[Snyk] Upgrade microbundle from 0.12.0 to 0.14.2

[snyk-bot]

Snyk has created this PR to upgrade microbundle from 0.12.0 to 0.14.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-11-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: microbundle

• 0.14.2 - 2021-11-18
  

  Patch Changes

  • dd0bdde #904 Thanks @ rschristian! - Added missing CLI doc for 'jsxImportSource' and correcting the Examples section of the '--help' output
• 0.14.1 - 2021-10-14
  

  Patch Changes

  • 2a0ca88 #882 Thanks @ MiKr13! - feat: ✨ Closes #497: preserve trailing newline in mangle.json

  • 26f382a #895 Thanks @ rschristian! - Completion message shows pkg's actual name, rather than safe name

• 0.14.0 - 2021-10-06
  

  Minor Changes

  • 1b61029 #867 Thanks @ bouchenoiremarc! - - Add support for Module Workers with a new --workers flag

  Patch Changes

  • 5e93a0e #853 Thanks @ developit! - Fix crash when traversing "exports" objects (#852)

  • 96b85da #887 Thanks @ developit! - When using --target node, resolve "node" conditional Package Export keys, otherwise resolve "browser" keys.

  • 5d0465b #875 Thanks @ dwightjack! - Preserve terser annotations in compressed bundle

  • b1a6374 #858 Thanks @ bouchenoiremarc! - - Allow the minify options compress and mangle to be set as booleans

  • 2980336 #865 Thanks @ rschristian! - Expands generateTypes flag to support libs with TS entrypoints

• 0.13.3 - 2021-06-11
  

  Patch Changes

  • 3534815 #848 Thanks @ developit! - Bugfix: re-enable support for Terser annotations like /*@ __NOINLINE__*/ (these were incorrectly being removed during the Babel pass)
• 0.13.2 - 2021-06-07
  

  Patch Changes

  • e3f1933 #847 Thanks @ developit! - - Upgrade to Terser 5.7 to re-enable support for reduce_funcs:false in mangle.json configuration.

  • 86371f0 #784 Thanks @ rschristian! - Allows users to customize the modern output's filename using "exports" like they can with "esmodules"

• 0.13.1 - 2021-05-27
  

  Patch Changes

  • 54402ac #830 Thanks @ JounQin! - fix: add generateTypes cli option, check false value correctly

  • edcd777 #823 Thanks @ rschristian! - Ensures ambient type declaration for CSS Modules is included in the published bundle

  • d87a5dc Thanks @ developit! - - Fix --sourcemap=false to match --no-sourcemap and actually turn sourcemaps off.

  • 6f1a20f #777 Thanks @ rschristian! - Fixing a bug that would cause a CSS file to be generated to match each JS build output

  • 25b73d2 #834 Thanks @ cometkim! - Add support for configuration overrides using the publishConfig package.json field.

  • a7f7265 #802 Thanks @ aheissenberger! - fix default extension to cjs for package.json "type":"module"

  • 4f7fbc4 Thanks @ developit! - Fix transform-fast-rest to support referencing ...rest params from within closures.

  • 0c91795 #841 Thanks @ rschristian! - Ensures JS format is not included in CSS filename output

• 0.13.0 - 2020-12-21
  

  Minor Changes

  • bd5d15e #738 Thanks @ wardpeet! - Upgrade rollup to version latest and upgrade all its dependencies

  • 967f8d5 #769 Thanks @ developit! - Add --css inline option. The default CSS output for all formats is now external files (as it was supposed to be).

  • 8142704 #741 Thanks @ whitetrefoil! - Use user's typescript first, fallback to bundled

  Patch Changes

  • 12668b9 #687 Thanks @ developit! - Add friendly microbundle-specific errors when modules can't be resolved.

  • 8b60fc8 #754 Thanks @ stipsan! - Enable sourcemaps for CSS

  • fdafaf7 #764 Thanks @ bakerkretzmar! - Add support for generating inline sourcemaps

  • 52a1771 #768 Thanks @ developit! - Add ambient typescript declaration for CSS Modules

• 0.12.4 - 2020-09-28
  

  Patch Changes

  • ffcc9d9 #713 Thanks @ developit! - Support extending a UMD global by prefixing the package.json "amdName" field (eg: "global.xyz").

  • 0527862 #722 Thanks @ developit! - Support "esm" (-f esm) as an alias of "es" format.

  • d08f977 #702 Thanks @ wardpeet! - Use @ babel/preset-env with bugfixes instead of preset-modules to enable "Optional chaining" & "nullish coalescing" by default.

  • d33a7ba #731 Thanks @ vaneenige! - Add jsxImportSource flag for new JSX runtime

  • 0fec414 #716 Thanks @ wardpeet! - Don't transpile generators and async for Node

  • ba1c047 #701 Thanks @ wardpeet! - re-enable unpkg alias for umd bundles as described in the readme

  • 3488411 #700 Thanks @ wardpeet! - Disable warnings for node's builtin-modules when using node as a target environment.

• 0.12.3 - 2020-07-14
  

  Features & Improvements

  • New onStart, onError callbacks for programmatic Microbundle usage! (#668, thanks @ katywings!)
  • allow multi-file output and code splitting (#674, thanks @ katywings!)
  • Strip comments from output (#548)

  Bug Fixes

  • don't mark --alias modules as externals (#671, thanks @ katywings!)
• 0.12.2 - 2020-06-20
  
  • Updated Babel and preset-env to 7.10 (#660)
  • Fixed an version conflict caused by multiple copies of Babel (#664)
  • Fixed globals generation when --external values include dashes (#667, thanks @ katywings!)
• 0.12.1 - 2020-06-15
• 0.12.0 - 2020-05-08

from microbundle GitHub release notes

Commit messages

Package name: microbundle

• 778ca3c Version Packages (github repo created but not populated with content stackblitz/core#911)
• 75525a3 Add Teaful as "Built with Microbundle" in README (- stackblitz/core#910)
• dd0bdde fix: Ensuring CLI & docs match up with each other (Redux DevTools visible on Stackblitz stackblitz/core#904)
• afa74ca [docs] Fix incorrect package exports recommendation (Can't update angular to latest dependencies stackblitz/core#903)
• c04bd48 Version Packages ([Chrome] Cannot create a simple React app. stackblitz/core#900)
• 2a0ca88 feat: ✨ Closes Unable to import .ts file in .tsx files. stackblitz/core#497: preserve trailing newline in mangle.json (To Add External Images to Angular Project  stackblitz/core#882)
• 26f382a fix: Corrects completion message to show the package's name, rather than the safe name (Clone from github not working stackblitz/core#895)
• d94bd97 Version Packages (Enable polymer in SDK stackblitz/core#859)
• 96b85da Resolve using "node" export condition for --target node (The url to this repository is invalid. stackblitz/core#887)
• 2980336 feat: Expands generateTypes flag to support TS entries (Angular 7 + SASS extension complains about errors in correct stylesheet syntax stackblitz/core#865)
• 76272fd docs: Adding comment about file inclusion in TS section (Feature request: Editor SDK stackblitz/core#888)
• 5e93a0e Fix exports walk (Refused to display 'https://stackblitz.com/edit/zknwqv.run' in a frame because it set 'X-Frame-Options' to 'sameorigin'. stackblitz/core#852) (my repo isn't loading  stackblitz/core#853)
• 5d0465b Fix: preserve terser annotations regexp (Server spins forever when when installing plotly.js and @types/plotly.js stackblitz/core#875)
• 1b61029 Rebase: Add worker-loader (lazyModules array in angular.json support stackblitz/core#867)
• b1a6374 Fix: Support booleans in minify options (Settings from SDK-created embeds don't propagate when opening in new window stackblitz/core#858)
• 8108800 Fix typo (Running a project from github is giving me this error stackblitz/core#856)
• 3760f4e Version Packages (Typescript not resolving interface. stackblitz/core#851)
• 3534815 Bugfix: preserve Terser annotations during Babel pass (Functionality at https://stackblitz.com/github/changhuixu/session-expiration-alert is not working due to errors in compiler.umd.js stackblitz/core#848)
• a5a222e Version Packages (Unable to load .tsv files stackblitz/core#846)
• e3f1933 Update to Terser 5.7 (Is it possible to run React project with custom webpack configs ? stackblitz/core#847)
• 680c25c Fix: throw a warning when no entrypoint is found (No such file or directory stackblitz/core#843)
• 86371f0 feat: Support customizing the modern output via "exports" (Solving (or working around) frame-ancestors errors for OAuth2 Implicit flow stackblitz/core#784)
• 2b37c12 Version Packages (hideExplorer flag is not working in sdk stackblitz/core#800)
• 6f1a20f fix: Extra CSS files generated (While typing on Stackblitz it takes a long time to show up what we typed. stackblitz/core#777)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
589fbe90-58bd-11ec-8678-56874f4c9b07

[guardrails]

⚠️ We detected 5 security issues in this pull request:

Mode: paranoid | Total findings: 5 | Considered vulnerability: 5

Vulnerable Libraries (5)

Severity	Details
High	acorn@5.5.0 (t) upgrade to: >5.7.3
High	is-svg@2.1.0 (t) upgrade to: >4.2.1
Critical	macaddress@0.2.8 (t) upgrade to: >=0.2.9
Medium	microbundle@0.3.1 upgrade to: >=0.14.2
Medium	typedoc@0.19.2 (t) upgrade to: >=0.22.10

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.