@rollup/plugin-commonjs version 26.0.0 introduces a notable update by upgrading the glob dependency from version 8.0.3 to version ^10.4.1. This change, while seemingly small, could impact developers who rely on specific behaviors of the glob library. The core functionality of converting CommonJS modules to ES2015 remains the same, ensuring compatibility for users migrating existing projects. Developers should review the glob changelog to understand potential breaking changes or new features introduced by this upgrade.
Both versions maintain consistent peer dependencies, requiring Rollup versions ^2.68.0, ^3.0.0, or ^4.0.0, providing flexibility for users on different Rollup versions. The development dependencies such as rollup, typescript, @rollup/plugin-json and @rollup/plugin-node-resolve are also consistent in versions between the two releases, creating a familiar development environment for contributors. The difference in unpacked size has a small increase (160 bytes), it is probably due to the upgrade of the "glob" dependency.
The update signifies an ongoing commitment to maintaining the plugin with up-to-date dependencies, which is important for security and efficiency. The license remains under MIT, making it commercially friendly. Developers should thoroughly test their builds after upgrading to version 26.0.0, focusing on areas where glob is utilized, to ensure that the increased version of the dependency doesn't affect their project negatively.
The are not vulnerabilities for the version 26.0.0 of the package @rollup/plugin-commonjs
