chore(deps): bump the production-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the production-dependencies group with 9 updates in the / directory:

Package	From	To
@rollup/plugin-typescript	12.1.4	12.3.0
commander	14.0.1	14.0.2
rollup	4.52.5	4.53.1
rollup-plugin-node-externals	8.1.1	8.1.2
@babel/parser	7.28.4	7.28.5
electron-to-chromium	1.5.238	1.5.248
esbuild	0.25.11	0.25.12
electron	38.3.0	38.6.0
electron-nightly	40.0.0-nightly.20251010	40.0.0-nightly.20251028

Updates @rollup/plugin-typescript from 12.1.4 to 12.3.0

Changelog

Sourced from @​rollup/plugin-typescript's changelog.

v12.3.0

2025-10-23

Features

• feat: expose latest Program to transformers in watch mode (#1923)

v12.2.0

2025-10-22

Features

• feat: process .js when allowJs is enabled (#1920)

Commits

• 973054d chore(release): typescript v12.3.0
• b6f027b feat(typescript): expose latest Program to transformers in watch mode (#1923)
• a9cdbb5 chore(release): typescript v12.2.0
• 89fa680 feat(typescript): process .js when allowJs is enabled (#1920)
• See full diff in compare view

Updates commander from 14.0.1 to 14.0.2

Release notes

Sourced from commander's releases.

v14.0.2

Changed

• improve negative number auto-detection test (#2428)
• update (dev) dependencies

Changelog

Sourced from commander's changelog.

[14.0.2] (2025-10-25)

Changed

• improve negative number auto-detection test (#2428)
• update (dev) dependencies

Commits

• 0692be5 Prepare for 14.0.2 (#2437)
• 88a348e Bump actions/setup-node from 5 to 6 (#2438)
• 3fe83d6 Bump github/codeql-action from 3 to 4 (#2435)
• 0b7988e Bump globals from 16.3.0 to 16.4.0 (#2429)
• 8005253 Bump typescript-eslint from 8.42.0 to 8.45.0 (#2430)
• 213e679 Bump ts-jest from 29.4.1 to 29.4.4 (#2431)
• 7ede91b Bump jest from 30.1.3 to 30.2.0 (#2432)
• 8c91f34 Bump typescript from 5.9.2 to 5.9.3 (#2433)
• ff1d2ce Improve negative test (#2428)
• 1a6dba5 Clarify deprecated routine (#2427)
• See full diff in compare view

Updates rollup from 4.52.5 to 4.53.1

Release notes

Sourced from rollup's releases.

v4.53.1

4.53.1

2025-11-07

Bug Fixes

• Fix install script (#6172)

Pull Requests

• #6172: fix: move patch-package from postinstall to prepare script (@​mshima)

v4.53.0

4.53.0

2025-11-07

Features

• Improve rendering performance by caching generated variable names (#5947)

Pull Requests

• #5947: refactor: store safe variable names in cache for subsequent usage (@​Aslemammad, @​lukastaegert, @​Service account user)
• #6149: chore(deps): update dependency vite to v7.1.11 [security] (@​renovate[bot], @​Service account user)
• #6151: fix(deps): update swc monorepo (major) (@​renovate[bot], @​Service account user)
• #6152: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #6153: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #6155: Fix tests: Do not swallow warnings for multi-format tests (@​lukastaegert, @​Service account user)
• #6159: chore(deps): update dependency eslint-plugin-unicorn to v62 (@​renovate[bot])
• #6160: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #6161: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6164: chore(deps): update dependency @​rollup/plugin-alias to v6 (@​renovate[bot])
• #6165: chore(deps): update dependency @​rollup/plugin-commonjs to v29 (@​renovate[bot])
• #6166: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6167: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

Changelog

Sourced from rollup's changelog.

4.53.1

2025-11-07

Bug Fixes

• Fix install script (#6172)

Pull Requests

• #6172: fix: move patch-package from postinstall to prepare script (@​mshima)

4.53.0

2025-11-07

Features

• Improve rendering performance by caching generated variable names (#5947)

Pull Requests

• #5947: refactor: store safe variable names in cache for subsequent usage (@​Aslemammad, @​lukastaegert, @​Service account user)
• #6149: chore(deps): update dependency vite to v7.1.11 [security] (@​renovate[bot], @​Service account user)
• #6151: fix(deps): update swc monorepo (major) (@​renovate[bot], @​Service account user)
• #6152: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #6153: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #6155: Fix tests: Do not swallow warnings for multi-format tests (@​lukastaegert, @​Service account user)
• #6159: chore(deps): update dependency eslint-plugin-unicorn to v62 (@​renovate[bot])
• #6160: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #6161: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6164: chore(deps): update dependency @​rollup/plugin-alias to v6 (@​renovate[bot])
• #6165: chore(deps): update dependency @​rollup/plugin-commonjs to v29 (@​renovate[bot])
• #6166: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6167: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

Commits

• e3bdcdf 4.53.1
• 96b5453 fix: move patch-package from postinstall to prepare script (#6172)
• ecff532 4.53.0
• 05a6c01 refactor: store safe variable names in cache for subsequent usage (#5947)
• 5cf4264 fix(deps): update swc monorepo (major) (#6166)
• 75c4346 chore(deps): lock file maintenance minor/patch updates (#6167)
• 1ba7efe chore(deps): update dependency @​rollup/plugin-alias to v6 (#6164)
• e64d220 chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#6165)
• d96ffa9 fix(deps): lock file maintenance minor/patch updates (#6161)
• 9a87f8e chore(deps): update dependency eslint-plugin-unicorn to v62 (#6159)
• Additional commits viewable in compare view

Updates rollup-plugin-node-externals from 8.1.1 to 8.1.2

Release notes

Sourced from rollup-plugin-node-externals's releases.

v8.1.2

• Fix tests cb4cf5e
• Greatly simplify (and reduce code size) of the buildStart hook a958739

---

Septh/rollup-plugin-node-externals@v8.1.1...v8.1.2

Commits

• c80d095 8.1.2
• cb4cf5e Fix tests
• a958739 Greatly simplify (and reduce code size) of the buildStart hook
• See full diff in compare view

Updates @babel/parser from 7.28.4 to 7.28.5

Release notes

Sourced from @​babel/parser's releases.

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Committers: 8

• Babel Bot (@​babel-bot)
• Byeongho Yoo (@​youthfulhps)
• Huáng Jùnliàng (@​JLHwung)
• Hyeon Dokko (@​CO0Ki3)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​Olexandr88
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

Changelog

Sourced from @​babel/parser's changelog.

v7.28.5 (2025-10-23)

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Commits

• 61647ae v7.28.5
• 0a0dcd8 Improve @babel/parser error typing (#17521)
• f3fb75e Enable strictNullChecks for parser (#17498)
• cd491db chore: simplify parseArrayLike (#17526)
• 758bef6 Allow Runtime Errors for Function Call Assignment Targets (#17446)
• e7031b7 [Babel 8] Treat allowSuperOutsideMethod as top-level only (#17505)
• 6378bc0 fix: improve ts-only declaration parsing (#17491)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/parser since your current version.

Updates electron-to-chromium from 1.5.238 to 1.5.248

Commits

• 8e18b8c 1.5.248
• a48292b generate new version
• 1f15100 1.5.247
• 793f70c generate new version
• 7fb2c89 1.5.246
• c3bfc48 generate new version
• 3c05e1b 1.5.245
• afa2e9d generate new version
• df71d39 1.5.244
• 7f05f7e generate new version
• Additional commits viewable in compare view

Updates esbuild from 0.25.11 to 0.25.12

Release notes

Sourced from esbuild's releases.

v0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:
  class ExampleIterator extends Iterator {}

• Add support for the new @view-transition CSS rule (#4313)

  With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

  /* Original code */
  @view-transition {
    navigation: auto;
    types: check;
  }
  /* Old output */
  @​view-transition { navigation: auto; types: check; }
  /* New output */
  @​view-transition {
  navigation: auto;
  types: check;

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:
  class ExampleIterator extends Iterator {}

• Add support for the new @view-transition CSS rule (#4313)

  With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

  /* Original code */
  @view-transition {
    navigation: auto;
    types: check;
  }
  /* Old output */
  @​view-transition { navigation: auto; types: check; }
  /* New output */
  @​view-transition {
  navigation: auto;

... (truncated)

Commits

• 208f539 publish 0.25.12 to npm
• 5f03afd update release notes
• 6b2ee78 minify: remove css rules containing empty :is()
• f361deb add some additional known static methods
• 07aa646 automatically mark "RegExp.escape()" calls as pure
• 9039c46 simplify some call expression checks
• 188944d add some additional known static methods
• d3c67f9 fix #4310: add Iterator and other known globals
• 4a51f0b fix: escape dev server breadcrumb hrefs properly (#4316)
• 26b29ed fix #4315: @media deduplication bug edge case
• Additional commits viewable in compare view

Updates electron from 38.3.0 to 38.6.0

Release notes

Sourced from electron's releases.

electron v38.6.0

Release Notes for v38.6.0

Fixes

• Fixed an application crash when clicking or hovering over the native MacOS "Window" menu. Reverts #48598. #48801 (Also in 39, 40)
• Fixed an issue on Wayland (Linux) where right-clicking in the titlebar could break mouse interactions. #48757 (Also in 39, 40)
• Fixed an issue that menu items on macOS could not be disabled under all circumstances. #48710 (Also in 37, 39)
• Fixed draw smoothing round corner issue. #48780 (Also in 40)
• Fixed incorrect signal variable reference in nan-spec-runner that could cause install failures to go undetected. #48708 (Also in 39)

Other Changes

• Updated Node.js to v22.21.1. #48615

electron v38.5.0

Release Notes for v38.5.0

Features

• Added methods to enable more granular accessibility support management. #48626 (Also in 37, 39)

Fixes

• Fixed a potential crash in dialog.showOpenDialog on Windows with an empty extension filter array. #48660 (Also in 37, 39)
• Fixed an error when checking environmental variables when using remote checksums when installing Electron via npm. #48672 (Also in 37, 39)
• Fixed an issue where trafficLightPosition would not be correctly applied when using titleBarStyle: 'customButtonsOnHover' on macOS 26. #48620 (Also in 37, 39)
• Fixed an issue where button background on mouse hover with titleBarOverlay wasn't always calculated to provide appropriate minimum contrast. #48595 (Also in 37, 39)
• Fixed an issue where icons didn't show up as expected on Windows Toast notifications. #48630 (Also in 39)
• Fixed crash when inspector agent attempts to evaluate on provisional frames. #48513 (Also in 39)

Other Changes

• Updated Chromium to 140.0.7339.249. #48569

Documentation

• Documentation changes: #48684

electron v38.4.0

Release Notes for v38.4.0

Features

• Support dynamic ESM imports in non-context isolated preloads. #48489 (Also in 39)

Fixes

• Fixed shader-f16 to work on Windows. #48555 (Also in 37, 39)
• Fixed white flash on call to BrowserWindow.show. #48560 (Also in 37, 39)
• Titlebar buttons now appear on the correct side of windows on Wayland in Ubuntu. #48602 (Also in 39)

Commits

• 88a4d1c fix: revert allow disabling all NSMenuItems, fix menu crash (#48801)
• fea4fad build: use --keep-non-patch flag with git am (#48806)
• 60ff1a1 fix: draw smoothing round rect corner (#48780)
• 4b13582 fix: release mouse buttons on focus loss on Wayland (#48757)
• 3083fab chore: bump node to v22.21.1 (38-x-y) (#48615)
• 1124893 fix: allow disabling all NSMenuItems (#48710)
• 8f23e5a fix: use correct signal variable in nan-spec-runner install check (#48708)
• e308928 ci: use \<sup> in release notes generator (#48698)
• c1eb83c docs: add net.isOnline() to online/offline detection tutorial (#48684)
• 16099b6 ci: add more fields to Slack payload for backport requested message (#48687)
• Additional commits viewable in compare view

Updates electron-nightly from 40.0.0-nightly.20251010 to 40.0.0-nightly.20251028

Commits

• 08492b5 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#48691)
• 3c1b51d build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#48692)
• 28f1cf1 feat: Focus DevTools when breakpoint is triggered (#46386)
• 297319f ci: use \<sup> in release notes generator (#48690)
• 7fecc66 build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#48693)
• 705d120 build(deps-dev): bump typescript from 5.6.2 to 5.8.3 (#48694)
• 9ce27e5 docs: security.md use runnable examples for permissions and csp (#43248)
• 09c22ea docs: add net.isOnline() to online/offline detection tutorial (#48665)
• e44b96b refactor: avoid deprecated views a11y api (#47674)
• b389377 feat: add app.isHardwareAccelerationEnabled() (#47614)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: area:dependencies, track:main. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.