@rollup/plugin-commonjs version 28.0.4 introduces subtle yet important changes compared to version 28.0.3, primarily reflecting internal improvements and potentially bug fixes. Both versions share identical core functionality, converting CommonJS modules into modern ES2015 format for seamless integration with Rollup bundlers. Developers relying on this plugin to handle legacy CommonJS code within their projects can generally expect similar behavior across both versions.
The dependency trees remain the same, with @rollup/pluginutils, fdir, commondir, picomatch, is-reference, magic-string, and estree-walker powering the transformation process; and rollup, source-map, typescript, locate-character, require-relative, source-map-support, @rollup/plugin-json, @rollup/plugin-node-resolve enabling testing and development. This consistency means upgrading from 28.0.3 to 28.0.4 should pose minimal risk of breaking changes related to these shared dependencies.
A key difference lies in the dist section, indicating a slight increase in unpacked size from 263273 bytes in 28.0.3 to 263640 bytes in 28.0.4. This change suggests internal updates, such as code optimizations or minor enhancements, rather than significant alterations to the plugin's core functionality. The release date of 28.0.4, "2025-06-14T10:36:06.038Z", also indicates a substantial time gap since the release of 28.0.3 ("2025-03-06T15:02:24.966Z"), further suggesting the accumulation of minor refinements over time.
Given the shared dependencies and similar feature set, developers encountering issues in 28.0.3 might find them resolved in 28.0.4. Conversely, if 28.0.3 is working stably, upgrading immediately may not be critically necessary unless specific bug fixes or micro-optimizations are desired. Regardless, both versions empower Rollup users to smoothly integrate CommonJS modules into their ES module-based workflows.
The are not vulnerabilities for the version 28.0.4 of the package @rollup/plugin-commonjs
