chore(deps): bump the production-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the production-dependencies group with 5 updates in the / directory:

Package	From	To
rollup	4.61.1	4.62.0
esbuild	0.28.0	0.28.1
electron-to-chromium	1.5.371	1.5.375
electron	41.7.2	41.8.0
electron-nightly	44.0.0-nightly.20260609	44.0.0-nightly.20260616

Updates rollup from 4.61.1 to 4.62.0

Release notes

Sourced from rollup's releases.

v4.62.0

4.62.0

2026-06-13

Features

• Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

• #6374: Extract the static dependencies imported by manual chunks into separate chunks (@​TrickyPi, @​lukastaegert)
• #6405: fix(deps): update minor/patch updates (@​renovate[bot])
• #6406: chore(deps): pin dependency concurrently to v9 (@​renovate[bot], @​lukastaegert)
• #6407: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6409: chore(deps): update minor/patch updates to v6.2.0 (@​renovate[bot])
• #6410: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6412: fix(deps): update minor/patch updates (@​renovate[bot])
• #6413: chore(deps): update dependency eslint-plugin-unicorn to v65 (@​renovate[bot])
• #6414: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

Changelog

Sourced from rollup's changelog.

4.62.0

2026-06-13

Features

• Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

• #6374: Extract the static dependencies imported by manual chunks into separate chunks (@​TrickyPi, @​lukastaegert)
• #6405: fix(deps): update minor/patch updates (@​renovate[bot])
• #6406: chore(deps): pin dependency concurrently to v9 (@​renovate[bot], @​lukastaegert)
• #6407: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6409: chore(deps): update minor/patch updates to v6.2.0 (@​renovate[bot])
• #6410: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6412: fix(deps): update minor/patch updates (@​renovate[bot])
• #6413: chore(deps): update dependency eslint-plugin-unicorn to v65 (@​renovate[bot])
• #6414: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

Commits

• 5e0066d 4.62.0
• 93e85fc chore(deps): update dependency eslint-plugin-unicorn to v65 (#6413)
• 5c9ef2e fix(deps): update minor/patch updates (#6412)
• 18654d8 chore(deps): lock file maintenance minor/patch updates (#6414)
• d96ed95 Extract the static dependencies imported by manual chunks into separate chunk...
• 126e141 chore(deps): pin dependency concurrently to v9 (#6406)
• f2f58c4 chore(deps): lock file maintenance minor/patch updates (#6410)
• 5a15062 chore(deps): update minor/patch updates to v6.2.0 (#6409)
• d02f03a chore(deps): lock file maintenance minor/patch updates (#6407)
• 844671c fix(deps): update minor/patch updates (#6405)
• See full diff in compare view

Updates esbuild from 0.28.0 to 0.28.1

Release notes

Sourced from esbuild's releases.

v0.28.1

• Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

  This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

  Thanks to @​dellalibera for reporting this issue.

• Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

  The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

  Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

  Thanks to @​sondt99 for reporting this issue.

• Avoid inlining using and await using declarations (#4482)

  Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

  // Original code
  {
    using x = new Resource()
    x.activate()
  }
  // Old output (with --minify)
  new Resource().activate();
  // New output (with --minify)
  {using e=new Resource;e.activate()}

• Fix module evaluation when an error is thrown (#4461, #4467)

  If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

• Fix some edge cases around the new operator (#4477)

  Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

  // Original code
  new (foo()`bar`)()
  new (foo()?.bar)()
  // Old output
  new foo()bar();
  new (foo())?.bar();

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.28.1

• Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

  This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

  Thanks to @​dellalibera for reporting this issue.

• Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

  The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

  Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

  Thanks to @​sondt99 for reporting this issue.

• Avoid inlining using and await using declarations (#4482)

  Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

  // Original code
  {
    using x = new Resource()
    x.activate()
  }
  // Old output (with --minify)
  new Resource().activate();
  // New output (with --minify)
  {using e=new Resource;e.activate()}

• Fix module evaluation when an error is thrown (#4461, #4467)

  If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

• Fix some edge cases around the new operator (#4477)

  Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

  // Original code
  new (foo()`bar`)()
  new (foo()?.bar)()
  // Old output
  new foo()bar();
  new (foo())?.bar();

... (truncated)

Commits

• bb9db84 publish 0.28.1 to npm
• 9ff053e security: add integrity checks to the Deno API
• 0a9bf21 enforce non-negative size in gzip parser
• e2a1a71 security: forbid \\ in local dev server requests
• 83a2cbf fix #4482: don't inline using declarations
• 308ad74 fix #4471: renaming of nested var declarations
• f013f5f fix some typos
• aafd6e4 chore: fix some minor issues in comments (#4462)
• 15300c3 follow up: cjs evaluation fixes
• 1bda0c3 fix #4461, fix #4467: esm evaluation fixes
• Additional commits viewable in compare view

Updates electron-to-chromium from 1.5.371 to 1.5.375

Commits

• a7f09c3 1.5.375
• 633e284 generate new version
• 57a7d2a 1.5.374
• f6f9c92 generate new version
• 5f94138 1.5.373
• f2aedeb generate new version
• 20bc7a1 1.5.372
• ba92329 generate new version
• See full diff in compare view

Updates electron from 41.7.2 to 41.8.0

Release notes

Sourced from electron's releases.

electron v41.8.0

Release Notes for v41.8.0

Fixes

• Fixed a browser process crash when calling webContents.reload() or navigating synchronously from the render-process-gone event; the event is now emitted after the renderer's teardown notification has completed. #51917 (Also in 42, 43)
• Fixed a bug on Linux where a 1px line appeared at the top of frameless windows if the window and web contents had different background colors. #52004 (Also in 42, 43)

Other Changes

• Backported fixes from upstream Chromium and V8. #51936
• Backported fixes from upstream Chromium, Skia and Dawn. #51943
• Updated Node.js to v24.16.0. #51746

Documentation

• Documentation changes: #51925

Commits

• c0fbe12 fix: remove 1px line from the top of frameless windows on Linux (#51458) (#52...
• ccca53d fix: macOS menu roles missing Tahoe icons (#52014)
• 11f5d26 chore: cherry-pick 30 changes from chromium, skia, dawn (#51943)
• a4358c7 build: bump node-gyp to 12.3.0 (#51969)
• 3736195 chore: bump node to v24.16.0 (41-x-y) (#51746)
• 9a0a00c fix: emit render-process-gone outside the process-death notification (#51917)
• 6ba5e4e docs: add API documentation for app.setDesktopName (#51925)
• 5df330a chore: cherry-pick 14 changes from chromium, v8 (#51936)
• See full diff in compare view

Updates electron-nightly from 44.0.0-nightly.20260609 to 44.0.0-nightly.20260616

Commits

• 1adf7e6 fix: macOS menu roles missing Tahoe icons (#51155)
• d50f5cb fix: setting WCO rgba(0,0,0,0) color falling back to default value (#51017)
• 5b1bd32 test: fix flaky code cache cleanup on Windows (#52001)
• f60c9bc ci: replace dorny/paths-filter usage (reland) (#51837)
• e86dff7 fix: remove 1px line from the top of frameless windows on Linux (#51458)
• c83a8da docs: clarify the way electron is downloaded in faq (#51982)
• f503d37 build: update NMV to 149 (#51966)
• 16d0caf build(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#51929)
• de74f61 fix: running under NODE_OPTIONS='--import=tsx' (#51947)
• 0d08b31 chore: bump chromium to 151.0.7873.0 (main) (#51800)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Standing release PR: #400 · 17 packages queued · open 6h 41m · ✅ ready to merge

Release Preview — 18 packages

Note: Labels on this PR are advisory in standing-pr mode. Bumps come from conventional commits in the standing PR; override by editing labels on the standing PR itself. Add release:immediate to bypass the standing PR and release this PR directly.

These changes will be added to the release PR (#400) when merged:

Changelog

Project-wide changes

Changed

• bump the production-dependencies group across 1 directory with 5 updates (deps)

@wdio/dioxus-bridge N/A → 1.0.1

Changed

• bump the production-dependencies group across 1 directory with 5 updates (deps)

@wdio/electrobun-service v0.1.0-next.0 → 0.1.1

Changed

• Update version to 0.1.1

@wdio/electron-cdp-bridge wdio-electron-cdp-bridge@v10.0.0 → 10.0.1

Changed

• Update version to 10.0.1

@wdio/electron-service wdio-electron-service@v10.0.0 → 10.0.1

Changed

• bump the production-dependencies group across 1 directory with 5 updates (deps)

@wdio/flutter-service v1.0.0-next.0 → 1.0.1

Changed

• Update version to 1.0.1

@wdio/native-cdp-bridge v0.1.0-next.0 → 0.1.1

Changed

• Update version to 0.1.1

@wdio/native-mobile-core v1.0.0 → 1.0.1

Changed

• Update version to 1.0.1

@wdio/native-spy wdio-native-spy@v1.1.0 → 1.1.1

Changed

• Update version to 1.1.1

@wdio/native-types wdio-native-types@v2.3.1 → 2.3.2

Changed

• Update version to 2.3.2

@wdio/native-utils wdio-native-utils@v2.4.0 → 2.4.1

Changed

• bump the production-dependencies group across 1 directory with 5 updates (deps)

@wdio/react-native-service v1.0.0-next.0 → 1.0.1

Changed

• Update version to 1.0.1

@wdio/tauri-plugin wdio-tauri-plugin@v1.1.0 → 1.1.1

Changed

• bump the production-dependencies group across 1 directory with 5 updates (deps)

dioxus-package-test-app v0.1.0 → 0.1.1

Changed

• Update version to 0.1.1

wdio-dioxus-embedded-driver v1.0.0-rc.0 → 1.0.1

Changed

• Update version to 1.0.1

wdio_flutter_fixture N/A → 0.1.1

Changed

• Update version to 0.1.1

wdio_flutter N/A → 0.1.1

Changed

• Update version to 0.1.1

Also bumped (sync versioning)

• wdio-dioxus-bridge → 1.0.1
• tauri-plugin-wdio → 1.1.1

After merge — predicted release

No version escalation — this PR's changes will be included in the queued release without affecting the projected versions.

Package	Standing PR	This PR	After merge
@wdio/dioxus-bridge	1.1.0	1.0.1	1.1.0
@wdio/dioxus-service	1.1.0	—	1.1.0
@wdio/electrobun-service	0.2.0	0.1.1	0.2.0
@wdio/electron-cdp-bridge	10.1.0	10.0.1	10.1.0
@wdio/electron-service	10.1.0	10.0.1	10.1.0
@wdio/flutter-service	1.1.0	1.0.1	1.1.0
@wdio/native-cdp-bridge	0.2.0	0.1.1	0.2.0
@wdio/native-mobile-core	1.1.0	1.0.1	1.1.0
@wdio/native-spy	1.2.0	1.1.1	1.2.0
@wdio/native-types	2.4.0	2.3.2	2.4.0
@wdio/native-utils	2.5.0	2.4.1	2.5.0
@wdio/react-native-service	1.1.0	1.0.1	1.1.0
dioxus-package-test-app	0.2.0	0.1.1	0.2.0
wdio_flutter	0.2.0	0.1.1	0.2.0
wdio_flutter_fixture	0.2.0	0.1.1	0.2.0
wdio-dioxus-driver	1.1.0	—	1.1.0
wdio-dioxus-embedded-driver	1.1.0	1.0.1	1.1.0

---

Updated automatically by ReleaseKit