[PR #643] Bump rollup from 2.70.0 to 2.79.2 in /react-nginx #1226

New Issue

Open

opened 2026-03-07 21:31:02 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-03-07 21:31:02 -06:00

Owner

Copy Link

Original Pull Request: https://github.com/docker/awesome-compose/pull/643

State: open
Merged: No

---

Bumps rollup from 2.70.0 to 2.79.2.

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

rollup changelog

2.79.1

2022-09-22

Bug Fixes

• Avoid massive performance degradation when creating thousands of chunks (#4643)

Pull Requests

• #4639: fix: typo docs and contributors link in CONTRIBUTING.md ( @​takurinton)
• #4641: Update type definition of resolveId (@​ivanjonas)
• #4643: Improve performance of chunk naming collision check ( @​lukastaegert)

2.79.0

2022-08-31

Features

• Add amd.forceJsExtensionForImports to enforce using .js extensions for relative AMD imports (#4607)

Pull Requests

• #4607: add option to keep extensions for amd (@​wh1tevs)

2.78.1

2022-08-19

Bug Fixes

• Avoid inferring "arguments" as name for a default export placeholder variable (#4613)

Pull Requests

• #4613: Prevent using arguments for generated variable names ( @​lukastaegert)

2.78.0

2022-08-14

Features

• Support writing plugin hooks as objects with a "handler" property (#4600)
• Allow changing execution order per plugin hook (#4600)
• Add flag to execute plugins in async parallel hooks sequentially (#4600)

... (truncated)

Commits

• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• 69ff418 2.79.1
• 04dce1b Update changelog
• 159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
• e1392b3 Update type definition of resolveId (#4641)
• 7836357 Improve performance of chunk naming collision check (#4643)
• 71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
• 8193ea5 Adapt workflow to use Node 14 sub-version to work with branch protection
• 8477f8f 2.79.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

**Original Pull Request:** https://github.com/docker/awesome-compose/pull/643 **State:** open **Merged:** No --- Bumps [rollup](https://github.com/rollup/rollup) from 2.70.0 to 2.79.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/releases">rollup's releases</a>.</em></p> <blockquote> <h2>v.2.79.2</h2> <h2>2.79.2</h2> <p><em>2024-09-26</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (<a href="https://redirect.github.com/rollup/rollup/issues/5671">#5671</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/5671">#5671</a>: Fix DOM Clobbering CVE (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/blob/master/CHANGELOG-2.md">rollup's changelog</a>.</em></p> <blockquote> <h1>rollup changelog</h1> <h2>2.79.1</h2> <p><em>2022-09-22</em></p> <h3>Bug Fixes</h3> <ul> <li>Avoid massive performance degradation when creating thousands of chunks (<a href="https://redirect.github.com/rollup/rollup/issues/4643">#4643</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/4639">#4639</a>: fix: typo docs and contributors link in CONTRIBUTING.md ( <a href="https://github.com/takurinton"><code>@​takurinton</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/4641">#4641</a>: Update type definition of resolveId (<a href="https://github.com/ivanjonas"><code>@​ivanjonas</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/4643">#4643</a>: Improve performance of chunk naming collision check ( <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>2.79.0</h2> <p><em>2022-08-31</em></p> <h3>Features</h3> <ul> <li>Add <code>amd.forceJsExtensionForImports</code> to enforce using <code>.js</code> extensions for relative AMD imports (<a href="https://redirect.github.com/rollup/rollup/issues/4607">#4607</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/4607">#4607</a>: add option to keep extensions for amd (<a href="https://github.com/wh1tevs"><code>@​wh1tevs</code></a>)</li> </ul> <h2>2.78.1</h2> <p><em>2022-08-19</em></p> <h3>Bug Fixes</h3> <ul> <li>Avoid inferring &quot;arguments&quot; as name for a default export placeholder variable (<a href="https://redirect.github.com/rollup/rollup/issues/4613">#4613</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/4613">#4613</a>: Prevent using arguments for generated variable names ( <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>2.78.0</h2> <p><em>2022-08-14</em></p> <h3>Features</h3> <ul> <li>Support writing plugin hooks as objects with a &quot;handler&quot; property (<a href="https://redirect.github.com/rollup/rollup/issues/4600">#4600</a>)</li> <li>Allow changing execution order per plugin hook (<a href="https://redirect.github.com/rollup/rollup/issues/4600">#4600</a>)</li> <li>Add flag to execute plugins in async parallel hooks sequentially (<a href="https://redirect.github.com/rollup/rollup/issues/4600">#4600</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rollup/rollup/commit/c9bd03d12e96c46122a0372d3bbe9b468cee57da"><code>c9bd03d</code></a> 2.79.2</li> <li><a href="https://github.com/rollup/rollup/commit/48aef33cf2f2a6dfb175afb3bcd6a977c81f1d5c"><code>48aef33</code></a> fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (<a href="https://redirect.github.com/rollup/rollup/issues/5677">#5677</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/69ff4181e701a0fe0026d0ba147f31bc86beffa8"><code>69ff418</code></a> 2.79.1</li> <li><a href="https://github.com/rollup/rollup/commit/04dce1bc734c22924b02c3d57061710dcb6395e4"><code>04dce1b</code></a> Update changelog</li> <li><a href="https://github.com/rollup/rollup/commit/159137e6425a97c126645110d19d0533643d5ee7"><code>159137e</code></a> fix: typo docs and contributors link in CONTRIBUTING.md (<a href="https://redirect.github.com/rollup/rollup/issues/4639">#4639</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/e1392b3905de33dc432a5692f9a6ec60103ea2f6"><code>e1392b3</code></a> Update type definition of resolveId (<a href="https://redirect.github.com/rollup/rollup/issues/4641">#4641</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/7836357aaeb1fb103318bca3f0ee8beacdec0470"><code>7836357</code></a> Improve performance of chunk naming collision check (<a href="https://redirect.github.com/rollup/rollup/issues/4643">#4643</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/71d20c9d4a75b51b95c56df43ba1efd934158acb"><code>71d20c9</code></a> Reduce permissions for repl-artefacts.yml workflow (<a href="https://redirect.github.com/rollup/rollup/issues/4630">#4630</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/8193ea54199ecb295b46913b410528bd5f59d9a9"><code>8193ea5</code></a> Adapt workflow to use Node 14 sub-version to work with branch protection</li> <li><a href="https://github.com/rollup/rollup/commit/8477f8ff1fe80086556021542b22942ad27a0a69"><code>8477f8f</code></a> 2.79.0</li> <li>Additional commits viewable in <a href="https://github.com/rollup/rollup/compare/v2.70.0...v2.79.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/docker/awesome-compose/network/alerts). </details>

GiteaMirror added the pull-request label 2026-03-07 21:31:02 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

dependabot/npm_and_yarn/angular/angular/multi-4a74de0a3b

dependabot/npm_and_yarn/angular/angular/immutable-4.3.8

dependabot/npm_and_yarn/react-express-mysql/frontend/multi-8c2b01a32b

dependabot/npm_and_yarn/vuejs/vuejs/minimatch-3.1.5

dependabot/npm_and_yarn/react-express-mongodb/frontend/multi-8c2b01a32b

dependabot/npm_and_yarn/vuejs/vuejs/svgo-2.8.2

dependabot/npm_and_yarn/react-express-mongodb/backend/minimatch-3.1.5

dependabot/npm_and_yarn/react-express-mysql/frontend/rollup-2.80.0

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-8c2b01a32b

dependabot/npm_and_yarn/react-java-mysql/frontend/multi-8c2b01a32b

dependabot/npm_and_yarn/react-express-mysql/backend/multi-829fc934ed

dependabot/npm_and_yarn/react-rust-postgres/frontend/rollup-2.80.0

dependabot/npm_and_yarn/react-nginx/multi-8c2b01a32b

dependabot/npm_and_yarn/react-nginx/multi-a07fd7252a

dependabot/npm_and_yarn/react-express-mongodb/frontend/axios-1.13.5

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-c8afcbbcd8

dependabot/npm_and_yarn/react-express-mysql/frontend/multi-3c165ed7cd

dependabot/npm_and_yarn/react-nginx/multi-e38666b8df

dependabot/npm_and_yarn/react-nginx/multi-3c165ed7cd

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-3c165ed7cd

dependabot/npm_and_yarn/react-java-mysql/frontend/multi-c8afcbbcd8

dependabot/npm_and_yarn/react-nginx/multi-1c989c8248

dependabot/npm_and_yarn/nginx-nodejs-redis/web/multi-1c989c8248

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-1c989c8248

dependabot/npm_and_yarn/react-express-mongodb/backend/multi-6d05d0e569

dependabot/npm_and_yarn/react-express-mongodb/frontend/multi-c8afcbbcd8

dependabot/npm_and_yarn/nginx-nodejs-redis/web/multi-c8afcbbcd8

dependabot/npm_and_yarn/react-express-mysql/backend/multi-c8afcbbcd8

dependabot/npm_and_yarn/react-nginx/node-forge-1.3.3

dependabot/npm_and_yarn/angular/angular/multi-1c989c8248

dependabot/npm_and_yarn/react-nginx/rollup-2.79.2

dependabot/npm_and_yarn/react-express-mysql/frontend/node-forge-1.3.3

dependabot/npm_and_yarn/react-express-mongodb/frontend/form-data-3.0.4

dependabot/npm_and_yarn/react-nginx/form-data-3.0.4

dependabot/pip/django/app/django-4.2.27

dependabot/npm_and_yarn/react-rust-postgres/frontend/form-data-3.0.4

dependabot/npm_and_yarn/react-java-mysql/frontend/rollup-2.79.2

dependabot/npm_and_yarn/react-express-mongodb/backend/validator-13.15.22

dependabot/npm_and_yarn/react-java-mysql/frontend/node-forge-1.3.2

dependabot/npm_and_yarn/react-express-mongodb/frontend/node-forge-1.3.2

dependabot/npm_and_yarn/react-rust-postgres/frontend/node-forge-1.3.2

dependabot/npm_and_yarn/angular/angular/angular/common-19.2.16

dependabot/npm_and_yarn/angular/angular/node-forge-1.3.2

dependabot/npm_and_yarn/vuejs/vuejs/node-forge-1.3.2

dependabot/npm_and_yarn/react-java-mysql/frontend/multi-b4d14387f7

dependabot/npm_and_yarn/react-express-mongodb/frontend/multi-b4d14387f7

dependabot/npm_and_yarn/react-java-mysql/frontend/multi-4df209198f

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-6bc014718a

dependabot/npm_and_yarn/react-express-mongodb/frontend/multi-4df209198f

dependabot/npm_and_yarn/react-rust-postgres/frontend/cross-spawn-7.0.6

dependabot/npm_and_yarn/react-express-mysql/frontend/form-data-3.0.4

dependabot/npm_and_yarn/react-express-mongodb/backend/multi-6bc014718a

dependabot/npm_and_yarn/react-express-mysql/backend/multi-6bc014718a

dependabot/npm_and_yarn/react-express-mysql/backend/form-data-2.5.5

dependabot/npm_and_yarn/react-java-mysql/frontend/form-data-3.0.4

dependabot/npm_and_yarn/vuejs/vuejs/http-proxy-middleware-2.0.9

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-c9063a5af1

dependabot/npm_and_yarn/react-express-mysql/frontend/multi-b4d14387f7

dependabot/npm_and_yarn/nginx-nodejs-redis/web/multi-6bc014718a

dependabot/pip/nginx-wsgi-flask/flask/gunicorn-23.0.0

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-4948524209

dependabot/npm_and_yarn/angular/angular/multi-307bfcbed3

dependabot/npm_and_yarn/angular/angular/multi-a3f20be5e1

dependabot/npm_and_yarn/react-express-mongodb/backend/mongoose-6.13.8

dependabot/npm_and_yarn/react-nginx/cross-spawn-7.0.6

dependabot/npm_and_yarn/react-nginx/http-proxy-middleware-2.0.7

dependabot/npm_and_yarn/react-express-mongodb/frontend/rollup-2.79.2

dependabot/npm_and_yarn/react-express-mysql/backend/multi-27a054522e

dependabot/npm_and_yarn/react-nginx/multi-2ff0448eb0

dependabot/npm_and_yarn/angular/angular/multi-2d3aef8690

dependabot/npm_and_yarn/react-express-mysql/backend/braces-3.0.3

dependabot/npm_and_yarn/react-express-mysql/backend/mysql2-3.9.8

dependabot/npm_and_yarn/angular/angular/babel/traverse-7.24.1

dependabot/npm_and_yarn/react-express-mysql/frontend/webpack-dev-middleware-5.3.4

dependabot/npm_and_yarn/react-rust-postgres/frontend/loader-utils-1.4.2

dependabot/npm_and_yarn/react-java-mysql/frontend/webpack-dev-middleware-5.3.4

dependabot/npm_and_yarn/react-express-mongodb/backend/multi-62bd794dc7

dependabot/npm_and_yarn/react-java-mysql/frontend/babel/traverse-7.24.1

dependabot/npm_and_yarn/react-nginx/decode-uri-component-0.2.2

dependabot/npm_and_yarn/angular/angular/json5-1.0.2

dependabot/npm_and_yarn/react-express-mongodb/frontend/babel/traverse-7.24.1

dependabot/npm_and_yarn/react-express-mysql/frontend/loader-utils-1.4.2

dependabot/npm_and_yarn/react-java-mysql/frontend/json5-1.0.2

dependabot/npm_and_yarn/react-java-mysql/frontend/loader-utils-1.4.2

dependabot/npm_and_yarn/react-rust-postgres/frontend/decode-uri-component-0.2.2

dependabot/npm_and_yarn/react-express-mongodb/frontend/loader-utils-1.4.2

dependabot/npm_and_yarn/react-rust-postgres/frontend/babel/traverse-7.24.1

dependabot/npm_and_yarn/vuejs/vuejs/babel/traverse-7.24.1

dependabot/npm_and_yarn/react-nginx/webpack-dev-middleware-5.3.4

dependabot/npm_and_yarn/react-express-mongodb/frontend/decode-uri-component-0.2.2

dependabot/npm_and_yarn/react-nginx/multi-7f0e0a7f19

dependabot/npm_and_yarn/react-nginx/babel/traverse-7.24.1

dependabot/npm_and_yarn/react-nginx/json5-1.0.2

dependabot/npm_and_yarn/react-express-mongodb/frontend/webpack-dev-middleware-5.3.4

dependabot/npm_and_yarn/react-express-mysql/backend/multi-3dbc2df540

dependabot/npm_and_yarn/react-rust-postgres/frontend/webpack-dev-middleware-5.3.4

dependabot/npm_and_yarn/react-nginx/terser-5.30.3

dependabot/npm_and_yarn/react-express-mysql/frontend/json5-1.0.2

dependabot/npm_and_yarn/react-nginx/loader-utils-1.4.2

dependabot/npm_and_yarn/react-express-mysql/frontend/babel/traverse-7.24.1

dependabot/npm_and_yarn/react-rust-postgres/frontend/json5-1.0.2

dependabot/npm_and_yarn/react-rust-postgres/frontend/terser-5.30.3

dependabot/npm_and_yarn/react-express-mongodb/frontend/json5-1.0.2

dependabot/npm_and_yarn/react-rust-postgres/frontend/multi-7f0e0a7f19

dependabot/npm_and_yarn/angular/angular/multi-841ff79eff

dependabot/npm_and_yarn/react-express-mysql/frontend/decode-uri-component-0.2.2

dependabot/npm_and_yarn/react-java-mysql/frontend/decode-uri-component-0.2.2

dependabot/npm_and_yarn/angular/angular/decode-uri-component-0.2.2

dependabot/npm_and_yarn/vuejs/vuejs/json5-1.0.2

dependabot/npm_and_yarn/vuejs/vuejs/loader-utils-1.4.2

dependabot/npm_and_yarn/vuejs/vuejs/webpack-dev-middleware-5.3.4

dependabot/pip/nginx-flask-mysql/backend/flask-2.2.5

dependabot/npm_and_yarn/react-express-mysql/backend/knex-2.4.0

dependabot/npm_and_yarn/react-express-mysql/backend/ansi-regex-5.0.1

dependabot/npm_and_yarn/vuejs/vuejs/terser-5.30.3

dependabot/pip/nginx-wsgi-flask/flask/flask-2.2.5

dependabot/npm_and_yarn/react-express-mongodb/backend/moment-2.30.1

dependabot/maven/sparkjava-mysql/backend/com.google.code.gson-gson-2.8.9

atomist/pin-docker-base-image/flask-redis/dockerfile

atomist/pin-docker-base-image/flask/app/dockerfile

atomist/pin-docker-base-image/nginx-flask-mongo/flask/dockerfile

atomist/pin-docker-base-image/nginx-flask-mysql/backend/dockerfile

atomist/pin-docker-base-image/sparkjava/sparkjava/dockerfile

atomist/pin-docker-base-image/react-java-mysql/backend/dockerfile

atomist/pin-docker-base-image/sparkjava-mysql/backend/dockerfile

atomist/pin-docker-base-image/spring-postgres/backend/dockerfile

atomist/pin-docker-base-image/react-rust-postgres/backend/dockerfile

atomist/pin-docker-base-image/nginx-aspnet-mysql/backend/dockerfile

No results found.

Labels

Clear labels

good first issue

proposal

pull-request

Mirrored from GitHub Pull Request

question

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/awesome-compose#1226