Skip to content

Bump rollup from 4.34.9 to 4.40.1#222

Merged
ncalteen merged 1 commit intomainfrom
dependabot/npm_and_yarn/rollup-4.40.1
May 1, 2025
Merged

Bump rollup from 4.34.9 to 4.40.1#222
ncalteen merged 1 commit intomainfrom
dependabot/npm_and_yarn/rollup-4.40.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github May 1, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps rollup from 4.34.9 to 4.40.1.

Release notes

Sourced from rollup's releases.

v4.40.1

4.40.1

2025-04-28

Bug Fixes

  • Limit hash size for asset file names to the supported 21 (#5921)
  • Do not inline user-defined entry chunks or chunks with explicit file name (#5923)
  • Avoid top-level-await cycles when non-entry chunks use top-level await (#5930)
  • Expose package.json via exports (#5931)

Pull Requests

v4.40.0

4.40.0

2025-04-12

Features

  • Only show eval warnings on first render and only when the call is not tree-shaken (#5892)
  • Tree-shake non-included dynamic import members when the handler just maps to one named export (#5898)

Bug Fixes

  • Consider dynamic imports nested within top-level-awaited dynamic import expressions to be awaited as well (#5900)
  • Fix namespace rendering when tree-shaking is disabled (#5908)
  • When using multiple transform hook filters, all of them need to be satisfied together (#5909)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.40.1

2025-04-28

Bug Fixes

  • Limit hash size for asset file names to the supported 21 (#5921)
  • Do not inline user-defined entry chunks or chunks with explicit file name (#5923)
  • Avoid top-level-await cycles when non-entry chunks use top-level await (#5930)
  • Expose package.json via exports (#5931)

Pull Requests

4.40.0

2025-04-12

Features

  • Only show eval warnings on first render and only when the call is not tree-shaken (#5892)
  • Tree-shake non-included dynamic import members when the handler just maps to one named export (#5898)

Bug Fixes

  • Consider dynamic imports nested within top-level-awaited dynamic import expressions to be awaited as well (#5900)
  • Fix namespace rendering when tree-shaking is disabled (#5908)
  • When using multiple transform hook filters, all of them need to be satisfied together (#5909)

Pull Requests

... (truncated)

Commits
  • 1e6c40f 4.40.1
  • 03f34b0 fix: generate the separate chunk for the entry module with explicated chunk f...
  • a74916b Avoid chunks TLA dynamic import circular when TLA dynamic import used in non-...
  • 99d4bee chore: add new ./package.json entry (#5931)
  • 8e0d034 fix(assetFileNames): reduce max hash size to 21 (#5921)
  • 7fc5036 fix(deps): lock file maintenance minor/patch updates (#5936)
  • ec5e45a fix(deps): update rust crate swc_compiler_base to v18 (#5926)
  • f53d9de fix(deps): lock file maintenance minor/patch updates (#5928)
  • 6a924c0 fix(deps): lock file maintenance minor/patch updates (#5927)
  • 1f2d579 4.40.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team May 1, 2025 13:53
@dependabot dependabot bot added dependabot Dependabot issues and PRs npm Node.js issues and PRs labels May 1, 2025
@github-actions
Copy link
Copy Markdown

github-actions bot commented May 1, 2025
edited
Loading

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 5 0 0 0.03s
✅ JSON jsonlint 7 0 0 0.17s
✅ JSON npm-package-json-lint yes no no 0.46s
✅ JSON prettier 7 0 0 0.79s
✅ JSON v8r 7 0 0 11.1s
✅ MARKDOWN markdownlint 1 0 0 0.71s
✅ MARKDOWN markdown-link-check 1 0 0 1.67s
✅ REPOSITORY checkov yes no no 19.0s
✅ REPOSITORY gitleaks yes no no 2.08s
✅ REPOSITORY git_diff yes no no 0.03s
✅ REPOSITORY grype yes no no 32.81s
✅ REPOSITORY secretlint yes no no 1.06s
✅ REPOSITORY syft yes no no 5.66s
✅ REPOSITORY trivy-sbom yes no no 1.77s
✅ REPOSITORY trufflehog yes no no 15.3s
✅ TYPESCRIPT prettier 10 0 0 0.9s
✅ YAML prettier 13 0 0 0.54s
✅ YAML v8r 13 0 0 7.93s
✅ YAML yamllint 13 0 0 0.39s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/rollup-4.40.1 branch from 3c95db1 to 8f44bd3 Compare May 1, 2025 13:58
@dependabot
Bump rollup from 4.34.9 to 4.40.1
b28dd69 
Bumps [rollup](https://github.com/rollup/rollup) from 4.34.9 to 4.40.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.34.9...v4.40.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.40.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/rollup-4.40.1 branch from 8f44bd3 to b28dd69 Compare May 1, 2025 13:59
@ncalteen ncalteen self-assigned this May 1, 2025
@ncalteen ncalteen merged commit 86bc783 into main May 1, 2025
5 checks passed
@ncalteen ncalteen deleted the dependabot/npm_and_yarn/rollup-4.40.1 branch May 1, 2025 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ncalteen ncalteen ncalteen approved these changes

Assignees

@ncalteen ncalteen

Labels

dependabot Dependabot issues and PRs npm Node.js issues and PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ncalteen