Bump rollup from 4.44.2 to 4.59.0 by dependabot[bot] · Pull Request #2786 · onflow/fcl-js

dependabot · 2026-02-28T07:18:50Z

Bumps rollup from 4.44.2 to 4.59.0.

Release notes

v4.59.0

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

#6275: Validate bundle stays within output dir (@lukastaegert)

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

... (truncated)

Commits

ae84695 4.59.0
b39616e Update audit-resolve
c60770d Validate bundle stays within output dir (#6275)
33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

vercel · 2026-02-28T07:18:53Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
react-sdk-demo	Ready	Preview, Comment	Mar 25, 2026 10:17pm

changeset-bot · 2026-02-28T07:18:54Z

⚠️ No Changeset found

Latest commit: 252f74e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

github-actions · 2026-02-28T07:19:05Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 252f74e.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@rollup/rollup-android-arm-eabi

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-android-arm64

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-darwin-arm64

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-darwin-x64

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-freebsd-arm64

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-freebsd-x64

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-arm-gnueabihf

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-arm-musleabihf

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-arm64-gnu

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-arm64-musl

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-loong64-gnu

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-loong64-musl

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-ppc64-gnu

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-ppc64-musl

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-riscv64-gnu

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-riscv64-musl

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-s390x-gnu

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-x64-gnu

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-linux-x64-musl

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-openbsd-x64

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-openharmony-arm64

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-win32-arm64-msvc

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-win32-ia32-msvc

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-win32-x64-gnu

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rollup/rollup-win32-x64-msvc

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/rollup

4.59.0

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 3/10 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

package-lock.json

jribbink · 2026-03-25T22:12:00Z

@dependabot rebase

Bumps [rollup](https://github.com/rollup/rollup) from 4.44.2 to 4.59.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.44.2...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 28, 2026

dependabot bot requested a review from a team as a code owner February 28, 2026 07:18

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 28, 2026

vercel bot deployed to Preview February 28, 2026 07:23 View deployment

dependabot bot force-pushed the dependabot/npm_and_yarn/rollup-4.59.0 branch 2 times, most recently from 7222296 to 6513267 Compare March 25, 2026 21:45

vercel bot deployed to Preview March 25, 2026 21:48 View deployment

jribbink approved these changes Mar 25, 2026

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/rollup-4.59.0 branch from 6513267 to 410b83b Compare March 25, 2026 22:13

dependabot bot force-pushed the dependabot/npm_and_yarn/rollup-4.59.0 branch from 410b83b to 252f74e Compare March 25, 2026 22:14

vercel bot deployed to Preview March 25, 2026 22:17 View deployment

jribbink merged commit b8eb8ce into master Mar 25, 2026
8 checks passed

jribbink deleted the dependabot/npm_and_yarn/rollup-4.59.0 branch March 25, 2026 22:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump rollup from 4.44.2 to 4.59.0#2786

Bump rollup from 4.44.2 to 4.59.0#2786
jribbink merged 1 commit intomasterfrom
dependabot/npm_and_yarn/rollup-4.59.0

dependabot bot commented on behalf of github Feb 28, 2026 •

edited

Loading

Uh oh!

vercel bot commented Feb 28, 2026 •

edited

Loading

Uh oh!

changeset-bot bot commented Feb 28, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Feb 28, 2026 •

edited

Loading

Uh oh!

jribbink commented Mar 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Feb 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.59.0

4.59.0

Features

Pull Requests

v4.58.0

4.58.0

Features

Pull Requests

v4.57.1

4.57.1

Bug Fixes

Pull Requests

4.59.0

Features

Pull Requests

4.58.0

Features

Pull Requests

4.57.1

Bug Fixes

Pull Requests

Uh oh!

vercel bot commented Feb 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

changeset-bot bot commented Feb 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ No Changeset found

Uh oh!

github-actions bot commented Feb 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

Snapshot Warnings

OpenSSF Scorecard

Scanned Files

Uh oh!

jribbink commented Mar 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Feb 28, 2026 •

edited

Loading

vercel bot commented Feb 28, 2026 •

edited

Loading

changeset-bot bot commented Feb 28, 2026 •

edited

Loading

github-actions bot commented Feb 28, 2026 •

edited

Loading