From 15a0aea21dce874fe84760a07c169fd0bb2896ff Mon Sep 17 00:00:00 2001 From: Saul Gutierrez Date: Thu, 26 Sep 2024 17:01:48 -0700 Subject: [PATCH] upgrade rollup to 3.29.5 Summary: The most recent release of react scripts is pulling an older version of rollup, which has a bunch of vulnerabilities associated with it (see associated task). Since this hasn't been fixed yet ([see this GitHub issue](https://github.com/facebook/create-react-app/issues/13671)), let's just pin it to the first version that fixes this. We cannot add overrides because we are using yarn. Reviewed By: quark-zju Differential Revision: D63459489 fbshipit-source-id: b047610af75b89a38b8f5f4e212061114ba098d3 --- eden/contrib/package.json | 3 +++ eden/contrib/yarn.lock | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/eden/contrib/package.json b/eden/contrib/package.json index 2833b7ba25885..41992d2def998 100644 --- a/eden/contrib/package.json +++ b/eden/contrib/package.json @@ -20,5 +20,8 @@ "prettier-check": "prettier --check .", "prettier-fix": "prettier --write ." }, + "resolutions": { + "rollup": "3.29.5" + }, "dependencies": {} } diff --git a/eden/contrib/yarn.lock b/eden/contrib/yarn.lock index f72ea8d5f043a..8bcaffdc9b1b4 100644 --- a/eden/contrib/yarn.lock +++ b/eden/contrib/yarn.lock @@ -9452,10 +9452,10 @@ rollup-plugin-terser@^7.0.0: serialize-javascript "^4.0.0" terser "^5.0.0" -rollup@^2.43.1: - version "2.77.1" - resolved "https://registry.npmjs.org/rollup/-/rollup-2.77.1.tgz" - integrity sha512-GhutNJrvTYD6s1moo+kyq7lD9DeR5HDyXo4bDFlDSkepC9kVKY+KK/NSZFzCmeXeia3kEzVuToQmHRdugyZHxw== +rollup@3.29.5, rollup@^2.43.1: + version "3.29.5" + resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.29.5.tgz#8a2e477a758b520fb78daf04bca4c522c1da8a54" + integrity sha512-GVsDdsbJzzy4S/v3dqWPJ7EfvZJfCHiDqe80IyrF59LYuP+e6U1LJoUqeuqRbwAWoMNoXivMNeNAOf5E22VA1w== optionalDependencies: fsevents "~2.3.2"