[Snyk] Upgrade microbundle from 0.12.0 to 0.15.0

[snyk-bot]

Snyk has created this PR to upgrade microbundle from 0.12.0 to 0.15.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.
• The recommended version was released 23 days ago, on 2022-04-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: microbundle

• 0.15.0 - 2022-04-26
  

  Minor Changes

  • 6f6e080 #950 Thanks @ rschristian! - Microbundle will now output ESM using .mjs as the file extension when the package type is CJS

  • 242754f #949 Thanks @ rschristian! - Add --visualize flag to generate build output stats

  Patch Changes

  • c4532cc #940 Thanks @ rschristian! - Adds information about --compress flag's default value w/ different targets

  • b51b855 #935 Thanks @ mycoin! - Don't attempt to write build stats in watch mode when there has been a build error/sizeInfo is undefined

  • 1d0e305 #941 Thanks @ rschristian! - Ensures TS plugin will begin its search for a 'tsconfig.json' in the set cwd

  • f04c85a #926 Thanks @ developit! - Fix mangle.json being overwritten with [object Object]

  • ecb0b02 #947 Thanks @ rschristian! - Ensures hoisted node_modules are excluded from babel

  • 392d63e #919 Thanks @ rschristian! - Fixes CSS output from being overwritten when also generating .cjs

  • fb0a437 #930 Thanks @ rschristian! - Documenting --jsxFragment flag

  • 8223eba #948 Thanks @ rschristian! - Corrects formatting in build completion message w/ dynamic import is used

• 0.14.2 - 2021-11-18
  

  Patch Changes

  • dd0bdde #904 Thanks @ rschristian! - Added missing CLI doc for 'jsxImportSource' and correcting the Examples section of the '--help' output
• 0.14.1 - 2021-10-14
  

  Patch Changes

  • 2a0ca88 #882 Thanks @ MiKr13! - feat: ✨ Closes #497: preserve trailing newline in mangle.json

  • 26f382a #895 Thanks @ rschristian! - Completion message shows pkg's actual name, rather than safe name

• 0.14.0 - 2021-10-06
  

  Minor Changes

  • 1b61029 #867 Thanks @ bouchenoiremarc! - - Add support for Module Workers with a new --workers flag

  Patch Changes

  • 5e93a0e #853 Thanks @ developit! - Fix crash when traversing "exports" objects (#852)

  • 96b85da #887 Thanks @ developit! - When using --target node, resolve "node" conditional Package Export keys, otherwise resolve "browser" keys.

  • 5d0465b #875 Thanks @ dwightjack! - Preserve terser annotations in compressed bundle

  • b1a6374 #858 Thanks @ bouchenoiremarc! - - Allow the minify options compress and mangle to be set as booleans

  • 2980336 #865 Thanks @ rschristian! - Expands generateTypes flag to support libs with TS entrypoints

• 0.13.3 - 2021-06-11
  

  Patch Changes

  • 3534815 #848 Thanks @ developit! - Bugfix: re-enable support for Terser annotations like /*@ __NOINLINE__*/ (these were incorrectly being removed during the Babel pass)
• 0.13.2 - 2021-06-07
  

  Patch Changes

  • e3f1933 #847 Thanks @ developit! - - Upgrade to Terser 5.7 to re-enable support for reduce_funcs:false in mangle.json configuration.

  • 86371f0 #784 Thanks @ rschristian! - Allows users to customize the modern output's filename using "exports" like they can with "esmodules"

• 0.13.1 - 2021-05-27
  

  Patch Changes

  • 54402ac #830 Thanks @ JounQin! - fix: add generateTypes cli option, check false value correctly

  • edcd777 #823 Thanks @ rschristian! - Ensures ambient type declaration for CSS Modules is included in the published bundle

  • d87a5dc Thanks @ developit! - - Fix --sourcemap=false to match --no-sourcemap and actually turn sourcemaps off.

  • 6f1a20f #777 Thanks @ rschristian! - Fixing a bug that would cause a CSS file to be generated to match each JS build output

  • 25b73d2 #834 Thanks @ cometkim! - Add support for configuration overrides using the publishConfig package.json field.

  • a7f7265 #802 Thanks @ aheissenberger! - fix default extension to cjs for package.json "type":"module"

  • 4f7fbc4 Thanks @ developit! - Fix transform-fast-rest to support referencing ...rest params from within closures.

  • 0c91795 #841 Thanks @ rschristian! - Ensures JS format is not included in CSS filename output

• 0.13.0 - 2020-12-21
  

  Minor Changes

  • bd5d15e #738 Thanks @ wardpeet! - Upgrade rollup to version latest and upgrade all its dependencies

  • 967f8d5 #769 Thanks @ developit! - Add --css inline option. The default CSS output for all formats is now external files (as it was supposed to be).

  • 8142704 #741 Thanks @ whitetrefoil! - Use user's typescript first, fallback to bundled

  Patch Changes

  • 12668b9 #687 Thanks @ developit! - Add friendly microbundle-specific errors when modules can't be resolved.

  • 8b60fc8 #754 Thanks @ stipsan! - Enable sourcemaps for CSS

  • fdafaf7 #764 Thanks @ bakerkretzmar! - Add support for generating inline sourcemaps

  • 52a1771 #768 Thanks @ developit! - Add ambient typescript declaration for CSS Modules

• 0.12.4 - 2020-09-28
  

  Patch Changes

  • ffcc9d9 #713 Thanks @ developit! - Support extending a UMD global by prefixing the package.json "amdName" field (eg: "global.xyz").

  • 0527862 #722 Thanks @ developit! - Support "esm" (-f esm) as an alias of "es" format.

  • d08f977 #702 Thanks @ wardpeet! - Use @ babel/preset-env with bugfixes instead of preset-modules to enable "Optional chaining" & "nullish coalescing" by default.

  • d33a7ba #731 Thanks @ vaneenige! - Add jsxImportSource flag for new JSX runtime

  • 0fec414 #716 Thanks @ wardpeet! - Don't transpile generators and async for Node

  • ba1c047 #701 Thanks @ wardpeet! - re-enable unpkg alias for umd bundles as described in the readme

  • 3488411 #700 Thanks @ wardpeet! - Disable warnings for node's builtin-modules when using node as a target environment.

• 0.12.3 - 2020-07-14
  

  Features & Improvements

  • New onStart, onError callbacks for programmatic Microbundle usage! (#668, thanks @ katywings!)
  • allow multi-file output and code splitting (#674, thanks @ katywings!)
  • Strip comments from output (#548)

  Bug Fixes

  • don't mark --alias modules as externals (#671, thanks @ katywings!)
• 0.12.2 - 2020-06-20
• 0.12.1 - 2020-06-15
• 0.12.0 - 2020-05-08

from microbundle GitHub release notes

Commit messages

Package name: microbundle

• 84c0a89 Version Packages ((MS EDGE bug) <head> element prevents classes to be applied to the <body> element in index.html stackblitz/core#927)
• 8e2de07 fix: Test failures following merge (GitHub Branch Switching stackblitz/core#951)
• 6f6e080 refactor: Output ESM files w/ `.mjs` when appropriate (Feature Missing stackblitz/core#950)
• 242754f feature: bundle visualizer (please solve bug of how to collapse the previous menu list when clicking on another menu lis stackblitz/core#949)
• ecb0b02 fix: babel exclude for hoisted modules (Projects connected to no longer existing github repo got stuck stackblitz/core#947)
• 8223eba fix: build message formatting (Hot reload not working correctly on chrome stackblitz/core#948)
• 1d0e305 fix: tsconfig cwd differing from microbundle's cwd (Doesn't Work with React Projects Created with Parcel stackblitz/core#941)
• c4532cc docs: compress flag (Angular 8 project with .svg template causes error stackblitz/core#940)
• b51b855 feat: [auto-commit] fix: _sizeInfo npe ([js preset] Libraries linked in html don't load stackblitz/core#935)
• fb0a437 chore: Adding flag & docs for jsxFragment (When deps are updated Stackblitz can't find core-js stackblitz/core#930)
• 392d63e fix: Corrects CSS output being overwritten when .cjs ext used (Support for -strictNullChecks configured in tsconfig.json stackblitz/core#919)
• f04c85a Fix mangle.json being overwritten with [object Object] (StackBlitz font for code panel on windows stackblitz/core#926)
• 778ca3c Version Packages (github repo created but not populated with content stackblitz/core#911)
• 75525a3 Add Teaful as "Built with Microbundle" in README (- stackblitz/core#910)
• dd0bdde fix: Ensuring CLI & docs match up with each other (Redux DevTools visible on Stackblitz stackblitz/core#904)
• afa74ca [docs] Fix incorrect package exports recommendation (Can't update angular to latest dependencies stackblitz/core#903)
• c04bd48 Version Packages ([Chrome] Cannot create a simple React app. stackblitz/core#900)
• 2a0ca88 feat: ✨ Closes Unable to import .ts file in .tsx files. stackblitz/core#497: preserve trailing newline in mangle.json (To Add External Images to Angular Project  stackblitz/core#882)
• 26f382a fix: Corrects completion message to show the package's name, rather than the safe name (Clone from github not working stackblitz/core#895)
• d94bd97 Version Packages (Enable polymer in SDK stackblitz/core#859)
• 96b85da Resolve using "node" export condition for --target node (The url to this repository is invalid. stackblitz/core#887)
• 2980336 feat: Expands generateTypes flag to support TS entries (Angular 7 + SASS extension complains about errors in correct stylesheet syntax stackblitz/core#865)
• 76272fd docs: Adding comment about file inclusion in TS section (Feature request: Editor SDK stackblitz/core#888)
• 5e93a0e Fix exports walk (Refused to display 'https://stackblitz.com/edit/zknwqv.run' in a frame because it set 'X-Frame-Options' to 'sameorigin'. stackblitz/core#852) (my repo isn't loading  stackblitz/core#853)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
9641fae0-d7bd-11ec-9fee-70ee6006671a

[guardrails]

⚠️ We detected 6 security issues in this pull request:

Mode: paranoid | Total findings: 6 | Considered vulnerability: 6

Vulnerable Libraries (6)

Severity	Details
Medium	bl@1.2.2 (t) - no patch available
High	ini@1.3.5 (t) - no patch available
Medium	lodash@4.17.11 (t) - no patch available
High	mem@1.1.0 (t) - no patch available
High	tar@4.4.6 (t) - no patch available
High	y18n@3.2.1 (t) - no patch available

More info on how to fix Vulnerable Libraries in General.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.