Bump rollup from 2.75.7 to 4.58.0 in /src/microsoft-trydotnet by dependabot[bot] · Pull Request #83 · IntelliTect/try

dependabot · 2026-02-20T18:40:23Z

Bumps rollup from 2.75.7 to 4.58.0.

Release notes

v4.58.0

4.58.0

2026-02-20

Features

Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

#6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@njg7194, @lukastaegert)

#6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@millerick, @lukastaegert)

#6260: fix(deps): update rust crate swc_compiler_base to v47 (@renovate[bot], @lukastaegert)

#6261: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6262: Avoid unnecessary cloning of the code string (@lukastaegert)

#6263: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6265: chore(deps): lock file maintenance (@renovate[bot])

#6267: fix(deps): update minor/patch updates (@renovate[bot])

#6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@renovate[bot], @lukastaegert)

#6269: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6270: chore(deps): lock file maintenance (@renovate[bot])

#6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

Fix heap corruption issue in Windows (#6251)

Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

#6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@alan-agius4, @lukastaegert)

#6252: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6253: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#6254: Fully include dynamic imports in a try-catch (@lukastaegert)

#6255: chore(deps): lock file maintenance (@renovate[bot])

v4.57.0

4.57.0

2026-01-27

Features

Add import attributes to all plugin hooks that did not provide them yet (#5700)

... (truncated)

Changelog

Sourced from rollup's changelog.

rollup changelog

2.79.1

2022-09-22

Bug Fixes

Avoid massive performance degradation when creating thousands of chunks (#4643)

Pull Requests

#4639: fix: typo docs and contributors link in CONTRIBUTING.md ( @takurinton)

#4641: Update type definition of resolveId (@ivanjonas)

#4643: Improve performance of chunk naming collision check ( @lukastaegert)

2.79.0

2022-08-31

Features

Add amd.forceJsExtensionForImports to enforce using .js extensions for relative AMD imports (#4607)

Pull Requests

#4607: add option to keep extensions for amd (@wh1tevs)

2.78.1

2022-08-19

Bug Fixes

Avoid inferring "arguments" as name for a default export placeholder variable (#4613)

Pull Requests

#4613: Prevent using arguments for generated variable names ( @lukastaegert)

2.78.0

2022-08-14

Features

Support writing plugin hooks as objects with a "handler" property (#4600)

Allow changing execution order per plugin hook (#4600)

Add flag to execute plugins in async parallel hooks sequentially (#4600)

... (truncated)

Commits

33f39c1 4.58.0
b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
7f00689 Extend agent instructions
e7b2b85 chore(deps): lock file maintenance (#6270)
2aa5da9 fix(deps): update minor/patch updates (#6267)
4319837 chore(deps): update dependency lru-cache to v11 (#6269)
c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
8653dd7 fix(deps): update minor/patch updates (#6263)
c49fba1 chore(deps): lock file maintenance (#6265)
74559c0 Avoid unnecessary cloning of the code string (#6262)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

BenjaminMichaelis · 2026-02-21T02:50:24Z

@dependabot recreate

BenjaminMichaelis · 2026-02-21T07:53:09Z

@dependabot recreate

BenjaminMichaelis · 2026-02-21T08:42:47Z

@dependabot recreate

Bumps [rollup](https://github.com/rollup/rollup) from 2.75.7 to 4.58.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-2.md) - [Commits](rollup/rollup@v2.75.7...v4.58.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.58.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

- microsoft-trydotnet: Add 'type: module' to package.json to eliminate the MODULE_TYPELESS_PACKAGE_JSON rollup warning (rollup.config.js already used ES module syntax) - microsoft-trydotnet-styles: Remove unused 'fstream' devDependency which pulled in rimraf@2 -> glob@7 -> minimatch@3 vulnerability chain. Resolves all 4 high-severity vulnerabilities (0 vulns remaining). - microsoft-trydotnet-editor: Run npm audit fix (non-breaking) to fix ajv, brace-expansion, cross-spawn, and diff (via ts-node) vulns. Remove eslint-plugin-deprecation (superseded; was pulling in old @typescript-eslint/* with stale minimatch chain). Upgrade @typescript-eslint/{eslint-plugin,parser} from ^5.62.0 to ^8.56.0 and eslint from 8.18.0 to ^8.57.0 (peer dep requirement). Update .eslintrc.json: replace deprecation/deprecation with @typescript-eslint/no-deprecated, remove @typescript-eslint/semi (removed in v6+), replace with base semi rule. Reduces vulnerabilities from 19 to 14 (remaining 14 are mocha and eslint@8 transitive chains - accepted, all devDeps, no prod impact). Not addressed (accepted/skip): - uuid@3.4.0, whatwg-encoding: transitive from @microsoft/polyglot-notebooks - Circular dep / critical webpack warnings: from @microsoft/polyglot-notebooks - Mocha minimatch/diff chain: mocha upstream issue, needs mocha update - eslint@8 -> @eslint/eslintrc -> minimatch@3 chain: needs eslint@10 migration - Asset size warnings: out of scope Fix CI: rename rollup.config.js to .mjs instead of type:module Adding 'type: module' to package.json made mocha's ts-node/register (a CJS hook) unable to require() the .ts test files - they were treated as ESM modules, causing ERR_REQUIRE_ESM in CI. The correct fix is to rename rollup.config.js -> rollup.config.mjs, which explicitly marks the config file as ESM by extension. Rollup 4.x finds rollup.config.mjs automatically and doesn't emit the [MODULE_TYPELESS_PACKAGE_JSON] warning for .mjs files. This leaves the package CJS-by-default so mocha + ts-node/register continue to work correctly.

dependabot bot added dependencies Pull requests that update a dependency file npm labels Feb 20, 2026

dependabot bot had a problem deploying to BuildAndUploadImage February 20, 2026 18:40 Failure

github-actions bot approved these changes Feb 20, 2026

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/src/microsoft-trydotnet/rollup-4.58.0 branch from d66ab17 to 40f5661 Compare February 20, 2026 18:51

dependabot bot had a problem deploying to BuildAndUploadImage February 20, 2026 18:51 Failure

github-actions bot approved these changes Feb 20, 2026

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/src/microsoft-trydotnet/rollup-4.58.0 branch from 40f5661 to 728de94 Compare February 21, 2026 02:59

dependabot bot had a problem deploying to BuildAndUploadImage February 21, 2026 02:59 Failure