chore(deps): bump the production-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the production-dependencies group with 12 updates in the / directory:

Package	From	To
rollup	4.46.4	4.52.5
tsx	4.20.4	4.20.6
@rollup/plugin-node-resolve	16.0.1	16.0.3
@rollup/plugin-typescript	12.1.4	12.3.0
debug	4.4.1	4.4.3
rollup-plugin-node-externals	8.0.1	8.1.1
@electron/packager	18.4.2	18.4.4
@babel/parser	7.28.3	7.28.5
electron-to-chromium	1.5.207	1.5.240
tinyspy	4.0.3	4.0.4
electron	37.3.1	37.7.1
electron-nightly	39.0.0-nightly.20250820	39.0.0-nightly.20250902

Updates rollup from 4.46.4 to 4.52.5

Release notes

Sourced from rollup's releases.

v4.52.5

4.52.5

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#6144)

Pull Requests

• #6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6143: chore: eslint enable concurrency option (@​btea)
• #6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

v4.52.4

4.52.4

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#6133)

Pull Requests

• #6128: Enable npm OIDC publishing (@​lukastaegert)
• #6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

v4.52.3

4.52.3

2025-09-27

Bug Fixes

• Fix check in native loader for environments that do not support reports (#6123)

Pull Requests

• #6123: fix(native-loader): safely handle report.getReport() on Termux/Android (@​Jobians, @​lukastaegert)
• #6124: chore(deps): pin msys2/setup-msys2 action to fb197b7 (@​renovate[bot])
• #6125: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6126: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

... (truncated)

Changelog

Sourced from rollup's changelog.

4.52.5

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#6144)

Pull Requests

• #6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6143: chore: eslint enable concurrency option (@​btea)
• #6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

4.52.4

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#6133)

Pull Requests

• #6128: Enable npm OIDC publishing (@​lukastaegert)
• #6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

4.52.3

2025-09-27

Bug Fixes

• Fix check in native loader for environments that do not support reports (#6123)

Pull Requests

• #6123: fix(native-loader): safely handle report.getReport() on Termux/Android (@​Jobians, @​lukastaegert)
• #6124: chore(deps): pin msys2/setup-msys2 action to fb197b7 (@​renovate[bot])
• #6125: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6126: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.52.2

... (truncated)

Commits

• 55a8fd5 4.52.5
• 58f5a7b fix: generation of debugIDs with invalid length (#6144)
• 0b816b0 chore(deps): lock file maintenance minor/patch updates (#6146)
• a973ed8 chore: eslint enable concurrency option (#6143)
• bfa9e9f chore(deps): update actions/setup-node action to v6 (#6147)
• 69a9336 fix(deps): lock file maintenance minor/patch updates (#6142)
• 88b18b9 chore(deps): update peter-evans/create-or-update-comment action to v5 (#6140)
• c9ab522 chore(deps): update peter-evans/find-comment action to v4 (#6141)
• 01f02bd chore(deps): lock file maintenance minor/patch updates (#6135)
• cd81da7 4.52.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Updates tsx from 4.20.4 to 4.20.6

Release notes

Sourced from tsx's releases.

v4.20.6

4.20.6 (2025-09-26)

Bug Fixes

• properly hide relaySignal from process.listeners() (#741) (710a424)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.20.5

4.20.5 (2025-08-24)

Bug Fixes

• handle ambiguous packages (796053a)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• 710a424 fix: properly hide relaySignal from process.listeners() (#741)
• 20b91c4 docs: make sponsors dynamic
• 08dcd59 chore: move vercel settings to root
• e6d1a47 docs: obfuscate aside classname
• de2719d style: remove unused variable
• 13f2954 chore: upgrade docs deps
• 0504525 chore: upgrade manten
• 132fdd8 test: assert require.cache
• f057e7d test: require loop
• a6f8f9f refactor: getFormat to handle all formats
• Additional commits viewable in compare view

Updates @rollup/plugin-node-resolve from 16.0.1 to 16.0.3

Changelog

Sourced from @​rollup/plugin-node-resolve's changelog.

v16.0.3

2025-10-13

Bugfixes

• fix: resolve bare targets of package "imports" using export maps; avoid fileURLToPath(null) (#1908)

v16.0.2

2025-10-04

Bugfixes

• fix: error thrown with empty entry (#1893)

Commits

• 764910a chore(release): node-resolve v16.0.3
• 3569720 fix(node-resolve): resolve bare targets of package "imports" using export map...
• 516ed1d chore(release): node-resolve v16.0.2
• 7ad5057 fix(node-resolve): error thrown with empty entry (#1893)
• See full diff in compare view

Updates @rollup/plugin-typescript from 12.1.4 to 12.3.0

Changelog

Sourced from @​rollup/plugin-typescript's changelog.

v12.3.0

2025-10-23

Features

• feat: expose latest Program to transformers in watch mode (#1923)

v12.2.0

2025-10-22

Features

• feat: process .js when allowJs is enabled (#1920)

Commits

• 973054d chore(release): typescript v12.3.0
• b6f027b feat(typescript): expose latest Program to transformers in watch mode (#1923)
• a9cdbb5 chore(release): typescript v12.2.0
• 89fa680 feat(typescript): process .js when allowJs is enabled (#1920)
• See full diff in compare view

Updates debug from 4.4.1 to 4.4.3

Release notes

Sourced from debug's releases.

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see debug-js/debug#1005.

Commits

• 6b2c5fb 4.4.3
• See full diff in compare view

Updates rollup-plugin-node-externals from 8.0.1 to 8.1.1

Release notes

Sourced from rollup-plugin-node-externals's releases.

v8.1.1

• VSCode stuff bce53db
• Back to a synchronous factory. Fixes #37. bc1a2f3
• Shorten excessively long line 6423e23
• Remove useless intermediary variable 910f3b3

---

Septh/rollup-plugin-node-externals@v8.1.0...v8.1.1

v8.1.0

• Fix linting issues c6e0784
• Fix usage of fast-check 4 in test 93f10c6
• Update dependencies to their latest version 997a50b
• Update README.md cc7a232
• Activate support for rush.json as a workspace root marker 4061761
• Ask git the root of the repo instead of (wrongly) looking for a .git folder 34c0d38

---

Septh/rollup-plugin-node-externals@v8.0.1...v8.1.0

Commits

• f5c40e5 8.1.1
• bce53db VSCode stuff
• bc1a2f3 Back to a synchronous factory. Fixes #37.
• 6423e23 Shorten excessively long line
• 910f3b3 Remove useless intermediary variable
• 6162d29 8.1.0
• c6e0784 Fix linting issues
• 93f10c6 Fix usage of fast-check 4 in test
• 997a50b Update dependencies to their latest version
• cc7a232 Update README.md
• Additional commits viewable in compare view

Updates @electron/packager from 18.4.2 to 18.4.4

Release notes

Sourced from @​electron/packager's releases.

v18.4.4

18.4.4 (2025-08-27)

Bug Fixes

• fix semver check for icon composer (#1819) (f8661c1)

v18.4.3

18.4.3 (2025-08-27)

Bug Fixes

• skip universal target for non-darwin platforms (#1817) (1b76f8a)

Commits

• 579f742 docs: correct default value for derefSymlinks (#1818)
• f8661c1 fix: fix semver check for icon composer (#1819)
• 1b76f8a fix: skip universal target for non-darwin platforms (#1817)
• 49c7845 build(deps): add @types/node (#1816)
• 16bf5ed ci: bump codecov/codecov-action to 5.5.0 (#1815)
• See full diff in compare view

Updates @babel/parser from 7.28.3 to 7.28.5

Release notes

Sourced from @​babel/parser's releases.

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Committers: 8

• Babel Bot (@​babel-bot)
• Byeongho Yoo (@​youthfulhps)
• Huáng Jùnliàng (@​JLHwung)
• Hyeon Dokko (@​CO0Ki3)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​Olexandr88
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)

... (truncated)

Changelog

Sourced from @​babel/parser's changelog.

v7.28.5 (2025-10-23)

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Commits

• 61647ae v7.28.5
• 0a0dcd8 Improve @babel/parser error typing (#17521)
• f3fb75e Enable strictNullChecks for parser (#17498)
• cd491db chore: simplify parseArrayLike (#17526)
• 758bef6 Allow Runtime Errors for Function Call Assignment Targets (#17446)
• e7031b7 [Babel 8] Treat allowSuperOutsideMethod as top-level only (#17505)
• 6378bc0 fix: improve ts-only declaration parsing (#17491)
• 35055e3 v7.28.4
• f04083a [Babel 8] Align TSMappedType AST (#17479)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/parser since your current version.

Updates electron-to-chromium from 1.5.207 to 1.5.240

Commits

• a0443cc 1.5.240
• eba5e4b generate new version
• f68a349 1.5.239
• c603d6e generate new version
• 0f3e48d 1.5.238
• 42915da generate new version
• 63e9b8d 1.5.237
• d3d6f77 generate new version
• c2d1b56 1.5.236
• b32ad25 generate new version
• Additional commits viewable in compare view

Updates tinyspy from 4.0.3 to 4.0.4

Release notes

Sourced from tinyspy's releases.

v4.0.4

No significant changes

    View changes on GitHub

Commits

• 1068d5b chore: release v4.0.4
• 7610a52 fix: add permissions
• 82deb48 build: fix environment name
• 3b81bb6 chore: release v4.0.4
• eccec64 build: add publish workflow
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tinyspy since your current version.

Updates electron from 37.3.1 to 37.7.1

Release notes

Sourced from electron's releases.

electron v37.7.1

Release Notes for v37.7.1

Fixes

• Fixed an issue where button background on mouse hover with titleBarOverlay wasn't always calculated to provide appropriate minimum contrast. #48596 (Also in 39)
• Fixed an issue where changing the resizable property on a window would break the styles of a transparent window. #48500 (Also in 38, 39)
• Fixed shader-f16 to work on Windows. #48556 (Also in 38, 39)
• Fixed white flash on call to BrowserWindow.show. #48558 (Also in 38, 39)

electron v37.7.0

Release Notes for v37.7.0

Fixes

• Fixed Windows dialog.showMessageBox default button handling. #48520 (Also in 36, 38, 39)
• Fixed addBrowserView to prevent unnecessary removal and re-adding of the same BrowserView. #48200 (Also in 38)
• Fixed an issue where authentication via websockets can crash. #48540 (Also in 38, 39)

Other Changes

• Fixed a development issue where the metal toolchain could not be found when building on macOS 26. #48471 (Also in 38, 39)
• Updated Node.js to v22.20.0. #48380

electron v37.6.1

Release Notes for v37.6.1

Fixes

• AccentColor set distinguishes the frame. #48449 (Also in 38, 39)
• Fix: runtime JS error that crashes GetPackageJSON. #48423 (Also in 38, 39)
• Fixed an issue where snapped windows aren't correctly snapped when minimized and then unminimized. #48439 (Also in 38, 39)

electron v37.6.0

Release Notes for v37.6.0

Features

• Allowed for persisting File System API grant status within a given session. #48328 (Also in 38)

Fixes

• Fixed excessive WindowServer GPU usage on macOS Tahoe 26. #48400 (Also in 36, 39)
• Fixed high CPU usage with <input> tag on macOS 26. #48392 (Also in 39)

electron v37.5.1

Release Notes for v37.5.1

Other Changes

• Use Local Execution, Remote Caching (LERC) for fork PRs [(#48324)](electron/electron#48324)
• Updated v8 [(#48338)](electron/electron#48338)

... (truncated)

Commits

• b56d95d fix: broken transparent window styles on resizable change (#48500)
• 80b1def fix: background hover contrast for WCO buttons (#48596)
• 55f8924 fix: enable shader-f16 on windows (#48556)
• 5a1d521 fix: fixed white flash on call to BrowserWindow.show (#48558)
• dfc60f0 chore: bump node to v22.20.0 (37-x-y) (#48380)
• 8265537 fix: auth required websocket crash (#48540)
• 24602a7 build: fail publish when upload fatal errors (#48544)
• fbbcb0d ci: upload build effective cache hit rate stats to Datadog (#48531)
• 7449f3f fix: dialog.showMessageBox defaultid on Windows (#48520)
• f3f25fd build: fixup chromedriver and mksnapshot (#48507)
• Additional commits viewable in compare view

Updates electron-nightly from 39.0.0-nightly.20250820 to 39.0.0-nightly.20250902

Commits

• fed7304 docs: move some planned breaking changes to 39 (#48236)
• 828fd59 fix: file-only picker incorrectly allowing some directories (#48198)
• e892840 fix: ensure dragging works again after emitting contextmenu event (#48199)
• 7373173 fix: showMessageDialog should center dialog to parent (#48181)
• 5d5e672 chore: bump chromium to 141.0.7361.0 (main) (#48054)
• e39943b fix: BrowserWindow add the same BrowserView (#48053)
• f331606 build: bump NMV to 140 (#48196)
• cca5511 build: refactor Linux binary stripping to align with upstream (#47932)
• bf29d2f docs: fix some module headings (#48177)
• fea1a2a ci: use free GH arm runners (#47872)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions