Sourced from rollup's changelog.
rollup changelog
4.22.4
2024-09-21
Bug Fixes
- Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)
Pull Requests
- #5670: refactor: Use object.prototype to check for reserved properties (
@YuHyeonWook
)- #5671: Fix DOM Clobbering CVE (
@lukastaegert
)4.22.3
2024-09-21
Bug Fixes
- Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)
Pull Requests
- #5669: Ensure impure dependencies of pure modules are added (
@lukastaegert
)4.22.2
2024-09-20
Bug Fixes
- Revert fix for side effect free modules until other issues are investigated (#5667)
Pull Requests
- #5667: Partially revert #5658 and re-apply #5644 (
@lukastaegert
)4.22.1
2024-09-20
Bug Fixes
- Revert #5644 "stable chunk hashes" while issues are being investigated
Pull Requests
- #5663: chore(deps): update dependency inquirer to v11 (
@renovate
[bot],@lukastaegert
)
... (truncated)
dfd233d
3.29.52ef77c0
Fix DOM Clobbering CVE