXIOS-6671926	124	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	124	No Known Exploit
	Cross-site Scripting SNYK-JS-SEND-7926862	124	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	124	No Known Exploit

Release notes

Package name: rollup

• 4.28.1 - 2024-12-06
  

  4.28.1

  2024-12-06

  Bug Fixes

  • Support running Rollup natively on LoongArch (#5749)
  • Add optional debugId to SourceMap types (#5751)

  Pull Requests

  • #5749: feat: add support for LoongArch (@ darkyzhou)
  • #5751: feat: Add debugId to SourceMap types (@ timfish, @ lukastaegert)
  • #5752: chore(deps): update dependency mocha to v11 (@ renovate[bot])
  • #5753: chore(deps): update dependency vite to v6 (@ renovate[bot])
  • #5754: fix(deps): update swc monorepo (major) (@ renovate[bot])
  • #5755: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • #5756: Test if saving the Cargo cache can speed up FreeBSD (@ lukastaegert)
• 4.28.0 - 2024-11-30
  

  4.28.0

  2024-11-30

  Features

  • Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

  Pull Requests

  • #5743: fix: supports modify the import attributes key in the config file (@ TrickyPi, @ lukastaegert)
  • #5747: chore(deps): update codecov/codecov-action action to v5 (@ renovate[bot])
  • #5748: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
• 4.27.4 - 2024-11-23
  

  4.27.4

  2024-11-23

  Bug Fixes

  • Update bundled magic-string to support sourcemap debug ids (#5740)

  Pull Requests

  • #5740: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
• 4.27.3 - 2024-11-18
  

  4.27.3

  2024-11-18

  Bug Fixes

  • Revert object property tree-shaking for now (#5736)

  Pull Requests

  • #5736: Revert object tree-shaking until some issues have been resolved (@ lukastaegert)
• 4.27.2 - 2024-11-15
  

  4.27.2

  2024-11-15

  Bug Fixes

  • Ensure unused variables in patterns are always deconflicted if rendered (#5728)

  Pull Requests

  • #5728: Fix more variable deconflicting issues (@ lukastaegert)
• 4.27.1 - 2024-11-15
  

  4.27.1

  2024-11-15

  Bug Fixes

  • Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

  Pull Requests

  • #5727: Debug out-of-memory issues with Rollup v4.27.0 (@ lukastaegert)
• 4.27.1-1 - 2024-11-15
  

  4.27.1-1

• 4.27.1-0 - 2024-11-15
  

  4.27.1-0

• 4.27.0 - 2024-11-15
  

  4.27.0

  2024-11-15

  Features

  • Tree-shake unused properties in object literals (#5420)

  Bug Fixes

  • Change hash length limit to 21 to avoid inconsistent hash length (#5423)

  Pull Requests

  • #5420: feat: implement object tree-shaking (@ TrickyPi, @ lukastaegert)
  • #5723: Reduce max hash size to 21 (@ lukastaegert)
  • #5724: fix(deps): update swc monorepo (major) (@ renovate[bot])
  • #5725: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
• 4.27.0-1 - 2024-11-14
  

  4.27.0-1

• 4.27.0-0 - 2024-11-13
• 4.26.0 - 2024-11-13
• 4.25.0 - 2024-11-09
• 4.25.0-0 - 2024-10-29
• 4.24.4 - 2024-11-04
• 4.24.3 - 2024-10-29
• 4.24.2 - 2024-10-27
• 4.24.1 - 2024-10-27
• 4.24.0 - 2024-10-02
• 4.23.0 - 2024-10-01
• 4.22.5 - 2024-09-27
• 4.22.4 - 2024-09-21
• 4.22.3 - 2024-09-21
• 4.22.3-0 - 2024-09-20
• 4.22.2 - 2024-09-20
• 4.22.1 - 2024-09-20
• 4.22.0 - 2024-09-19
• 4.21.3 - 2024-09-12
• 4.21.2 - 2024-08-30
• 4.21.1 - 2024-08-26
• 4.21.0 - 2024-08-18
• 4.20.0 - 2024-08-03
• 4.19.2 - 2024-08-01
• 4.19.1 - 2024-07-27
• 4.19.0 - 2024-07-20
• 4.18.1 - 2024-07-08
• 4.18.0 - 2024-05-22

from rollup GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	0% smaller

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)