Bump rollup from 3.29.4 to 3.29.5 #2024
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [rollup](https://github.com/rollup/rollup) from 3.29.4 to 3.29.5. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v3.29.4...v3.29.5) --- updated-dependencies: - dependency-name: rollup dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
dependabot
bot
requested review from
a team,
coverbeck,
david4096 and
hyunnaye
and removed request for
a team
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #2024 +/- ##
========================================
Coverage 60.62% 60.62%
========================================
Files 394 394
Lines 12316 12316
Branches 2958 2958
========================================
Hits 7466 7466
Misses 4838 4838
Partials 12 12
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
@david4096 please comment if this is urgent/severe enough to warrant a hotfix |
|
@denis-yuen This is good to merge just to develop. Did some testing - the attack uses unsanitized name field of img tags via markdown renderer and we sanitize them. See the image here https://qa.dockstore.org/workflows/github.com/david4096/ismb2024_2/nextflow_example:main?tab=info |
Bumps rollup from 3.29.4 to 3.29.5.
Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
dfd233d3.29.52ef77c0Fix DOM Clobbering CVEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.