Skip to content

build(deps): update rollup to v4.60.1#1141

Merged
andrejak merged 2 commits into
mainfrom
cursor/TSP-1310-public-sdk-security-fixes-ae9c
Apr 20, 2026
Merged

build(deps): update rollup to v4.60.1#1141
andrejak merged 2 commits into
mainfrom
cursor/TSP-1310-public-sdk-security-fixes-ae9c

Conversation

@andrejak

@andrejak andrejak commented Apr 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • update the root rollup devDependency from 3 to 4.60.1
  • refresh yarn.lock so the repo no longer installs the older Rollup 3.x line
  • add a CI build job that runs corepack yarn build:test on pull requests - this was added to verify that this major upgrade won't break the release... Let me know if you'd rather we skip it

Why

  • this repo previously merged a Rollup security upgrade, but the current manifest had drifted back to rollup@3.30.0
  • upgrading back to the current 4.x line addresses that regression and aligns the branch with the secure dependency path
  • validating the build in CI catches bundler and packaging regressions before merge instead of first surfacing in the release workflow on main

Verification

  • corepack yarn test
  • corepack yarn build:test
  • corepack yarn build && npm pack --dry-run
  • npx semantic-release --dry-run --no-ci
  • corepack yarn lint (warnings only, no errors)
  • corepack yarn npm audit --all (still reports eslint@8.57.1 as a moderate deprecation/support-policy issue, not a Rollup issue)

Linear Issue: TSP-1310

Open in Web Open in Cursor 

@andrejak andrejak closed this Apr 2, 2026
@andrejak andrejak reopened this Apr 17, 2026
@cursoragent @andrejak
build(deps): update rollup to v4.60.1
aba5ba2 
Co-authored-by: Andreja Kogovsek <andrejak@users.noreply.github.com>
@cursor cursor Bot force-pushed the cursor/TSP-1310-public-sdk-security-fixes-ae9c branch from f972028 to aba5ba2 Compare April 17, 2026 14:25
@andrejak andrejak marked this pull request as ready for review April 17, 2026 14:43
@andrejak andrejak requested a review from a team as a code owner April 17, 2026 14:43
igorp1
igorp1 approved these changes Apr 17, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml
@andrejak andrejak merged commit 8c11437 into main Apr 20, 2026
5 checks passed
@andrejak andrejak deleted the cursor/TSP-1310-public-sdk-security-fixes-ae9c branch April 20, 2026 08:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@igorp1 igorp1 igorp1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andrejak @igorp1 @cursoragent