Bump rollup from 4.57.1 to 4.60.2 in the npm_and_yarn group across 1 directory by dependabot[bot] · Pull Request #8 · kan/wema

dependabot · 2026-03-01T02:51:48Z

Bumps the npm_and_yarn group with 1 update in the / directory: rollup.

Updates rollup from 4.57.1 to 4.60.2

Release notes

v4.60.2

4.60.2

2026-04-18

Bug Fixes

Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

#6327: docs: fix various typos in source and documentation (@Abhi3975, @lukastaegert)

#6331: fix(deps): update minor/patch updates (@renovate[bot])

#6332: chore(deps): update codecov/codecov-action action to v6 (@renovate[bot])

#6333: chore(deps): update dependency eslint-plugin-unicorn to v64 (@renovate[bot])

#6334: fix(deps): update rust crate swc_compiler_base to v51 (@renovate[bot])

#6335: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6346: fix(deps): update minor/patch updates (@renovate[bot])

#6347: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6348: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6349: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6350: fix: reset variable render names between outputs in the same generate (@barry3406, @lukastaegert)

#6351: chore(deps): update minor/patch updates (@renovate[bot])

#6352: chore(deps): update cross-platform-actions/action action to v1 (@renovate[bot])

#6353: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6354: chore(deps): lock file maintenance (@renovate[bot])

#6355: chore(deps): lock file maintenance (@renovate[bot])

#6356: chore(deps): lock file maintenance (@renovate[bot])

#6358: chore: remove cross-env from devDeps (@K-tecchan)

v4.60.1

4.60.1

2026-03-30

Bug Fixes

Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

#6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@littlegrayss, @TrickyPi)

#6317: chore(deps): pin dependencies (@renovate[bot], @lukastaegert)

#6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@renovate[bot], @lukastaegert)

#6319: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6320: chore(deps): pin dependency typescript to v5 (@renovate[bot], @lukastaegert)

#6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@renovate[bot], @lukastaegert)

#6322: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6323: chore(deps): lock file maintenance (@renovate[bot])

#6324: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.2

2026-04-18

Bug Fixes

Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

#6327: docs: fix various typos in source and documentation (@Abhi3975, @lukastaegert)

#6331: fix(deps): update minor/patch updates (@renovate[bot])

#6332: chore(deps): update codecov/codecov-action action to v6 (@renovate[bot])

#6333: chore(deps): update dependency eslint-plugin-unicorn to v64 (@renovate[bot])

#6334: fix(deps): update rust crate swc_compiler_base to v51 (@renovate[bot])

#6335: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6346: fix(deps): update minor/patch updates (@renovate[bot])

#6347: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6348: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6349: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6350: fix: reset variable render names between outputs in the same generate (@barry3406, @lukastaegert)

#6351: chore(deps): update minor/patch updates (@renovate[bot])

#6352: chore(deps): update cross-platform-actions/action action to v1 (@renovate[bot])

#6353: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6354: chore(deps): lock file maintenance (@renovate[bot])

#6355: chore(deps): lock file maintenance (@renovate[bot])

#6356: chore(deps): lock file maintenance (@renovate[bot])

#6358: chore: remove cross-env from devDeps (@K-tecchan)

4.60.1

2026-03-30

Bug Fixes

Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

#6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@littlegrayss, @TrickyPi)

#6317: chore(deps): pin dependencies (@renovate[bot], @lukastaegert)

#6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@renovate[bot], @lukastaegert)

#6319: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6320: chore(deps): pin dependency typescript to v5 (@renovate[bot], @lukastaegert)

#6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@renovate[bot], @lukastaegert)

#6322: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6323: chore(deps): lock file maintenance (@renovate[bot])

#6324: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

4.60.0

... (truncated)

Commits

a6be82b 4.60.2
5e6fb9f fix: reset variable render names between outputs in the same generate (#6350)
7542834 chore: remove cross-env from devDeps (#6358)
1fa79d0 chore(deps): update cross-platform-actions/action action to v1 (#6352)
819332e chore(deps): update dependency lru-cache to v11 (#6353)
fd464a9 chore(deps): lock file maintenance (#6356)
e6d2ff9 chore(deps): lock file maintenance (#6355)
32e8517 chore(deps): update minor/patch updates (#6351)
1d5bcb4 chore(deps): lock file maintenance (#6354)
f58d278 fix(deps): update swc monorepo (major) (#6348)
Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

kan · 2026-04-27T14:53:09Z

@dependabot rebase

Bumps the npm_and_yarn group with 1 update in the / directory: [rollup](https://github.com/rollup/rollup). Updates `rollup` from 4.57.1 to 4.60.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.1...v4.60.2) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

kan · 2026-04-27T14:57:34Z

main で npm audit fix により rollup 4.60.2 に更新され、Path Traversal 脆弱性が解消したためクローズします。

dependabot · 2026-04-27T14:57:37Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 1, 2026

dependabot Bot changed the title ~~Bump rollup from 4.57.1 to 4.59.0 in the npm_and_yarn group across 1 directory~~ Bump rollup from 4.57.1 to 4.60.2 in the npm_and_yarn group across 1 directory Apr 27, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-b2936519f3 branch from c05f688 to daa06a5 Compare April 27, 2026 14:54

kan closed this Apr 27, 2026

kan deleted the dependabot/npm_and_yarn/npm_and_yarn-b2936519f3 branch April 27, 2026 14:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump rollup from 4.57.1 to 4.60.2 in the npm_and_yarn group across 1 directory#8

Bump rollup from 4.57.1 to 4.60.2 in the npm_and_yarn group across 1 directory#8
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-b2936519f3

dependabot Bot commented on behalf of github Mar 1, 2026 •

edited

Loading

Uh oh!

kan commented Apr 27, 2026

Uh oh!

kan commented Apr 27, 2026

Uh oh!

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Mar 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.60.2

4.60.2

Bug Fixes

Pull Requests

v4.60.1

4.60.1

Bug Fixes

Pull Requests

4.60.2

Bug Fixes

Pull Requests

4.60.1

Bug Fixes

Pull Requests

4.60.0

Uh oh!

kan commented Apr 27, 2026

Uh oh!

kan commented Apr 27, 2026

Uh oh!

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Mar 1, 2026 •

edited

Loading