[Snyk] Upgrade microbundle from 0.7.0 to 0.13.3

[snyk-bot]

Snyk has created this PR to upgrade microbundle from 0.7.0 to 0.13.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 28 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-06-11.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHMERGE-173732	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-73638	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Directory Traversal SNYK-JS-ADMZIP-1065796	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) npm:mem:20180117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHMERGE-173733	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution npm:lodash:20180130	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-AXIOS-174505	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Uninitialized Memory Exposure npm:utile:20180614	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: microbundle

• 0.13.3 - 2021-06-11
  

  Patch Changes

  • 3534815 #848 Thanks @ developit! - Bugfix: re-enable support for Terser annotations like /*@ __NOINLINE__*/ (these were incorrectly being removed during the Babel pass)
• 0.13.2 - 2021-06-07
  

  Patch Changes

  • e3f1933 #847 Thanks @ developit! - - Upgrade to Terser 5.7 to re-enable support for reduce_funcs:false in mangle.json configuration.

  • 86371f0 #784 Thanks @ rschristian! - Allows users to customize the modern output's filename using "exports" like they can with "esmodules"

• 0.13.1 - 2021-05-27
  

  Patch Changes

  • 54402ac #830 Thanks @ JounQin! - fix: add generateTypes cli option, check false value correctly

  • edcd777 #823 Thanks @ rschristian! - Ensures ambient type declaration for CSS Modules is included in the published bundle

  • d87a5dc Thanks @ developit! - - Fix --sourcemap=false to match --no-sourcemap and actually turn sourcemaps off.

  • 6f1a20f #777 Thanks @ rschristian! - Fixing a bug that would cause a CSS file to be generated to match each JS build output

  • 25b73d2 #834 Thanks @ cometkim! - Add support for configuration overrides using the publishConfig package.json field.

  • a7f7265 #802 Thanks @ aheissenberger! - fix default extension to cjs for package.json "type":"module"

  • 4f7fbc4 Thanks @ developit! - Fix transform-fast-rest to support referencing ...rest params from within closures.

  • 0c91795 #841 Thanks @ rschristian! - Ensures JS format is not included in CSS filename output

• 0.13.0 - 2020-12-21
  

  Minor Changes

  • bd5d15e #738 Thanks @ wardpeet! - Upgrade rollup to version latest and upgrade all its dependencies

  • 967f8d5 #769 Thanks @ developit! - Add --css inline option. The default CSS output for all formats is now external files (as it was supposed to be).

  • 8142704 #741 Thanks @ whitetrefoil! - Use user's typescript first, fallback to bundled

  Patch Changes

  • 12668b9 #687 Thanks @ developit! - Add friendly microbundle-specific errors when modules can't be resolved.

  • 8b60fc8 #754 Thanks @ stipsan! - Enable sourcemaps for CSS

  • fdafaf7 #764 Thanks @ bakerkretzmar! - Add support for generating inline sourcemaps

  • 52a1771 #768 Thanks @ developit! - Add ambient typescript declaration for CSS Modules

• 0.12.4 - 2020-09-28
  

  Patch Changes

  • ffcc9d9 #713 Thanks @ developit! - Support extending a UMD global by prefixing the package.json "amdName" field (eg: "global.xyz").

  • 0527862 #722 Thanks @ developit! - Support "esm" (-f esm) as an alias of "es" format.

  • d08f977 #702 Thanks @ wardpeet! - Use @ babel/preset-env with bugfixes instead of preset-modules to enable "Optional chaining" & "nullish coalescing" by default.

  • d33a7ba #731 Thanks @ vaneenige! - Add jsxImportSource flag for new JSX runtime

  • 0fec414 #716 Thanks @ wardpeet! - Don't transpile generators and async for Node

  • ba1c047 #701 Thanks @ wardpeet! - re-enable unpkg alias for umd bundles as described in the readme

  • 3488411 #700 Thanks @ wardpeet! - Disable warnings for node's builtin-modules when using node as a target environment.

• 0.12.3 - 2020-07-14
  

  Features & Improvements

  • New onStart, onError callbacks for programmatic Microbundle usage! (#668, thanks @ katywings!)
  • allow multi-file output and code splitting (#674, thanks @ katywings!)
  • Strip comments from output (#548)

  Bug Fixes

  • don't mark --alias modules as externals (#671, thanks @ katywings!)
• 0.12.2 - 2020-06-20
  
  • Updated Babel and preset-env to 7.10 (#660)
  • Fixed an version conflict caused by multiple copies of Babel (#664)
  • Fixed globals generation when --external values include dashes (#667, thanks @ katywings!)
• 0.12.1 - 2020-06-15
  Read more
• 0.12.0 - 2020-05-08
  
  • Output modern JavaScript with --format modern (#413, thanks @ JoviDeCroock & @ marvinhagemeister)
  • --define can now replace expressions (#348, thanks @ jviide)
  • a new --css-modules option controls whether .css files are modular by default (#370, thanks @ maraisr)
  • the "source" package.json field can now be an Array (#372, thanks @ maraisr)
  • no more warnings about deprecations or built-ins
  • moved to Rollup 2 (#361, thanks @ ForsakenHarmony)
  • switched from Bublé to Babel (#362, thanks @ wardpeet & @ ForsakenHarmony)
  • added support for babel-macros (#268, thanks @ FezVrasta & @ ForsakenHarmony)
  • Add support for customizing the mangle.json file path (#432, thanks @ andrewiggins & @ ForsakenHarmony)
  • Improvements and corrections for generated TypeScript filenames and definitions (#587 etc)

  Breaking Changes

  • .babelrc is now detected and supported - it was previously ignored.
  • Microbundle now requires Node 10+
• 0.12.0-next.9 - 2020-05-01
  Read more
• 0.12.0-next.8 - 2020-01-22
• 0.12.0-next.7 - 2020-01-06
• 0.12.0-next.6 - 2019-08-23
• 0.12.0-next.5 - 2019-08-23
• 0.12.0-next.4 - 2019-08-08
• 0.12.0-next.3 - 2019-06-17
• 0.12.0-next.2 - 2019-06-15
• 0.12.0-next.1 - 2019-06-11
• 0.12.0-next.0 - 2019-05-27
• 0.11.0 - 2019-03-04
• 0.10.1 - 2019-02-22
• 0.10.0 - 2019-02-21
• 0.9.0 - 2018-12-18
• 0.8.4 - 2018-12-17
• 0.8.3 - 2018-12-03
• 0.8.2 - 2018-12-03
• 0.8.1 - 2018-12-01
• 0.8.0 - 2018-11-30
• 0.7.0 - 2018-10-26

from microbundle GitHub release notes

Commit messages

Package name: microbundle

• 3760f4e Version Packages (Typescript not resolving interface. stackblitz/core#851)
• 3534815 Bugfix: preserve Terser annotations during Babel pass (Functionality at https://stackblitz.com/github/changhuixu/session-expiration-alert is not working due to errors in compiler.umd.js stackblitz/core#848)
• a5a222e Version Packages (Unable to load .tsv files stackblitz/core#846)
• e3f1933 Update to Terser 5.7 (Is it possible to run React project with custom webpack configs ? stackblitz/core#847)
• 680c25c Fix: throw a warning when no entrypoint is found (No such file or directory stackblitz/core#843)
• 86371f0 feat: Support customizing the modern output via "exports" (Solving (or working around) frame-ancestors errors for OAuth2 Implicit flow stackblitz/core#784)
• 2b37c12 Version Packages (hideExplorer flag is not working in sdk stackblitz/core#800)
• 6f1a20f fix: Extra CSS files generated (While typing on Stackblitz it takes a long time to show up what we typed. stackblitz/core#777)
• 0a4cddf create changeset for 802 (Hide Preview URL doesn't work for embedded stackblitz links. stackblitz/core#842)
• 89ab03d docs: Swapping out references of ES format to ESM (JSZip is not a constructor stackblitz/core#778)
• a415645 README: syntax highlighting (Can't find package:src stackblitz/core#839)
• 0c91795 Fix/css filename output (Cannot able to view image. stackblitz/core#841)
• a7f7265 wenn package.json "type":"module" switch default type to ".cjs" for CommonJS build (Spread syntax works unexpectedly with String stackblitz/core#802)
• 25b73d2 feat: enabled config overriding by publishConfig (Feature request: Link to GitHub repo stackblitz/core#834)
• 4f7fbc4 Create red-pigs-provide.md
• 7426218 fix(transform-fast-rest): rest parameters references with closures (Support for Swift Language via Sourcekit-LSP stackblitz/core#798)
• 2c9eaa1 docs: use "exports" key in all examples (Dropping the MIT license without any acknowledgement stackblitz/core#794)
• 54402ac fix: add generateTypes cli option, check false value correctly (Add Magenta.js support stackblitz/core#830)
• edcd777 Fix/css module types (Can't load file as a module. stackblitz/core#823)
• fa3eac6 Add missing `./` (Stencil.js Starter stackblitz/core#803)
• d87a5dc changeset for Hot reload trigger always behaves as "Edit (auto)" if editor is refreshed stackblitz/core#799
• bb5789a fix(cli): corrects the --sourcemap=false option parsing (Hot reload trigger always behaves as "Edit (auto)" if editor is refreshed stackblitz/core#799)
• eb5cfd9 Version Packages (Console disappear from embed url after view change with devtoolsheight parameter stackblitz/core#735)
• 9ccf400 restore CSS sourcemap support (ionic 4 : ion-icon not showing stackblitz/core#770)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs