Skip to content

MAINT Bump rollup to >=4.59.0 for dependabot security alert#1408

Merged
romanlutz merged 1 commit intoAzure:mainfrom
romanlutz:romanlutz/bump-rollup
Feb 26, 2026
Merged

MAINT Bump rollup to >=4.59.0 for dependabot security alert#1408
romanlutz merged 1 commit intoAzure:mainfrom
romanlutz:romanlutz/bump-rollup

Conversation

@romanlutz
Copy link
Contributor

Add npm overrides to enforce rollup>=4.59.0 (transitive dep of vite). Bumps from 4.53.2 to 4.59.0.

Add npm overrides to enforce rollup>=4.59.0 (transitive dep of vite).
Bumps from 4.53.2 to 4.59.0.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings February 26, 2026 19:51
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the frontend’s dependency resolution to address a Dependabot security alert by forcing a newer Rollup version (a transitive dependency of Vite).

Changes:

  • Add an npm overrides entry to enforce rollup >= 4.59.0.
  • Update package-lock.json to Rollup 4.59.0 (including platform-specific Rollup packages).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
frontend/package.json Adds an npm override to enforce a minimum Rollup version.
frontend/package-lock.json Locks Rollup and related optional platform packages to 4.59.0.
Files not reviewed (1)
  • frontend/package-lock.json: Language not supported

@romanlutz romanlutz merged commit c82b1ec into Azure:main Feb 26, 2026
36 checks passed
@romanlutz romanlutz deleted the romanlutz/bump-rollup branch February 26, 2026 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants