[Snyk] Upgrade microbundle from 0.7.0 to 0.14.2

[snyk-bot]

Snyk has created this PR to upgrade microbundle from 0.7.0 to 0.14.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 31 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-11-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHMERGE-173732	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHMERGE-173733	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution npm:lodash:20180130	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Uninitialized Memory Exposure npm:utile:20180614	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Directory Traversal SNYK-JS-ADMZIP-1065796	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-I-1726768	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-AXIOS-174505	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: microbundle

• 0.14.2 - 2021-11-18
  

  Patch Changes

  • dd0bdde #904 Thanks @ rschristian! - Added missing CLI doc for 'jsxImportSource' and correcting the Examples section of the '--help' output
• 0.14.1 - 2021-10-14
  

  Patch Changes

  • 2a0ca88 #882 Thanks @ MiKr13! - feat: ✨ Closes #497: preserve trailing newline in mangle.json

  • 26f382a #895 Thanks @ rschristian! - Completion message shows pkg's actual name, rather than safe name

• 0.14.0 - 2021-10-06
  

  Minor Changes

  • 1b61029 #867 Thanks @ bouchenoiremarc! - - Add support for Module Workers with a new --workers flag

  Patch Changes

  • 5e93a0e #853 Thanks @ developit! - Fix crash when traversing "exports" objects (#852)

  • 96b85da #887 Thanks @ developit! - When using --target node, resolve "node" conditional Package Export keys, otherwise resolve "browser" keys.

  • 5d0465b #875 Thanks @ dwightjack! - Preserve terser annotations in compressed bundle

  • b1a6374 #858 Thanks @ bouchenoiremarc! - - Allow the minify options compress and mangle to be set as booleans

  • 2980336 #865 Thanks @ rschristian! - Expands generateTypes flag to support libs with TS entrypoints

• 0.13.3 - 2021-06-11
  

  Patch Changes

  • 3534815 #848 Thanks @ developit! - Bugfix: re-enable support for Terser annotations like /*@ __NOINLINE__*/ (these were incorrectly being removed during the Babel pass)
• 0.13.2 - 2021-06-07
  

  Patch Changes

  • e3f1933 #847 Thanks @ developit! - - Upgrade to Terser 5.7 to re-enable support for reduce_funcs:false in mangle.json configuration.

  • 86371f0 #784 Thanks @ rschristian! - Allows users to customize the modern output's filename using "exports" like they can with "esmodules"

• 0.13.1 - 2021-05-27
  

  Patch Changes

  • 54402ac #830 Thanks @ JounQin! - fix: add generateTypes cli option, check false value correctly

  • edcd777 #823 Thanks @ rschristian! - Ensures ambient type declaration for CSS Modules is included in the published bundle

  • d87a5dc Thanks @ developit! - - Fix --sourcemap=false to match --no-sourcemap and actually turn sourcemaps off.

  • 6f1a20f #777 Thanks @ rschristian! - Fixing a bug that would cause a CSS file to be generated to match each JS build output

  • 25b73d2 #834 Thanks @ cometkim! - Add support for configuration overrides using the publishConfig package.json field.

  • a7f7265 #802 Thanks @ aheissenberger! - fix default extension to cjs for package.json "type":"module"

  • 4f7fbc4 Thanks @ developit! - Fix transform-fast-rest to support referencing ...rest params from within closures.

  • 0c91795 #841 Thanks @ rschristian! - Ensures JS format is not included in CSS filename output

• 0.13.0 - 2020-12-21
  

  Minor Changes

  • bd5d15e #738 Thanks @ wardpeet! - Upgrade rollup to version latest and upgrade all its dependencies

  • 967f8d5 #769 Thanks @ developit! - Add --css inline option. The default CSS output for all formats is now external files (as it was supposed to be).

  • 8142704 #741 Thanks @ whitetrefoil! - Use user's typescript first, fallback to bundled

  Patch Changes

  • 12668b9 #687 Thanks @ developit! - Add friendly microbundle-specific errors when modules can't be resolved.

  • 8b60fc8 #754 Thanks @ stipsan! - Enable sourcemaps for CSS

  • fdafaf7 #764 Thanks @ bakerkretzmar! - Add support for generating inline sourcemaps

  • 52a1771 #768 Thanks @ developit! - Add ambient typescript declaration for CSS Modules

• 0.12.4 - 2020-09-28
  

  Patch Changes

  • ffcc9d9 #713 Thanks @ developit! - Support extending a UMD global by prefixing the package.json "amdName" field (eg: "global.xyz").

  • 0527862 #722 Thanks @ developit! - Support "esm" (-f esm) as an alias of "es" format.

  • d08f977 #702 Thanks @ wardpeet! - Use @ babel/preset-env with bugfixes instead of preset-modules to enable "Optional chaining" & "nullish coalescing" by default.

  • d33a7ba #731 Thanks @ vaneenige! - Add jsxImportSource flag for new JSX runtime

  • 0fec414 #716 Thanks @ wardpeet! - Don't transpile generators and async for Node

  • ba1c047 #701 Thanks @ wardpeet! - re-enable unpkg alias for umd bundles as described in the readme

  • 3488411 #700 Thanks @ wardpeet! - Disable warnings for node's builtin-modules when using node as a target environment.

• 0.12.3 - 2020-07-14
  

  Features & Improvements

  • New onStart, onError callbacks for programmatic Microbundle usage! (#668, thanks @ katywings!)
  • allow multi-file output and code splitting (#674, thanks @ katywings!)
  • Strip comments from output (#548)

  Bug Fixes

  • don't mark --alias modules as externals (#671, thanks @ katywings!)
• 0.12.2 - 2020-06-20
  
  • Updated Babel and preset-env to 7.10 (#660)
  • Fixed an version conflict caused by multiple copies of Babel (#664)
  • Fixed globals generation when --external values include dashes (#667, thanks @ katywings!)
• 0.12.1 - 2020-06-15
• 0.12.0 - 2020-05-08
• 0.12.0-next.9 - 2020-05-01
• 0.12.0-next.8 - 2020-01-22
• 0.12.0-next.7 - 2020-01-06
• 0.12.0-next.6 - 2019-08-23
• 0.12.0-next.5 - 2019-08-23
• 0.12.0-next.4 - 2019-08-08
• 0.12.0-next.3 - 2019-06-17
• 0.12.0-next.2 - 2019-06-15
• 0.12.0-next.1 - 2019-06-11
• 0.12.0-next.0 - 2019-05-27
• 0.11.0 - 2019-03-04
• 0.10.1 - 2019-02-22
• 0.10.0 - 2019-02-21
• 0.9.0 - 2018-12-18
• 0.8.4 - 2018-12-17
• 0.8.3 - 2018-12-03
• 0.8.2 - 2018-12-03
• 0.8.1 - 2018-12-01
• 0.8.0 - 2018-11-30
• 0.7.0 - 2018-10-26

from microbundle GitHub release notes

Commit messages

Package name: microbundle

• 778ca3c Version Packages (github repo created but not populated with content stackblitz/core#911)
• 75525a3 Add Teaful as "Built with Microbundle" in README (- stackblitz/core#910)
• dd0bdde fix: Ensuring CLI & docs match up with each other (Redux DevTools visible on Stackblitz stackblitz/core#904)
• afa74ca [docs] Fix incorrect package exports recommendation (Can't update angular to latest dependencies stackblitz/core#903)
• c04bd48 Version Packages ([Chrome] Cannot create a simple React app. stackblitz/core#900)
• 2a0ca88 feat: ✨ Closes Unable to import .ts file in .tsx files. stackblitz/core#497: preserve trailing newline in mangle.json (To Add External Images to Angular Project  stackblitz/core#882)
• 26f382a fix: Corrects completion message to show the package's name, rather than the safe name (Clone from github not working stackblitz/core#895)
• d94bd97 Version Packages (Enable polymer in SDK stackblitz/core#859)
• 96b85da Resolve using "node" export condition for --target node (The url to this repository is invalid. stackblitz/core#887)
• 2980336 feat: Expands generateTypes flag to support TS entries (Angular 7 + SASS extension complains about errors in correct stylesheet syntax stackblitz/core#865)
• 76272fd docs: Adding comment about file inclusion in TS section (Feature request: Editor SDK stackblitz/core#888)
• 5e93a0e Fix exports walk (Refused to display 'https://stackblitz.com/edit/zknwqv.run' in a frame because it set 'X-Frame-Options' to 'sameorigin'. stackblitz/core#852) (my repo isn't loading  stackblitz/core#853)
• 5d0465b Fix: preserve terser annotations regexp (Server spins forever when when installing plotly.js and @types/plotly.js stackblitz/core#875)
• 1b61029 Rebase: Add worker-loader (lazyModules array in angular.json support stackblitz/core#867)
• b1a6374 Fix: Support booleans in minify options (Settings from SDK-created embeds don't propagate when opening in new window stackblitz/core#858)
• 8108800 Fix typo (Running a project from github is giving me this error stackblitz/core#856)
• 3760f4e Version Packages (Typescript not resolving interface. stackblitz/core#851)
• 3534815 Bugfix: preserve Terser annotations during Babel pass (Functionality at https://stackblitz.com/github/changhuixu/session-expiration-alert is not working due to errors in compiler.umd.js stackblitz/core#848)
• a5a222e Version Packages (Unable to load .tsv files stackblitz/core#846)
• e3f1933 Update to Terser 5.7 (Is it possible to run React project with custom webpack configs ? stackblitz/core#847)
• 680c25c Fix: throw a warning when no entrypoint is found (No such file or directory stackblitz/core#843)
• 86371f0 feat: Support customizing the modern output via "exports" (Solving (or working around) frame-ancestors errors for OAuth2 Implicit flow stackblitz/core#784)
• 2b37c12 Version Packages (hideExplorer flag is not working in sdk stackblitz/core#800)
• 6f1a20f fix: Extra CSS files generated (While typing on Stackblitz it takes a long time to show up what we typed. stackblitz/core#777)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs