[Snyk] Upgrade rollup from 2.7.2 to 2.59.0

[snyk-bot]

Snyk has created this PR to upgrade rollup from 2.7.2 to 2.59.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 151 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-11-01.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rollup

• 2.59.0 - 2021-11-01
  

  2021-11-01

  Features

  • Support static class initialization blocks (#4249)

  Bug Fixes

  • Fix an issue with the CommonJS plugin when module.exports has inherited properties (#4256)

  Pull Requests

  • #4236: typescript bug class field initialization order (@ dnalborczyk)
  • #4249: Support for class static initialization block (@ dnalborczyk and @ lukastaegert)
  • #4256: Skip inherited properties in synthetic namespaces (@ lukastaegert)
• 2.59.0-1 - 2021-11-11
• 2.59.0-0 - 2021-10-23
  

  2.59.0-0

• 2.58.3 - 2021-10-25
  

  2.58.3

• 2.58.2 - 2021-10-25
  

  2.58.2

• 2.58.1 - 2021-10-25
  

  2021-10-25

  Bug Fixes

  • Fix an issue with the CommonJS plugin when module.exports is falsy (#4247)

  Pull Requests

  • #4247: Handle falsy synthetic namespaces (@ lukastaegert)
• 2.58.0 - 2021-10-01
  

  2021-10-01

  Features

  • Add a flag to more reliably identify entry points in the resolveId hook (#4230)

  Pull Requests

  • #4230: Add isEntry flag to resolveId and this.resolve (@ lukastaegert)
  • #4233: Remove unused rollup-plugin-typescript ambient module types (@ dnalborczyk)
  • #4235: Update dependencies (@ lukastaegert)
• 2.57.0 - 2021-09-22
  

  2021-09-22

  Features

  • Add generatedCode option to allow Rollup to use es2015 features for smaller output and more efficient helpers (#4215)
  • Improve AMD and SystemJS parsing performance by wrapping relevant functions in parentheses (#4215)
  • Using preferConst will now show a warning with strictDeprecations: true (#4215)

  Bug Fixes

  • Improve ES3 syntax compatibility by more consequently quoting reserved words as props in generated code (#4215)
  • Do not use Object.assign in generated code to ensure ES5 compatibility without the need for polyfills (#4215)
  • Support live-bindings in dynamic namespace objects that contain reexported external or synthetic namespaces (#4215)
  • Use correct "this" binding in dynamic import expressions for CommonJS and AMD (#4215)
  • Properly handle shimMissingExports for exports that are only used internally (#4215)
  • Prevent unhandled rejection for failed module parsing (#4228)

  Pull Requests

  • #4212: chore: remove unused ambient types (@ dnalborczyk)
  • #4215: Use ES2015 features in generated code snippets (@ lukastaegert)
  • #4219: chore: bump rollup typescript, remove unused micromatch (@ dnalborczyk)
  • #4220: chore: use forceConsistentCasingInFileNames in ts-config (@ dnalborczyk)
  • #4224: prepare for useDefineForClassFields (@ dnalborczyk)
  • #4228: fix: prevent UnhandledPromiseRejectionWarning when module resolution/parsing fails (@ kherock)
• 2.56.3 - 2021-08-23
  

  2021-08-23

  Bug Fixes

  • Make sure moduleInfo contains complete information about imported ids in the moduleParsed hook (#4208)

  Pull Requests

  • #4208: ModuleInfo.importedIds will return null if resolvedIds[source] is undefined (@ FoxDaxian and @ lukastaegert)
• 2.56.2 - 2021-08-10
  

  2021-08-10

  Bug Fixes

  • Check if after simplification, an object pattern would become an expression statement or arrow function return value (#4204)

  Pull Requests

  • #4204: Do not create invalid code when simplifying object pattern assignments (@ lukastaegert)
• 2.56.1 - 2021-08-08
  

  2021-08-08

  Bug Fixes

  • Fix rendering of SystemJS export declarations initialized with a simplifiable expression (#4202)

  Pull Requests

  • #4202: Fix incorrect rendering of export declarations in SystemJS (@ lukastaegert)
• 2.56.0 - 2021-08-05
• 2.55.1 - 2021-07-29
• 2.55.0 - 2021-07-28
• 2.54.0 - 2021-07-25
• 2.53.3 - 2021-07-21
• 2.53.2 - 2021-07-15
• 2.53.1 - 2021-07-11
• 2.53.0 - 2021-07-09
• 2.52.8 - 2021-07-07
• 2.52.7 - 2021-07-02
• 2.52.6 - 2021-07-01
• 2.52.5 - 2021-07-01
• 2.52.4 - 2021-06-30
• 2.52.3 - 2021-06-25
• 2.52.2 - 2021-06-21
• 2.52.1 - 2021-06-17
• 2.52.0 - 2021-06-16
• 2.51.2 - 2021-06-11
• 2.51.1 - 2021-06-08
• 2.51.0 - 2021-06-06
• 2.50.6 - 2021-06-03
• 2.50.5 - 2021-05-30
• 2.50.4 - 2021-05-29
• 2.50.3 - 2021-05-28
• 2.50.2 - 2021-05-27
• 2.50.1 - 2021-05-26
• 2.50.0 - 2021-05-25
• 2.49.0 - 2021-05-23
• 2.49.0-1 - 2021-05-20
• 2.49.0-0 - 2021-05-18
• 2.48.0 - 2021-05-15
• 2.47.0 - 2021-05-04
• 2.46.0 - 2021-04-29
• 2.45.2 - 2021-04-13
• 2.45.1 - 2021-04-10
• 2.45.0 - 2021-04-09
• 2.44.0 - 2021-03-29
• 2.43.1 - 2021-03-28
• 2.43.0 - 2021-03-27
• 2.42.4 - 2021-03-24
• 2.42.3 - 2021-03-22
• 2.42.2 - 2021-03-22
• 2.42.1 - 2021-03-20
• 2.42.0 - 2021-03-19
• 2.41.5 - 2021-03-18
• 2.41.4 - 2021-03-16
• 2.41.3 - 2021-03-16
• 2.41.2 - 2021-03-12
• 2.41.1 - 2021-03-11
• 2.41.0 - 2021-03-09
• 2.40.0 - 2021-02-26
• 2.39.1 - 2021-02-23
• 2.39.0 - 2021-02-12
• 2.38.5 - 2021-02-05
• 2.38.4 - 2021-02-02
• 2.38.3 - 2021-02-01
• 2.38.2 - 2021-01-31
• 2.38.1 - 2021-01-28
• 2.38.0 - 2021-01-22
• 2.37.1 - 2021-01-20
• 2.37.0 - 2021-01-19
• 2.36.2 - 2021-01-16
• 2.36.1 - 2021-01-06
• 2.36.0 - 2021-01-05
• 2.35.1 - 2020-12-14
• 2.35.0 - 2020-12-14
• 2.34.2 - 2020-12-06
• 2.34.1 - 2020-12-03
• 2.34.0 - 2020-11-29
• 2.33.3 - 2020-11-18
• 2.33.2 - 2020-11-14
• 2.33.1 - 2020-11-02
• 2.33.0 - 2020-11-01
• 2.32.1 - 2020-10-21
• 2.32.0 - 2020-10-16
• 2.31.0 - 2020-10-15
• 2.30.0 - 2020-10-13
• 2.29.0 - 2020-10-08
• 2.28.2 - 2020-09-24
• 2.28.1 - 2020-09-21
• 2.28.0 - 2020-09-21
• 2.27.1 - 2020-09-17
• 2.27.0 - 2020-09-16
• 2.26.11 - 2020-09-08
• 2.26.10 - 2020-09-04
• 2.26.9 - 2020-09-01
• 2.26.8 - 2020-08-29
• 2.26.7 - 2020-08-28
• 2.26.6 - 2020-08-27
• 2.26.5 - 2020-08-22
• 2.26.4 - 2020-08-19
• 2.26.3 - 2020-08-16
• 2.26.2 - 2020-08-16
• 2.26.1 - 2020-08-16
• 2.26.0 - 2020-08-15
• 2.25.0 - 2020-08-14
• 2.24.0 - 2020-08-13
• 2.23.1 - 2020-08-07
• 2.23.0 - 2020-07-23
• 2.22.2 - 2020-07-22
• 2.22.1 - 2020-07-18
• 2.22.0 - 2020-07-18
• 2.21.0 - 2020-07-07
• 2.20.0 - 2020-07-06
• 2.19.0 - 2020-07-05
• 2.18.2 - 2020-07-02
• 2.18.1 - 2020-06-26
• 2.18.0 - 2020-06-22
• 2.17.1 - 2020-06-19
• 2.17.0 - 2020-06-17
• 2.16.1 - 2020-06-13
• 2.16.0 - 2020-06-12
• 2.15.0 - 2020-06-08
• 2.14.0 - 2020-06-07
• 2.13.1 - 2020-06-04
• 2.13.0 - 2020-06-03
• 2.12.1 - 2020-06-02
• 2.12.0 - 2020-05-31
• 2.11.2 - 2020-05-28
• 2.11.1 - 2020-05-28
• 2.11.0 - 2020-05-27
• 2.10.9 - 2020-05-24
• 2.10.8 - 2020-05-23
• 2.10.7 - 2020-05-22
• 2.10.6 - 2020-05-22
• 2.10.5 - 2020-05-19
• 2.10.4 - 2020-05-19
• 2.10.3 - 2020-05-18
• 2.10.2 - 2020-05-15
• 2.10.1 - 2020-05-15
• 2.10.0 - 2020-05-13
• 2.9.1 - 2020-05-11
• 2.9.0 - 2020-05-10
• 2.8.2 - 2020-05-07
• 2.8.1 - 2020-05-07
• 2.8.0 - 2020-05-06
• 2.7.6 - 2020-04-30
• 2.7.5 - 2020-04-29
• 2.7.4 - 2020-04-29
• 2.7.3 - 2020-04-27
• 2.7.2 - 2020-04-22

from rollup GitHub release notes

Commit messages

Package name: rollup

• 66b3139 2.59.0
• f7f4e2e Update changelog
• 2feb494 Skip inherited properties in synthetic namespaces (Fixed build script by upgrading rollup-plugin-typescript2 to latest reduxjs/redux#4256)
• 73c10cd typescript bug class field initialization order (Add a tip pointing to code splitting reduxjs/redux#4236)
• ce3de49 Support for class static initialization block (I install react-devtools and use npx react-scripts command to start it but failed. show as below reduxjs/redux#4249)
• 1494c68 Explicitly include nested package.json in artefact
• 0b8d4c6 2.58.3
• 2fa12c1 Update changelog
• ddaff0e 2.58.2
• a0eb8e2 Update changelog
• 6a3d6d1 2.58.1
• c470bec Update changelog
• 69bb1e8 Handle falsy synthetic namespaces (Application crash when pass an action method to store.dispatch in the middleware reduxjs/redux#4247)
• cc4fc58 Update documentation
• 3a404a0 2.58.0
• d7ab293 Update changelog
• 92db2e8 Update dependencies (DeepPartial typing does not play nicely with branded types reduxjs/redux#4235)
• d0db534 Add isEntry flag to resolveId and this.resolve (Update part-5-async-logic.md reduxjs/redux#4230)
• 61dd792 Remove unused rollup-plugin-typescript ambient module types (Docs: Redux [FAQ: Organizing State] remove You Might Not Need Redux reduxjs/redux#4233)
• b67ef30 2.57.0
• ed5e51d Update changelog
• ca86df2 Use ES2015 features in generated code snippets (Object.constructor is used as state for reducer named "constructor" reduxjs/redux#4215)
• 5700728 prepare for useDefineForClassFields (Add test for formatProdErrorMessage reduxjs/redux#4224)
• 2ff8fc1 fix: prevent UnhandledPromiseRejectionWarning when module resolution/parsing fails ([Docs] Add Redux Eggs to CodeSplitting.md reduxjs/redux#4228)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs