[Snyk] Upgrade rollup from 4.0.0 to 4.0.2

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade rollup from 4.0.0 to 4.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2023-10-06.

Release notes

Package name: rollup

• 4.0.2 - 2023-10-06
  

  4.0.2

  2023-10-06

  Bug Fixes

  • Fix annotation detection logic to not fail when a non-ASCII character precedes a double underscore (#5178)

  Pull Requests

  • #5178: Handle special characters before double underscores (@ lukastaegert)
• 4.0.1 - 2023-10-06
  

  4.0.1

  2023-10-06

  Bug Fixes

  • Do not panic on trailing semicolons after class methods (#5173)
  • Add artifact for arm64 linux musl target (#5176)

  Pull Requests

  • #5172: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • #5173: fix: ignores empty statements in class body that is returned by SWC parser (@ TrickyPi)
  • #5176: Fix linux arm musl build (@ lukastaegert)
• 4.0.0 - 2023-10-05
  

  4.0.0

  2023-10-05

  BREAKING CHANGES

  General Changes

  • The minimal required Node version is now 18.0.0 (#5142)
  • The browser build now relies on a WASM artifact that needs to be provided as well (#5073)
  • The NodeJS build now relies on an optional native binary; for unsupported platforms, users can use the @ rollup/wasm-node package that has the same interface as Rollup but relies on WASM artifacts (#5073)
  • The "with" syntax for import attributes is not yet supported, awaiting support in SWC (#5073)
  • The INVALID_IMPORT_ASSERTION error code has been replaced with INVALID_IMPORT_ATTRIBUTE (#5073)
  • Rollup will now warn for @ __PURE__ and @ __NO_SIDE_EFFECTS__ annotations in invalid locations (#5165)
  • If an entry module starts with a shebang comment #!..., this comment will be prepended to the output for es and cjs formats (#5163)
  • File hashes will now use url-safe base64 encoded hashes (#5155)
  • The maximum hash length has been reduced to 22 characters (#5155)
  • The RollupWarning type has been removed in favor of the RollupLog type (#5147)

  Changes to Rollup Options

  • Acorn plugins are no longer supported, the acornInjectPlugins option has been removed (#5073)
  • The acorn option has been removed (#5073)
  • output.externalImportAssertions has been deprecated in favor of output.externalImportAttributes (#5073)
  • inlineDynamicImports, manualChunks and preserveModules have been removed on input option level: Please use the corresponding output options of the same names (#5143)
  • Removed output options (#5143):
    • output.experimentalDeepDynamicChunkOptimization: This option is no longer needed as Rollup now always runs the full chunking algorithm
    • output.dynamicImportFunction: Use the renderDynamicImport plugin hook instead
    • output.namespaceToStringTag: Use output.generatedCode.symbols instead
    • output.preferConst: Use output.generatedCode.constBindings instead

  Plugin API Changes

  • For this.resolve, the default of the skipSelf option is now true (#5142)
  • this.parse now only supports the allowReturnOutsideFunction option for now (#5073)
  • Import assertions now use the new import attribute AST structure (#5073)
  • "assertions" have been replaced with "attributes" in various places of the plugin interface (#5073)
  • If the import of a module id is handled by the load hook of a plugin, rollup.watch no longer watches the actual file if the module id corresponds to a real path; if this is intended, then the plugin is responsible for calling this.addWatchFile for any dependency files (#5150)
  • The normalized input options provided by buildStart and other hooks no longer contain an onwarn handler; plugins should use onLog instead (#5147)
  • this.moduleIds has been removed from the plugin context: Use this.getModuleIds() instead (#5143)
  • The hasModuleSideEffects flag has been removed from the ModuleInfo returned by thi s.getModuleInfo(): Use moduleSideEffects on the ModuleInfo instead (#5143)

  Features

  • Improve parsing speed by switching to a native SWC-based parser (#5073)
  • Rollup will now warn for @ __PURE__ and @ __NO_SIDE_EFFECTS__ annotations in invalid locations (#5165)
  • The parser is now exposed as a separate export parseAst (#5169)

  Bug Fixes

  • Rollup no longer tries to watch virtual files if their name corresponds to an actual file name; instead, plugins handle watching via this.addWatchFile() (#5150)

  Pull Requests

  • #5073: [v4.0] Switch parser to SWC and introduce native/WASM code (@ lukastaegert)
  • #5142: [v4.0] Set the default of skipSelf to true (@ TrickyPi)
  • #5143: [v4.0] Remove deprecated features (@ lukastaegert)
  • #5144: [v4.0] Imporve the performance of generating ast and rollup ast nodes (@ TrickyPi)
  • #5147: [v4.0] Remove onwarn from normalized input options (@ lukastaegert)
  • #5150: [v4.0] feat: Do not watch files anymore if their content is returned by the load hook (@ TrickyPi)
  • #5154: [v4.0] Add parse option to allow return outside function (@ lukastaegert)
  • #5155: [v4.0] feat: implement hashing content in Rust (@ TrickyPi)
  • #5157: [v4.0] Handle empty exports (@ lukastaegert)
  • #5160: chore(deps): lock file maintenance minor/patch updates (@ renovate[bot])
  • #5163: [v4.0] feat: preserve shebang in entry module for CJS and ESM outputs (@ TrickyPi)
  • #5164: [v4.0] fix: also strip BOM from code strings in JS (@ TrickyPi)
  • #5165: [v4.0] warn for invalid annotations (@ lukastaegert)
  • #5168: [v4.0] Ensure we support new import attribute "with" syntax (@ lukastaegert)
  • #5169: [v4.0] Expose parser (@ lukastaegert)

from rollup GitHub release notes

Commit messages

Package name: rollup

• 3d9c833 4.0.2
• b132bd4 Handle special characters before double underscores (#5178)
• fcab1f6 4.0.1
• 10eb5e8 Fix linux arm musl build (#5176)
• 4611d81 fix: ignores empty statements in class body that is returned by SWC parser (#5173)
• 7d88ef0 chore(deps): lock file maintenance minor/patch updates (#5172)
• 95c2da8 Fix REPL artifacts workflow

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2b6554d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codeautopilot]

Pull Request Summary

Your organization has reached the subscribed usage limit. You can upgrade your plan at https://www.codeautopilot.com/#pricing

---

Current plan usage: 100.54%

---

Have feedback or need help?

Discord
Documentation
support@codeautopilot.com

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
rollup	4.0.0...4.0.2	None	+12/-11	34.5 MB	lukastaegert