Skip to content

Bump rollup from 3.29.4 to 3.30.0#25

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/rollup-3.30.0
Closed

Bump rollup from 3.29.4 to 3.30.0#25
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/rollup-3.30.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Feb 25, 2026
edited
Loading

Bumps rollup from 3.29.4 to 3.30.0.

Release notes

Sourced from rollup's releases.

v3.30.0

3.30.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

v3.29.5

3.29.5

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

Changelog

Sourced from rollup's changelog.

3.30.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

3.29.5

2024-09-21

Bug Fixes

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 25, 2026
@tomswinkels
Copy link
Copy Markdown
Member

tomswinkels commented Apr 16, 2026

@dependabot recreate

@dependabot
Bump rollup from 3.29.4 to 3.30.0
4b40c1c 
Bumps [rollup](https://github.com/rollup/rollup) from 3.29.4 to 3.30.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md)
- [Commits](rollup/rollup@v3.29.4...v3.30.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 3.30.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/rollup-3.30.0 branch from b878231 to 4b40c1c Compare April 16, 2026 14:42
@Kevintjuhz
Copy link
Copy Markdown
Member

Kevintjuhz commented Apr 24, 2026

Superseded by a consolidated bump-to-latest-minor and npm audit fix merged in c1ff31d. The package version targeted by this PR is already satisfied in main. Closing as obsolete.

@Kevintjuhz Kevintjuhz closed this Apr 24, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 24, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/rollup-3.30.0 branch April 24, 2026 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomswinkels @Kevintjuhz