Skip to content

fix(@angular/build): update rollup to 4.22.4 #28480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 24, 2024
Merged

fix(@angular/build): update rollup to 4.22.4 #28480

merged 1 commit into from
Sep 24, 2024

Conversation

jkrems
Copy link
Contributor

@jkrems jkrems commented Sep 24, 2024

Contains fix for CVE-2024-47068.

See: GHSA-gcx4-mw62-g8wm

PR Checklist

Please check to confirm your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?

yarn up [email protected]
  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

What is the current behavior?

Rollup version is affected by a CVE.

Issue Number: #28478

What is the new behavior?

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

@jkrems jkrems mentioned this pull request Sep 24, 2024
Closed
1 task
@jkrems jkrems requested a review from clydin September 24, 2024 18:57
@alan-agius4 alan-agius4 added target: patch This PR is targeted for the next patch release action: merge The PR is ready for merge by the caretaker labels Sep 24, 2024
@alan-agius4 alan-agius4 removed the request for review from clydin September 24, 2024 19:10
@alan-agius4 alan-agius4 linked an issue Sep 24, 2024 that may be closed by this pull request
@angular-devkit/build-angular Depends on vulnerable versions of rollup #28478
Closed
1 task
@clydin clydin merged commit 5fea635 into angular:18.2.x Sep 24, 2024
33 checks passed
@jkrems jkrems deleted the jk-bump-rollout branch September 26, 2024 16:23
@ndricimrr ndricimrr mentioned this pull request Sep 30, 2024
Merged
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Oct 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: @angular/build target: patch This PR is targeted for the next patch release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

@angular-devkit/build-angular Depends on vulnerable versions of rollup

3 participants

@jkrems @alan-agius4 @clydin