Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade rollup-plugin-typescript2 from 0.20.1 to 0.34.1 #357

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented Mar 18, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade rollup-plugin-typescript2 from 0.20.1 to 0.34.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 28 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2022-10-03.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
375/1000
Why? CVSS 7.5
No Known Exploit
Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
375/1000
Why? CVSS 7.5
Proof of Concept
Validation Bypass
SNYK-JS-KINDOF-537849
375/1000
Why? CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: rollup-plugin-typescript2
  • 0.34.1 - 2022-10-03

    Bugfixes

    • fix: don't error out while catching a buildStart error by @ agilgur5 in #422
      • This fixes an initialization regression in 0.34.0 where users saw TypeError: Cannot read property 'done' of undefined instead of their actual initialization error, such as a tsconfig issue (such as with #421)
    • fix: add compatibility checks w/ semver by @ agilgur5 in #424
      • 0.34.0 introduced a type-only fix that relied on Rollup 2.60.0+ and would (accidentally) error out on older versions of Rollup. This fix handles it gracefully with a clear warning message instead and skips that check when using an older version of Rollup (i.e. partly backward-compatible).
      • This also adds an error if peerDependencies minimum versions have not been met
    • fix: don't resolve filtered files by @ agilgur5 in #428
      • This fixes a regression from 0.33.0 that could cause rpt2 to (accidentally) resolve files that should have been filtered out by the plugin include/exclude (such as with #427)

    Internal (testing, refactors)

    • clean(deps): remove unused @ types/resolve by @ agilgur5 in #423
    • test: increase no-errors integration timeout to 20s by @ agilgur5 in #425

    Full Changelog: 0.34.0...0.34.1

  • 0.34.0 - 2022-09-12

    Bugfixes

    • fix: handle all type-only imports by piping TS imports by @ agilgur5 in #406
      • If you have ever had issues with some files not being type-checked or not generating declarations, this should conclusively fix all such issues. This type of issue used to occur if you had a type-only / interface-only / emit-less file, i.e. a file with only TS types and interfaces that would produce no JS.
      • NOTE: This requires Rollup version 2.60.0+ as it requires the use of this.load
        • 0.34.0 will (accidentally) error out on older versions of Rollup. 0.34.1 patched this to instead give a warning and skip this check on older versions of Rollup.
    More Fixes ...
    • fix(dx): remove extra quote in emitDeclarationOnly log statement by @ agilgur5 in #412

    Docs

    • docs: add a simple CHANGELOG.md that references GH releases by @ agilgur5 in #419
      • i.e. it references this page

    Internal (testing, refactors)

    More Internal ...
    • refactor(test): heavily simplify the context helper by @ agilgur5 in #404
    • refactor: combine check-tsconfig with parse-tsconfig by @ agilgur5 in #413
    • clean: remove ConsoleContext entirely by using buildStart by @ agilgur5 in #414
    • refactor(cache): simplify creating / using the cache var by @ agilgur5 in #415
    • refactor: consolidate diagnostics funcs into single file by @ agilgur5 in #415

    Full Changelog: 0.33.0.1...0.34.0

  • 0.33.0 - 2022-08-19
    • similar to the other safety checks in clean, this won't be hit during normal usage
  • 0.32.1 - 2022-06-06

    Bugfixes

    • deps: upgrade @ rollup/plugin-commonjs to v22 to fix try/catch requires by @ agilgur5 in #340
      • This fixes a regression in 0.32.0 that caused users with certain environments to experience ReferenceError: window is not defined when importing rpt2. See #339

    Full Changelog: 0.32.0...0.32.1

  • 0.32.0 - 2022-06-01
    Read more
  • 0.31.2 - 2022-02-01

    What's Changed

    • chore: should not lock deps version by @ bluelovers in #293
    • Add trace method to the LanguageServiceHost to enable usage with traceResolution by @ Andarist in #296

    Full Changelog: 0.31.1...0.31.2

  • 0.31.1 - 2021-11-23

    Fix for #291

    Full Changelog: 0.31.0...0.31.1

  • 0.31.0 - 2021-11-17
    • PR #290 fix for tslib on node 17
    • Updated dependencies
  • 0.30.0 - 2021-02-18

    #251 Fix duplicate output with multiple entry points
    allowing ES2020 module type in tsconfig

  • 0.29.0 - 2020-10-30
  • 0.28.0 - 2020-10-16
  • 0.27.3 - 2020-09-25
  • 0.27.2 - 2020-08-07
  • 0.27.1 - 2020-05-12
  • 0.27.0 - 2020-03-27
  • 0.26.0 - 2020-02-12
  • 0.25.3 - 2019-12-03
  • 0.25.2 - 2019-11-05
  • 0.24.3 - 2019-09-26
  • 0.24.2 - 2019-09-12
  • 0.24.1 - 2019-09-09
  • 0.24.0 - 2019-08-28
  • 0.23.0 - 2019-08-23
  • 0.22.1 - 2019-07-26
  • 0.22.0 - 2019-07-11
  • 0.21.2 - 2019-06-17
  • 0.21.1 - 2019-05-17
  • 0.21.0 - 2019-04-23
  • 0.20.1 - 2019-03-13
from rollup-plugin-typescript2 GitHub release notes
Commit messages
Package name: rollup-plugin-typescript2

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@guardrails
Copy link

guardrails bot commented Mar 18, 2023

⚠️ We detected 21 security issues in this pull request:

Vulnerable Libraries (21)
Severity Details
High kind-of@6.0.2 (t) upgrade to: >6.0.2
Critical jsprim@1.4.1 (t) upgrade to: >1.4.1 || >2.0.1
Critical lodash@4.17.11 (t) upgrade to: >4.17.20
Critical mixin-deep@1.3.1 (t) upgrade to: >=1.3.2
Medium nise@1.1.0 (t) upgrade to: >1.4.7
Critical pkg@4.3.4 (t) upgrade to: >4.4.0
High union-value@1.0.0 (t) upgrade to: >1.0.0 || 2.0.0
Critical pkg:npm/koa@2.6.1@2.6.1 (t) - no patch available
Critical pkg:npm/thenify@3.3.0@3.3.0 (t) - no patch available
High pkg:npm/path-parse@1.0.5@1.0.5 (t) - no patch available
Medium pkg:npm/ws@5.2.2@5.2.2 (t) upgrade to: 7.4.6,6.2.2,5.2.3
High pkg:npm/minimist@0.0.8@0.0.8 (t) - no patch available
Critical pkg:npm/qs@6.5.2@6.5.2 (t) - no patch available
High pkg:npm/json5@1.0.1@1.0.1 (t) upgrade to: 2.2.2
Medium pkg:npm/d3-color@1.2.3@1.2.3 (t) - no patch available
N/A pkg:npm/debug@2.6.9@2.6.9 (t) upgrade to: 3.1.0
High pkg:npm/pathval@1.1.0@1.1.0 (t) upgrade to: 1.1.1
Medium pkg:npm/mocha@5.2.0@5.2.0 (t) - no patch available
High pkg:npm/minimist@1.2.0@1.2.0 (t) - no patch available
High pkg:npm/typescript@3.2.2@3.2.2 (t) - no patch available
High pkg:npm/minimatch@3.0.4@3.0.4 (t) upgrade to: 3.0.5

More info on how to fix Vulnerable Libraries in JavaScript.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants