chore(deps): bump the production-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates in the / directory:

Package	From	To
rollup	4.52.4	4.52.5
@rollup/plugin-node-resolve	16.0.2	16.0.3
electron	38.2.2	38.3.0
esbuild	0.25.10	0.25.11
electron-to-chromium	1.5.234	1.5.237
electron-nightly	40.0.0-nightly.20251010	40.0.0-nightly.20251016

Updates rollup from 4.52.4 to 4.52.5

Release notes

Sourced from rollup's releases.

v4.52.5

4.52.5

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#6144)

Pull Requests

• #6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6143: chore: eslint enable concurrency option (@​btea)
• #6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

Changelog

Sourced from rollup's changelog.

4.52.5

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#6144)

Pull Requests

• #6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6143: chore: eslint enable concurrency option (@​btea)
• #6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

Commits

• 55a8fd5 4.52.5
• 58f5a7b fix: generation of debugIDs with invalid length (#6144)
• 0b816b0 chore(deps): lock file maintenance minor/patch updates (#6146)
• a973ed8 chore: eslint enable concurrency option (#6143)
• bfa9e9f chore(deps): update actions/setup-node action to v6 (#6147)
• 69a9336 fix(deps): lock file maintenance minor/patch updates (#6142)
• 88b18b9 chore(deps): update peter-evans/create-or-update-comment action to v5 (#6140)
• c9ab522 chore(deps): update peter-evans/find-comment action to v4 (#6141)
• 01f02bd chore(deps): lock file maintenance minor/patch updates (#6135)
• See full diff in compare view

Updates @rollup/plugin-node-resolve from 16.0.2 to 16.0.3

Changelog

Sourced from @​rollup/plugin-node-resolve's changelog.

v16.0.3

2025-10-13

Bugfixes

• fix: resolve bare targets of package "imports" using export maps; avoid fileURLToPath(null) (#1908)

Commits

• 764910a chore(release): node-resolve v16.0.3
• 3569720 fix(node-resolve): resolve bare targets of package "imports" using export map...
• See full diff in compare view

Updates electron from 38.2.2 to 38.3.0

Release notes

Sourced from electron's releases.

electron v38.3.0

Release Notes for v38.3.0

Fixes

• Fixed Windows dialog.showMessageBox default button handling. #48519 (Also in 36, 37, 39)
• Fixed an issue where shell.openExternal caused an unexpected dialog to open when there was no app suitable to open the url. #48517 (Also in 39)
• Fixed an issue where authentication via websockets can crash. #48539 (Also in 37, 39)
• Fixed an issue where changing the resizable property on a window would break the styles of a transparent window. #48499 (Also in 39)

Other Changes

• Fixed a development issue where the metal toolchain could not be found when building on macOS 26. #48473 (Also in 37, 39)
• Updated Chromium to 140.0.7339.240. #48486
• Updated Node.js to v22.20.0. #48381

Commits

• 5bc759e fix: auth required websocket crash (#48539)
• 91899aa chore: bump node to v22.20.0 (38-x-y) (#48381)
• 4f0b4c7 build: fail publish when upload fatal errors (#48547)
• 5b32b7b fix: unexpected openExternal dialog on macOS Tahoe (#48517)
• e03891e ci: upload build effective cache hit rate stats to Datadog (#48529)
• af55e45 fix: dialog.showMessageBox defaultid on Windows (#48519)
• d1c2d06 docs: update Azure Trusted Signing availability (#48523)
• 2af34b7 fix: broken transparent window styles on resizable change (#48499)
• 54e2de4 build: fixup chromedriver and mksnapshot (#48481)
• d9e9ed3 build: handle Metal toolchain being unbundled from Xcode 26 (#48473)
• Additional commits viewable in compare view

Updates esbuild from 0.25.10 to 0.25.11

Release notes

Sourced from esbuild's releases.

v0.25.11

• Add support for with { type: 'bytes' } imports (#4292)

  The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

  import data from './image.png' with { type: 'bytes' }
  const view = new DataView(data.buffer, 0, 24)
  const width = view.getInt32(16)
  const height = view.getInt32(20)
  console.log('size:', width + '\xD7' + height)

• Lower CSS media query range syntax (#3748, #4293)

  With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

  @media (640px <= width <= 960px) {
    main {
      display: flex;
    }
  }

  will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

  @media (min-width: 640px) and (max-width: 960px) {
    main {
      display: flex;
    }
  }

Changelog

Sourced from esbuild's changelog.

0.25.11

• Add support for with { type: 'bytes' } imports (#4292)

  The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

  import data from './image.png' with { type: 'bytes' }
  const view = new DataView(data.buffer, 0, 24)
  const width = view.getInt32(16)
  const height = view.getInt32(20)
  console.log('size:', width + '\xD7' + height)

• Lower CSS media query range syntax (#3748, #4293)

  With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

  @media (640px <= width <= 960px) {
    main {
      display: flex;
    }
  }

  will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

  @media (min-width: 640px) and (max-width: 960px) {
    main {
      display: flex;
    }
  }

Commits

• 6b7c4f2 publish 0.25.11 to npm
• 7295c1a css: also parse media queries in @import rules
• e3991dd css: some adjustments to @import parsing
• 8bb82ca fix #3748, fix #4293: lower css media range syntax
• d8c3f87 css: parse and print media queries
• 6e75bc7 run make update-compat-table
• 8f506d5 fix #4292: support with { type: bytes }
• See full diff in compare view

Updates electron-to-chromium from 1.5.234 to 1.5.237

Commits

• 63e9b8d 1.5.237
• d3d6f77 generate new version
• c2d1b56 1.5.236
• b32ad25 generate new version
• 55d04f4 1.5.235
• d13adea generate new version
• See full diff in compare view

Updates electron-nightly from 40.0.0-nightly.20251010 to 40.0.0-nightly.20251016

Commits

• 7e031f7 ci: fix publish for macOS < 26.0 (#48575)
• 7580e3a chore: update fix_harden_blink_scriptstate_maybefrom.patch (#48566)
• 471a144 chore: bump chromium to 143.0.7469.0 (main) (#48548)
• 676406c build: run on macOS 15 (#48563)
• 357e42d fix: fixed white flash on call to BrowserWindow.show (#47151)
• 9b74059 fix: enable shader-f16 on windows (#48342)
• 9e577ae build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#48551)
• b74bd8f build(deps): bump github/codeql-action from 3.30.6 to 4.30.8 (#48552)
• f494dbb ci: upload build cache hit rate on Windows as well (#48550)
• 8dc5999 build(deps): bump @​electron/typescript-definitions to 9.1.5 (#48210)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.