fix!: Rollup build XSS vulnerability (CVE-2024-43788)

vite-pwa · Sep 24, 2024 · 71ddc24 · 71ddc24
1 parent 2de47c4
commit 71ddc24
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 11 deletions.
diff --git a/package.json b/package.json
@@ -111,7 +111,7 @@
   },
   "peerDependencies": {
     "@vite-pwa/assets-generator": "^0.2.6",
-    "vite": "^3.1.0 || ^4.0.0 || ^5.0.0",
+    "vite": "^4.2.0 || ^5.0.0",
     "workbox-build": "^7.1.0",
     "workbox-window": "^7.1.0"
   },
@@ -145,7 +145,6 @@
     "prompts": "^2.4.2",
     "publint": "^0.2.5",
     "react": "^18.2.0",
-    "rollup": "^4.4.1",
     "solid-js": "^1.8.5",
     "svelte": "^4.2.5",
     "tsup": "^7.3.0",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/types.ts b/src/types.ts
@@ -1,6 +1,5 @@
-import type { BuildOptions, InlineConfig, Plugin, ResolvedConfig, UserConfig } from 'vite'
+import type { BuildOptions, InlineConfig, Plugin, ResolvedConfig, Rollup, UserConfig } from 'vite'
 import type { GenerateSWOptions, InjectManifestOptions, ManifestEntry } from 'workbox-build'
-import type { OutputBundle, RollupOptions } from 'rollup'
 import type { BuiltInPreset, Preset } from '@vite-pwa/assets-generator/config'
 import type { HtmlLinkPreset } from '@vite-pwa/assets-generator/api'
 import type { PWAAssetsGenerator } from './pwa-assets/types'
@@ -78,13 +77,13 @@ export type CustomInjectManifestOptions = InjectManifestOptions & {
    * **WARN**: this option is for advanced usage, beware, you can break your application build.
    */
   buildPlugins?: {
-    rollup?: RollupOptions['plugins']
+    rollup?: Rollup.RollupOptions['plugins']
     vite?: UserConfig['plugins']
   }
   /**
    * Since `v0.15.0` you can add custom Rollup options to build your service worker: we expose the same configuration to build a worker using Vite.
    */
-  rollupOptions?: Omit<RollupOptions, 'plugins' | 'output'>
+  rollupOptions?: Omit<Rollup.RollupOptions, 'plugins' | 'output'>
 
   /**
    * Environment options.
@@ -407,7 +406,7 @@ export interface VitePWAOptions {
 export interface ResolvedServiceWorkerOptions {
   format: 'es' | 'iife'
   plugins?: Plugin[]
-  rollupOptions: RollupOptions
+  rollupOptions: Rollup.RollupOptions
 }
 
 export interface ResolvedVitePWAOptions extends Required<Omit<VitePWAOptions, 'pwaAssets' | 'showMaximumFileSizeToCacheInBytesWarning'>> {
@@ -706,7 +705,7 @@ export interface VitePluginPWAAPI {
   /*
    * Explicitly generate the manifests.
    */
-  generateBundle(bundle?: OutputBundle): OutputBundle | undefined
+  generateBundle(bundle?: Rollup.OutputBundle): Rollup.OutputBundle | undefined
   /*
    * Explicitly generate the PWA services worker.
    */