Bump @rollup/rollup-linux-x64-gnu from 4.59.0 to 4.60.0#23
Bump @rollup/rollup-linux-x64-gnu from 4.59.0 to 4.60.0#23dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) from 4.59.0 to 4.60.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.59.0...v4.60.0) --- updated-dependencies: - dependency-name: "@rollup/rollup-linux-x64-gnu" dependency-version: 4.60.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "@actions/core": "^3.0.0", | ||
| "@actions/exec": "^3.0.0" | ||
| "@actions/exec": "^3.0.0", | ||
| "@rollup/rollup-linux-x64-gnu": "4.60.0" |
There was a problem hiding this comment.
Lockfile corrupted: package added to production dependencies
Medium Severity
@rollup/rollup-linux-x64-gnu was incorrectly added to the dependencies section of the lockfile root entry (line 15, pinned to exact "4.60.0"), in addition to being in optionalDependencies (line 48, "^4.60.0"). In package.json, this package only exists in optionalDependencies, not dependencies. This lockfile corruption promotes a platform-specific binary (linux-x64 only) to a required production dependency, which could cause install failures on non-Linux-x64 environments and marks the resolved package without the dev flag.
Additional Locations (1)
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="package-lock.json">
<violation number="1" location="package-lock.json:15">
P2: Lockfile corruption: `@rollup/rollup-linux-x64-gnu` is added to the root `dependencies` section (exact pin `"4.60.0"`) but `package.json` only declares it in `optionalDependencies`. This promotes a platform-specific binary (linux-x64 only) to a required production dependency in the lockfile, which can cause `npm ci` failures on non-Linux-x64 environments. The lockfile should be regenerated so this entry only appears under `optionalDependencies`.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| "@actions/core": "^3.0.0", | ||
| "@actions/exec": "^3.0.0" | ||
| "@actions/exec": "^3.0.0", | ||
| "@rollup/rollup-linux-x64-gnu": "4.60.0" |
There was a problem hiding this comment.
P2: Lockfile corruption: @rollup/rollup-linux-x64-gnu is added to the root dependencies section (exact pin "4.60.0") but package.json only declares it in optionalDependencies. This promotes a platform-specific binary (linux-x64 only) to a required production dependency in the lockfile, which can cause npm ci failures on non-Linux-x64 environments. The lockfile should be regenerated so this entry only appears under optionalDependencies.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At package-lock.json, line 15:
<comment>Lockfile corruption: `@rollup/rollup-linux-x64-gnu` is added to the root `dependencies` section (exact pin `"4.60.0"`) but `package.json` only declares it in `optionalDependencies`. This promotes a platform-specific binary (linux-x64 only) to a required production dependency in the lockfile, which can cause `npm ci` failures on non-Linux-x64 environments. The lockfile should be regenerated so this entry only appears under `optionalDependencies`.</comment>
<file context>
@@ -11,7 +11,8 @@
"@actions/core": "^3.0.0",
- "@actions/exec": "^3.0.0"
+ "@actions/exec": "^3.0.0",
+ "@rollup/rollup-linux-x64-gnu": "4.60.0"
},
"devDependencies": {
</file context>
|
Looks like @rollup/rollup-linux-x64-gnu is up-to-date now, so this is no longer needed. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/rollup/rollup-linux-x64-gnu-4.60.0
branch
Bumps @rollup/rollup-linux-x64-gnu from 4.59.0 to 4.60.0.
Release notes
Sourced from
@rollup/rollup-linux-x64-gnu's releases.Changelog
Sourced from
@rollup/rollup-linux-x64-gnu's changelog.Commits
6ecd69f4.60.06b725b9feat: external only Source Phase imports support (#6279)0cba9e04.59.14eeea29Pin Vite1cd49aefix: fix chunk assignment for deoptimized module with dynamic import (#6306)c9dabc3Downgrade Vited46200fchore(deps): update dependency vite to v8 (#6309)aa6c853chore(deps): update dependency lru-cache to v11 (#6308)4208811chore(deps): lock file maintenance (#6312)5348a82chore(deps): lock file maintenance (#6311)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)