Tsup version 1.5.0 represents a notable update over its predecessor, version 1.4.23, offering developers enhanced functionality and dependency upgrades for a smoother build process leveraging Rollup and esbuild. A key difference lies in the updated rollup dependency, moving from version 2.16.1 to 2.18.0. This likely incorporates bug fixes, performance enhancements, and potentially new features within Rollup itself, benefiting developers through improved module bundling capabilities. Another significant update is the rollup-plugin-esbuild dependency, progressing from version 1.4.1 to 2.1.0. This substantial jump suggests substantial improvements in the integration of esbuild with Rollup, potentially leading to faster build times and better support for modern JavaScript syntax features.
While the devDependencies remain largely consistent, indicating a stable development environment for the Tsup project itself, the core build process for users is impacted by the dependency upgrades. Specifically, developers can expect improvement in build speeds and compatibility with newer EcmaScript features thanks to the rollup-plugin-esbuild update. These updates contribute to a more reliable and efficient build pipeline when utilizing Tsup to bundle and optimize their JavaScript or TypeScript projects. The updates in underlying dependencies suggest the Tsup team is focused on leveraging the latest features and optimisations available in the wider JavaScript ecosystem, ultimately aiming for a superior developer experience and faster builds with minimal configuration.
All the vulnerabilities related to the version 1.5.0 of the package
tsup DOM Clobbering vulnerability
A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components
