Skip to content

migrate rollup v4 and plugins#3446

Merged
swissspidy merged 12 commits into
GoogleChrome:v7from
AJIb63PT:fix/rollup-and-plugins
Dec 8, 2025
Merged

migrate rollup v4 and plugins#3446
swissspidy merged 12 commits into
GoogleChrome:v7from
AJIb63PT:fix/rollup-and-plugins

Conversation

@AJIb63PT

@AJIb63PT AJIb63PT commented Dec 1, 2025
edited by swissspidy
Loading

Copy link
Copy Markdown
Contributor

Fixes #3347

@AJIb63PT

AJIb63PT commented Dec 1, 2025

Copy link
Copy Markdown
Contributor Author

@swissspidy Hello please run tests on PR

@AJIb63PT

AJIb63PT commented Dec 1, 2025

Copy link
Copy Markdown
Contributor Author

remove manualChunks from tests because on v4.

@AJIb63PT

AJIb63PT commented Dec 1, 2025

Copy link
Copy Markdown
Contributor Author

Plz rerun
Mac test failed with
error Error: https://registry.yarnpkg.com/@apideck/better-ajv-errors/-/better-ajv-errors-0.3.6.tgz: Request failed "500 Internal Server Error"

@AJIb63PT

AJIb63PT commented Dec 7, 2025

Copy link
Copy Markdown
Contributor Author

rollup and rollup-plugins migrated to latests versions.

@AJIb63PT

AJIb63PT commented Dec 8, 2025

Copy link
Copy Markdown
Contributor Author

@swissspidy PR is done.review plz

swissspidy
swissspidy approved these changes Dec 8, 2025
View reviewed changes

@swissspidy swissspidy left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Looks reasonable from what I can tell.

@swissspidy swissspidy merged commit a0c8ed9 into GoogleChrome:v7 Dec 8, 2025
3 checks passed
@AJIb63PT AJIb63PT mentioned this pull request Dec 8, 2025
Closed
@husayt

husayt commented May 12, 2026

Copy link
Copy Markdown

this dependency trickfilm400/rollup-plugin-off-main-thread throwing lots of trust policy warnings. Looking at the repo it's suspicious the least. I find it very strange that project like workbox allows that kind of dependendencies

@Trickfilm400

Trickfilm400 commented May 14, 2026

Copy link
Copy Markdown

this dependency trickfilm400/rollup-plugin-off-main-thread throwing lots of trust policy warnings.

Hi @husayt,
I know, that the used package version is not signed (provenance), as I intended it only for a test - which ended up here... well
There are also some left-over builded files inside the test folder, which I only noticed recently.

a) Do you know perhaps if the test folder inside the plugin is needed / used somewhere? I would like to remove it from the npm releases, if they are useless in the final npm package - also improves the bundle size a lot.
b) On the original repo there is also an issue to remove the string.prototype.matchall dependency fro the plugin, which involves increasing the required node version, but workbox-build has this version already required, so theoretically there should be no issue?

Is this enough for fixing the policy warnings? Are there a few more steps which can be done? I'm open for anything, as npm's security is very "stressed" right now (refering to the latest supply chain attacks)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swissspidy swissspidy swissspidy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update rollup to latest version from 2.79.1 to 4.21.1

4 participants

@AJIb63PT @husayt @Trickfilm400 @swissspidy