[Snyk] Security upgrade rollup from 1.16.6 to 3.29.5

[Exnadella]

User description

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/bundler/package.json
• packages/bundler/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	648

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

---

PR Type

enhancement, dependencies

---

Description

• Upgraded the rollup dependency from version 1.3.0 to 3.29.5 in package.json to address a Cross-site Scripting (XSS) vulnerability.
• Updated package-lock.json to reflect changes in rollup dependency version.
• This upgrade aims to fix the vulnerability identified by Snyk with ID SNYK-JS-ROLLUP-8073097.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade rollup dependency to address security vulnerability packages/bundler/package.json Upgraded rollup dependency from version 1.3.0 to 3.29.5. Addressed a security vulnerability related to rollup. +1/-1      package-lock.json Update package-lock.json for rollup upgrade                            packages/bundler/package-lock.json Updated lock file to reflect the upgraded rollup dependency. +1941/-1949
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/bundler/package-lock.json ... +1941/-1949

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[codiumai-pr-agent-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ No key issues to review

[codiumai-pr-agent-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Enhancement	Update multiple dependencies to their latest compatible versions Consider updating other dependencies to their latest compatible versions to ensure all packages work well together with the new rollup version. packages/bundler/package.json [35] "rollup": "^3.29.5", +"polymer-analyzer": "^3.2.4", +"mkdirp": "^1.0.4", +"parse5": "^6.0.1", Apply this suggestion Suggestion importance[1-10]: 7 Why: The suggestion to update other dependencies to their latest compatible versions is a good practice for maintaining compatibility and security. However, it is not crucial unless there are known issues with the current versions, hence a moderate score. The suggestion does not address any specific bugs or security vulnerabilities directly.	7

💡 Need additional feedback ? start a PR chat