Upgrade rollup to non-vulnerable version 2.79.1 -> 3.29.5 #1571

dlpzx · 2024-09-24T06:56:36Z

Security vulnerability found in rollup (well explained here).
This PR upgrades the package to a non-vulnerable version

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

Does this PR introduce or modify any input fields or queries - this includes
fetching data from storage outside the application (e.g. a database, an S3 bucket)?
- Is the input sanitized?
- What precautions are you taking before deserializing the data you consume?
- Is injection prevented by parametrizing queries?
- Have you ensured no eval or similar functions are used?
Does this PR introduce any functionality or component that requires authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
- Are you logging failed auth attempts?
Are you using or adding any cryptographic features?
- Do you use a standard proven implementations?
- Are the used keys controlled by the customer? Where are they stored?
Are you introducing any new policies/roles/users?
- Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Upgrade rollup to non-vulnerable version 2.79.1 -> 3.29.5

66e2dea

dlpzx requested review from SofiaSazonova and petrkalos September 24, 2024 06:56

petrkalos approved these changes Sep 24, 2024

View reviewed changes

petrkalos merged commit b9915ef into main Sep 24, 2024
9 checks passed

petrkalos deleted the dep/upgrade-rollup branch September 24, 2024 08:19

Provide feedback