Skip to content

Fix DOM Clobbering CVE#5671

Merged
lukastaegert merged 1 commit intomasterfrom
dom-clobbering-cve
Sep 21, 2024
Merged

Fix DOM Clobbering CVE#5671
lukastaegert merged 1 commit intomasterfrom
dom-clobbering-cve

Conversation

@lukastaegert
Copy link
Member

This PR contains:

  • bugfix
  • feature
  • refactor
  • documentation
  • other

Are tests included?

  • yes (bugfixes and features will not be merged without tests)
  • no

Breaking Changes?

  • yes (breaking changes will not be merged unless absolutely necessary)
  • no

List any relevant issue numbers:

Description

This is a fix for a reported CVE, details will be included there

@vercel
Copy link

vercel bot commented Sep 21, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
rollup ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 21, 2024 5:45am

@github-actions
Copy link

github-actions bot commented Sep 21, 2024

Thank you for your contribution! ❤️

You can try out this pull request locally by installing Rollup via

npm install rollup/rollup#dom-clobbering-cve

Notice: Ensure you have installed the latest stable Rust toolchain. If you haven't installed it yet, please see https://www.rust-lang.org/tools/install to learn how to download Rustup and install Rust.

or load it into the REPL:
https://rollup-7zdmawtic-rollup-js.vercel.app/repl/?pr=5671

@github-actions
Copy link

github-actions bot commented Sep 21, 2024

Performance report!

Rough benchmark

Command Mean [s] Min [s] Max [s] Relative
node _benchmark/previous/bin/rollup -i ./perf/entry.js -o _benchmark/result/previous.js 9.145 ± 0.083 9.051 9.206 1.00
node _benchmark/current/bin/rollup -i ./perf/entry.js -o _benchmark/result/current.js 9.218 ± 0.076 9.149 9.299 1.01 ± 0.01

Internal benchmark

  • BUILD: 8265ms, 753 MB
    • initialize: 0ms, 26.1 MB
    • generate module graph: 3192ms, 575 MB
      • generate ast: 1551ms, 568 MB
    • sort and bind modules: 446ms, 617 MB
    • mark included statements: 4608ms, 753 MB
      • treeshaking pass 1: 1585ms, 718 MB
      • treeshaking pass 2: 758ms, 738 MB
      • treeshaking pass 3: 293ms, 746 MB
      • treeshaking pass 4: 273ms, 744 MB
      • treeshaking pass 5: 315ms, 752 MB
      • treeshaking pass 6: 259ms, 748 MB
      • treeshaking pass 7: 242ms, 754 MB
      • treeshaking pass 8: 235ms, 752 MB
      • treeshaking pass 9: 214ms, 753 MB
      • treeshaking pass 10: 215ms, 753 MB
      • treeshaking pass 11: 213ms, 753 MB
  • GENERATE: 898ms, 1.02 GB
    • initialize render: 0ms, 914 MB
    • generate chunks: 89ms, 917 MB
      • optimize chunks: 0ms, 917 MB
    • render chunks: 786ms, 1 GB
    • transform chunks: 19ms, 1.02 GB
    • generate bundle: 0ms, 1.02 GB

@codecov
Copy link

codecov bot commented Sep 21, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.39%. Comparing base (10ab90e) to head (72bfc9c).
Report is 1 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #5671   +/-   ##
=======================================
  Coverage   99.39%   99.39%           
=======================================
  Files         242      242           
  Lines        9352     9352           
  Branches     2473     2473           
=======================================
  Hits         9295     9295           
  Misses         48       48           
  Partials        9        9           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lukastaegert lukastaegert merged commit e2552c9 into master Sep 21, 2024
@lukastaegert lukastaegert deleted the dom-clobbering-cve branch September 21, 2024 05:58
@github-actions
Copy link

This PR has been released as part of rollup@4.22.4. You can test it via npm install rollup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant