Bump rollup from 3.29.2 to 4.59.0 in /packages/rdf-entity-webcomponent#24
Open
dependabot[bot] wants to merge 33 commits intomasterfrom
Open
Conversation
Updated source code imports: - @zazuko/vue-graph-layout -> @lindas/vue-graph-layout - @zazuko/env/web -> @lindas/env/web - @zazuko/prefixes -> @lindas/prefixes Files changed: - src/components/data-model/data-model-component.vue - src/components/ResourcesExplorer.vue - src/components/shacl-dialog/modal-shacl-load.vue - src/views/ShaclEditor.vue Published versions: - @lindas/vue-graph-layout@0.1.6 - @lindas/spex@0.2.4
Updated source code imports: - @zazuko/vue-graph-layout -> @lindas/vue-graph-layout - @zazuko/env/web -> @lindas/env/web - @zazuko/prefixes -> @lindas/prefixes Files changed: - src/components/data-model/data-model-component.vue - src/components/ResourcesExplorer.vue - src/components/shacl-dialog/modal-shacl-load.vue - src/views/ShaclEditor.vue - packages/vocabulary-extras-builders/package.json (generate script)
- Add @lindas/rdf-parser-csvw-xlsx package (forked from @zazuko/rdf-parser-csvw-xlsx) - Update clownface package.json: - Rename from lindas-clownface to @lindas/clownface - Point repository to lindas-stack-libraries monorepo - Remove husky configuration (not needed in monorepo) - Add publishConfig for public access
…yout Security fixes: - Replace xlsx library with exceljs in rdf-parser-csvw-xlsx to fix: - Prototype Pollution vulnerability (GHSA-4r6h-8v6p-xvw6) - ReDoS vulnerability (GHSA-5pgg-2g8v-p4x9) - Migrate vue-graph-layout from Vue CLI to Vite to fix: - webpack-dev-server source code theft vulnerability - Multiple other webpack-dev-server vulnerabilities Other improvements: - Fix Windows path handling in tests using fileURLToPath - Bump @lindas/env-node to ^3.0.2 - All 8 tests pass with exceljs implementation
Renamed config files to use .cjs extension for CommonJS compatibility: - postcss.config.js -> postcss.config.cjs - tailwind.config.js -> tailwind.config.cjs - babel.config.js -> Removed (not needed with Vite) This fixes the build failure caused by module.exports being used in an ES module context (package.json has "type": "module"). Build now succeeds with Vite producing: - vue-graph-layout.js (9.90 kB) - vue-graph-layout.umd.cjs (7.12 kB) - vue-graph-layout.css (0.49 kB)
- Added npm override to replace @zazuko/rdf-parser-csvw-xlsx (uses vulnerable xlsx) with @lindas/rdf-parser-csvw-xlsx (uses safe exceljs) - Resolves GHSA-4r6h-8v6p-xvw6 (Prototype Pollution in sheetJS) - Resolves GHSA-5pgg-2g8v-p4x9 (ReDoS in sheetJS) - npm audit now reports 0 vulnerabilities
- Add proper exports with types for @lindas/env subpath exports (./web.js, ./Environment.js, etc.) - Update CI and release workflows to use --legacy-peer-deps - Support both main and master branches - Exclude test directory from TypeScript compilation in rdf-parser-csvw-xlsx - Remove compiled test files from repository
Published to npm with fixed TypeScript module exports.
- Add test suites for prefixes, vocabulary-loader, vocabulary-extras, vocabulary-extras-builders - Add mocha configuration for TypeScript tests - Add placeholder test scripts for UI packages (yasgui, yasr, yasqe, spex, shacl-test) - Configure changesets with README documentation - Add ts-node for TypeScript test support
- Add type assertions for streamToArray results - Fix factory type compatibility - Add eslint-disable comments for necessary any types
- wait-on@6 uses axios internal paths that don't work with Node 22 - Update to wait-on@9.0.3 which is compatible
The cube-hierarchy-query tests require docker-compose to start Fuseki (SPARQL server) for integration tests.
Updated snapshot key from @zazuko/cube-hierarchy-query to @lindas/cube-hierarchy-query to match the renamed package.
Same fix as CI workflow - cube-hierarchy-query tests require docker-compose to start Fuseki for integration tests.
- Tests run first on Node 18, 20, 22 - Security audit runs in parallel (non-blocking) - Release job runs after tests pass (only on push to main/master) - Added concurrency control to cancel outdated runs
Changesets action runs tests internally which need docker-compose for cube-hierarchy-query integration tests.
- Add webpack configuration for building yasgui packages - Add tsconfig files for TypeScript compilation - Increase maxPersistentResponseSize from 100KB to 10MB in yasr defaults - Add build scripts for yasgui bundle generation
- Downgrade get-stream from ^9.0.1 to ^8.0.0 in @lindas/env to fix Angular/esbuild bundler compatibility issue caused by @sec-ant/readable-stream async generator patterns - Add comprehensive proxy traps to extend() function in @lindas/env-core: getPrototypeOf, setPrototypeOf, isExtensible, preventExtensions, defineProperty, deleteProperty - Clean up debug logging from extend.js and Environment.js - Update changelogs
- Fork of @zazuko/formats-lazy v1.0.2 - Provides lazy-loaded RDF parsers and serializers - Uses @rdfjs/parser-n3, @rdfjs/parser-jsonld, rdfxml-streaming-parser - Does not depend on @graphy/* packages which require Node.js crypto - Browser-compatible alternative to @rdfjs-elements/formats-pretty
- Fixed malformed SinkMap generic types in index.d.ts - Properly import EventEmitter from events and Stream from @rdfjs/types - Fixes TS2345 error when using env.formats.import(formats)
Bump all packages to unified version for DevOps guidelines compliance.
Bumps [rollup](https://github.com/rollup/rollup) from 3.29.2 to 4.59.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-3.md) - [Commits](rollup/rollup@v3.29.2...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps rollup from 3.29.2 to 4.59.0.
Release notes
Sourced from rollup's releases.
... (truncated)
Changelog
Sourced from rollup's changelog.
Commits
ae846954.59.0b39616eUpdate audit-resolvec60770dValidate bundle stays within output dir (#6275)33f39c14.58.0b61c408forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...7f00689Extend agent instructionse7b2b85chore(deps): lock file maintenance (#6270)2aa5da9fix(deps): update minor/patch updates (#6267)4319837chore(deps): update dependency lru-cache to v11 (#6269)c3b6b4bchore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.
Install script changes
This version modifies
preparescript that runs during installation. Review the package contents before updating.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.