Skip to content

VULN UPGRADE: minor upgrades — 13 packages (minor: 5 · patch: 8) [packages/published]#280

Draft
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/npm/published/0-1772806458
Draft

VULN UPGRADE: minor upgrades — 13 packages (minor: 5 · patch: 8) [packages/published]#280
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/npm/published/0-1772806458

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Mar 6, 2026

Summary: High-severity security update — 65 packages upgraded (MINOR changes included)

Manifests changed:

  • packages/published (npm)

Updates

Package From To Type Vulnerabilities Fixed
rollup 4.45.1 4.59.0 minor 2 HIGH
rollup 4.45.1 4.59.0 minor 2 HIGH
rollup 4.45.1 4.59.0 minor 2 HIGH
rollup 4.45.1 4.59.0 minor 2 HIGH
rollup 4.45.1 4.59.0 minor 2 HIGH
@rollup/plugin-babel 6.0.4 6.1.0 minor -
@rollup/plugin-babel 6.0.4 6.1.0 minor -
@rollup/plugin-babel 6.0.4 6.1.0 minor -
@rollup/plugin-babel 6.0.4 6.1.0 minor -
@rollup/plugin-babel 6.0.4 6.1.0 minor -
rollup-plugin-dts 6.1.1 6.3.0 minor -
rollup-plugin-dts 6.1.1 6.3.0 minor -
rollup-plugin-dts 6.1.1 6.3.0 minor -
rollup-plugin-dts 6.1.1 6.3.0 minor -
rollup-plugin-dts 6.1.1 6.3.0 minor -
rollup-plugin-esbuild 6.1.1 6.2.1 minor -
rollup-plugin-esbuild 6.1.1 6.2.1 minor -
rollup-plugin-esbuild 6.1.1 6.2.1 minor -
rollup-plugin-esbuild 6.1.1 6.2.1 minor -
rollup-plugin-esbuild 6.1.1 6.2.1 minor -
simple-git 3.25.0 3.32.3 minor -
simple-git 3.25.0 3.32.3 minor -
simple-git 3.25.0 3.32.3 minor -
simple-git 3.25.0 3.32.3 minor -
simple-git 3.25.0 3.32.3 minor -
@babel/core 7.24.5 7.24.9 patch -
@babel/core 7.24.5 7.24.9 patch -
@babel/core 7.24.5 7.24.9 patch -
@babel/core 7.24.5 7.24.9 patch -
@babel/core 7.24.5 7.24.9 patch -
@babel/preset-env 7.24.5 7.24.8 patch -
@babel/preset-env 7.24.5 7.24.8 patch -
@babel/preset-env 7.24.5 7.24.8 patch -
@babel/preset-env 7.24.5 7.24.8 patch -
@babel/preset-env 7.24.5 7.24.8 patch -
@babel/preset-typescript 7.24.1 7.24.7 patch -
@babel/preset-typescript 7.24.1 7.24.7 patch -
@babel/preset-typescript 7.24.1 7.24.7 patch -
@babel/preset-typescript 7.24.1 7.24.7 patch -
@babel/preset-typescript 7.24.1 7.24.7 patch -
@rollup/plugin-commonjs 28.0.1 28.0.9 patch -
@rollup/plugin-commonjs 28.0.1 28.0.9 patch -
@rollup/plugin-commonjs 28.0.1 28.0.9 patch -
@rollup/plugin-commonjs 28.0.1 28.0.9 patch -
@rollup/plugin-commonjs 28.0.1 28.0.9 patch -
@rollup/plugin-node-resolve 15.3.0 15.3.1 patch -
@rollup/plugin-node-resolve 15.3.0 15.3.1 patch -
@rollup/plugin-node-resolve 15.3.0 15.3.1 patch -
@rollup/plugin-node-resolve 15.3.0 15.3.1 patch -
@rollup/plugin-node-resolve 15.3.0 15.3.1 patch -
chalk 2.3.1 2.3.2 patch -
chalk 2.3.1 2.3.2 patch -
chalk 2.3.1 2.3.2 patch -
chalk 2.3.1 2.3.2 patch -
chalk 2.3.1 2.3.2 patch -
esbuild 0.25.8 0.25.12 patch -
esbuild 0.25.8 0.25.12 patch -
esbuild 0.25.8 0.25.12 patch -
esbuild 0.25.8 0.25.12 patch -
esbuild 0.25.8 0.25.12 patch -
typescript 5.4.3 5.4.5 patch -
typescript 5.4.3 5.4.5 patch -
typescript 5.4.3 5.4.5 patch -
typescript 5.4.3 5.4.5 patch -
typescript 5.4.3 5.4.5 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (10 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
rollup GHSA-mw96-cpmx-2vgc HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 2.80.0
rollup CVE-2026-27606 HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 -
rollup GHSA-mw96-cpmx-2vgc HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 2.80.0
rollup CVE-2026-27606 HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 -
rollup GHSA-mw96-cpmx-2vgc HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 2.80.0
rollup CVE-2026-27606 HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 -
rollup GHSA-mw96-cpmx-2vgc HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 2.80.0
rollup CVE-2026-27606 HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 -
rollup GHSA-mw96-cpmx-2vgc HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 2.80.0
rollup CVE-2026-27606 HIGH Rollup 4 has Arbitrary File Write via Path Traversal 4.45.1 -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yoannmoinet yoannmoinet Awaiting requested review from yoannmoinet yoannmoinet will be requested when the pull request is marked ready for review yoannmoinet is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

adms-dependency-update adms-high-severity adms-minor-update adms-mode-all-updates adms-npm campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants