Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update rollup-pluginutils #2703

Merged
merged 2 commits into from Feb 16, 2019
Merged

Update rollup-pluginutils #2703

merged 2 commits into from Feb 16, 2019

Conversation

lukastaegert
Copy link
Member

This PR contains:

  • bugfix
  • feature
  • refactor
  • documentation
  • other

Are tests included?

  • yes (bugfixes and features will not be merged without tests)
  • no

Breaking Changes?

  • yes (breaking changes will not be merged unless absolutely necessary)
  • no

List any relevant issue numbers:

Description

Necessary but evil. This will bump rollup-pluginutils and therefore the transitive micromatch dependency from 2 to 3 to resolve a vulnerability (that I think is really of no importance to anyone using rollup unless their config files are the only way a hacker has compromised their system). As a result rollup will be 50% bigger no kidding!

I so hope micromatch@4 will be released soon, otherwise I will consider going back to minimatch or forking micromatch myself to get rid of all those dependencies and create a lean ES module version in the process. Alas, I would rather spend this time improving Rollup.

@lukastaegert lukastaegert merged commit 1454b90 into master Feb 16, 2019
@lukastaegert lukastaegert deleted the update-rollup-pluginutils branch February 16, 2019 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant