Skip to content

Resolve vulnerabilities#6375

Merged
lukastaegert merged 2 commits into
masterfrom
resolve-vulnerabilities
May 14, 2026
Merged

Resolve vulnerabilities#6375
lukastaegert merged 2 commits into
masterfrom
resolve-vulnerabilities

Conversation

@lukastaegert
Copy link
Copy Markdown
Member

@lukastaegert lukastaegert commented May 14, 2026

This PR contains:

  • bugfix
  • feature
  • refactor
  • documentation
  • other

Are tests included?

  • yes (bugfixes and features will not be merged without tests)
  • no

Breaking Changes?

  • yes (breaking changes will not be merged unless absolutely necessary)
  • no

List any relevant issue numbers:

Description

This resolves some small vulnerabilities and updates the current ignore timestamps.

Copilot AI review requested due to automatic review settings May 14, 2026 05:27
@vercel
Copy link
Copy Markdown

vercel Bot commented May 14, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
rollup Ready Ready Preview, Comment May 14, 2026 5:46am

Request Review

@lukastaegert lukastaegert enabled auto-merge May 14, 2026 05:27
Copilot AI reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates dependency lockfile resolution and audit ignore timestamps to address or defer vulnerability findings in the Rollup development dependency tree.

Changes:

  • Updates the locked Mermaid parser/mermaid dependency chain.
  • Removes now-unneeded Langium/Chevrotain lockfile entries.
  • Refreshes selected audit ignore timestamps.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package-lock.json Updates resolved transitive dependency versions for Mermaid-related packages.
audit-resolve.json Refreshes selected vulnerability ignore timestamps.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread audit-resolve.json
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026
edited
Loading

Performance report

  • BUILD: 6082ms (-128ms, -2.1%), 837 MB
    • initialize: 0ms, 24 MB (+8%)
    • generate module graph: 2154ms, 633 MB
      • generate ast: 1098ms, 624 MB
    • sort and bind modules: 414ms, 692 MB
    • mark included statements: 3516ms, 837 MB
      • treeshaking pass 1: 1938ms, 828 MB
      • treeshaking pass 2: 439ms, 861 MB (+3%)
      • treeshaking pass 3: 384ms, 835 MB
      • treeshaking pass 4: 370ms, 851 MB (+3%)
      • treeshaking pass 5: 370ms, 837 MB
  • GENERATE: 662ms, 938 MB (+3%)
    • initialize render: 0ms, 837 MB
    • generate chunks: 41ms, 861 MB (+3%)
      • optimize chunks: 0ms, 853 MB (+3%)
    • render chunks: 601ms, 915 MB (+2%)
    • transform chunks: 17ms, 938 MB (+3%)
    • generate bundle: 0ms, 938 MB (+3%)

@lukastaegert lukastaegert force-pushed the resolve-vulnerabilities branch from 5f8e6d1 to 5c291cc Compare May 14, 2026 05:44
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026
edited
Loading

Thank you for your contribution! ❤️

You can try out this pull request locally by installing Rollup via

npm install rollup/rollup#resolve-vulnerabilities

Notice: Ensure you have installed the latest nightly Rust toolchain. If you haven't installed it yet, please see https://www.rust-lang.org/tools/install to learn how to download Rustup and install Rust.

or load it into the REPL:
https://rollup-kl2796pev-rollup-js.vercel.app/repl/?pr=6375

@codecov
Copy link
Copy Markdown

codecov Bot commented May 14, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.78%. Comparing base (71f5ebc) to head (5c291cc).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6375   +/-   ##
=======================================
  Coverage   98.78%   98.78%           
=======================================
  Files         274      274           
  Lines       10793    10793           
  Branches     2882     2882           
=======================================
  Hits        10662    10662           
  Misses         89       89           
  Partials       42       42

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@lukastaegert lukastaegert disabled auto-merge May 14, 2026 06:02
@lukastaegert lukastaegert merged commit 82a0fe7 into master May 14, 2026
47 checks passed
@lukastaegert lukastaegert deleted the resolve-vulnerabilities branch May 14, 2026 06:02
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

This PR has been released as part of [email protected]. You can test it via npm install rollup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lukastaegert