Merge branch 'master' of https://github.com/rollup/rollup into sync-b…

…86ffd77
rollup · Sep 20, 2024 · 0f47ee5 · 0f47ee5
2 parents 9b70472 + b86ffd7
commit 0f47ee5
Show file tree

Hide file tree

Showing 15 changed files with 735 additions and 712 deletions.
diff --git a/.github/workflows/performance-report.yml b/.github/workflows/performance-report.yml
@@ -127,7 +127,7 @@ jobs:
           hyperfine --warmup 1 --export-markdown _benchmark/rough-report.md --show-output --runs 3 \
             'node _benchmark/previous/bin/rollup -i ./perf/entry.js -o _benchmark/result/previous.js' \
             'node _benchmark/current/bin/rollup -i ./perf/entry.js -o _benchmark/result/current.js'
-      - name: Combine bechmark reports
+      - name: Combine benchmark reports
         run: |
           echo "# Performance report!" > _benchmark/result.md
           echo "## Rough benchmark" >> _benchmark/result.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,32 @@
 # rollup changelog
 
+## 4.22.2
+
+_2024-09-20_
+
+### Bug Fixes
+
+- Revert fix for side effect free modules until other issues are investigated (#5667)
+
+### Pull Requests
+
+- [#5667](https://github.com/rollup/rollup/pull/5667): Partially revert #5658 and re-apply #5644 (@lukastaegert)
+
+## 4.22.1
+
+_2024-09-20_
+
+### Bug Fixes
+
+- Revert #5644 "stable chunk hashes" while issues are being investigated
+
+### Pull Requests
+
+- [#5663](https://github.com/rollup/rollup/pull/5663): chore(deps): update dependency inquirer to v11 (@renovate[bot], @lukastaegert)
+- [#5664](https://github.com/rollup/rollup/pull/5664): chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
+- [#5665](https://github.com/rollup/rollup/pull/5665): fix: type in CI file (@YuHyeonWook)
+- [#5666](https://github.com/rollup/rollup/pull/5666): chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
+
 ## 4.22.0
 
 _2024-09-19_

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting a Vulnerability
+
+To report a vulnerability, please open a private vulnerability report at https://github.com/rollup/rollup/security.
+
+While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Rollup and its official plugins to ensure your application remains as secure as possible.
diff --git a/browser/package.json b/browser/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@rollup/browser",
-  "version": "4.22.0",
+  "version": "4.22.2",
   "description": "Next-generation ES module bundler browser build",
   "main": "dist/rollup.browser.js",
   "module": "dist/es/rollup.browser.js",