Bump the all group with 8 updates

[dependabot]

Bumps the all group with 8 updates:

Package	From	To
@biomejs/biome	2.3.13	2.4.4
@storybook/react	10.2.3	10.2.13
@storybook/react-vite	10.2.3	10.2.13
@types/react	19.2.10	19.2.14
@vitejs/plugin-react	5.1.2	5.1.4
msw	2.12.7	2.12.10
rollup	4.57.1	4.59.0
storybook	10.2.3	10.2.13

Updates @biomejs/biome from 2.3.13 to 2.4.4

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.4

2.4.4

Patch Changes

• #9150 6946835 Thanks @​dyc3! - Fixed #9138: Astro files containing --- in HTML content (e.g., <h1>---Hi</h1>) are now parsed correctly, both when a frontmatter block is present and when there is no frontmatter at all.

• #9150 aa6f837 Thanks @​dyc3! - Fixed #9138: The HTML parser incorrectly failing to parse bracket characters ([ and ]) in text content (e.g. <div>[Foo]</div>).

• #9151 c0d4b0c Thanks @​dyc3! - Fixed parsing of Svelte directive keywords (use, style) when used as plain text content in HTML/Svelte files. Previously, <p>use JavaScript</p> or <p>style it</p> would incorrectly produce a bogus element instead of proper text content.

• #9162 7f1e060 Thanks @​dyc3! - Fixed #9161: The Vue parser now correctly handles colon attributes like xlink:href and xmlns:xlink by parsing them as single attributes instead of splitting them into separate tokens.

• #9164 458211b Thanks @​dyc3! - Fixed #9161: The noAssignInExpressions rule no longer flags assignments in Vue v-on directives (e.g., @click="counter += 1"). Assignments in event handlers are idiomatic Vue patterns and are now skipped by the rule.

What's Changed

• chore(scss): cherry-picks by @​denbezrukov in biomejs/biome#9149
• fix(parse/html): don't lex square brackets as special tokens in contexts where they don't mean anything by @​dyc3 in biomejs/biome#9150
• refactor(parse/html): use token_set! instead of matches! for svelte keywords and directives helpers by @​dyc3 in biomejs/biome#9148
• fix(parse/html): don't lex "use" as USE_KW when in html text content by @​dyc3 in biomejs/biome#9151
• feat(css): enhance SCSS qualified name detection by @​denbezrukov in biomejs/biome#9159
• chore(html): more html benchmarks by @​dyc3 in biomejs/biome#8153
• fix(parse/html/vue): don't treat : as special token outside of vue directives by @​dyc3 in biomejs/biome#9162
• feat(lint/vue): automatically ignore noAssignInExpressions for vue v-on directives by @​dyc3 in biomejs/biome#9164
• ci: release by @​github-actions[bot] in biomejs/biome#9160

Full Changelog: https://github.com/biomejs/biome/compare/@​biomejs/biome@​2.4.3...@​biomejs/biome@​2.4.4

Biome CLI v2.4.3

2.4.3

Patch Changes

• #9120 aa40fc2 Thanks @​ematipico! - Fixed #9109, where the GitHub reporter wasn't correctly enabled when biome ci runs on GitHub Actions.

• #9128 8ca3f7f Thanks @​dyc3! - Fixed #9107: The HTML parser can now correctly parse Astro directives (client/set/class/is/server), which fixes the formatting for Astro directives.

• #9124 f5b0e8d Thanks @​ematipico! - Fixed #8882 and #9108: The Astro frontmatter lexer now correctly identifies the closing --- fence when the frontmatter contains multi-line block comments with quote characters, strings that mix quote types (e.g. "it's"), or escaped quote characters (e.g. "\").

• #9142 3ca066b Thanks @​THernandez03! - Fixed #9141: The noUnknownAttribute rule no longer reports closedby as an unknown attribute on <dialog> elements.

• #9126 792013e Thanks @​ematipico! - Added missing Mocha globals to the Test domain: context, run, setup, specify, suite, suiteSetup, suiteTeardown, teardown, xcontext, xdescribe, xit, and xspecify. These are injected by Mocha's BDD and TDD interfaces and were previously flagged as undeclared variables in projects using Mocha.

• #8855 6918c9e Thanks @​ruidosujeira! - Fixed #8840. Now the Biome CSS parser correctly parses not + scroll-state inside @container queries.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.4

Patch Changes

• #9150 6946835 Thanks @​dyc3! - Fixed #9138: Astro files containing --- in HTML content (e.g., <h1>---Hi</h1>) are now parsed correctly, both when a frontmatter block is present and when there is no frontmatter at all.

• #9150 aa6f837 Thanks @​dyc3! - Fixed #9138: The HTML parser incorrectly failing to parse bracket characters ([ and ]) in text content (e.g. <div>[Foo]</div>).

• #9151 c0d4b0c Thanks @​dyc3! - Fixed parsing of Svelte directive keywords (use, style) when used as plain text content in HTML/Svelte files. Previously, <p>use JavaScript</p> or <p>style it</p> would incorrectly produce a bogus element instead of proper text content.

• #9162 7f1e060 Thanks @​dyc3! - Fixed #9161: The Vue parser now correctly handles colon attributes like xlink:href and xmlns:xlink by parsing them as single attributes instead of splitting them into separate tokens.

• #9164 458211b Thanks @​dyc3! - Fixed #9161: The noAssignInExpressions rule no longer flags assignments in Vue v-on directives (e.g., @click="counter += 1"). Assignments in event handlers are idiomatic Vue patterns and are now skipped by the rule.

2.4.3

Patch Changes

• #9120 aa40fc2 Thanks @​ematipico! - Fixed #9109, where the GitHub reporter wasn't correctly enabled when biome ci runs on GitHub Actions.

• #9128 8ca3f7f Thanks @​dyc3! - Fixed #9107: The HTML parser can now correctly parse Astro directives (client/set/class/is/server), which fixes the formatting for Astro directives.

• #9124 f5b0e8d Thanks @​ematipico! - Fixed #8882 and #9108: The Astro frontmatter lexer now correctly identifies the closing --- fence when the frontmatter contains multi-line block comments with quote characters, strings that mix quote types (e.g. "it's"), or escaped quote characters (e.g. "\").

• #9142 3ca066b Thanks @​THernandez03! - Fixed #9141: The noUnknownAttribute rule no longer reports closedby as an unknown attribute on <dialog> elements.

• #9126 792013e Thanks @​ematipico! - Added missing Mocha globals to the Test domain: context, run, setup, specify, suite, suiteSetup, suiteTeardown, teardown, xcontext, xdescribe, xit, and xspecify. These are injected by Mocha's BDD and TDD interfaces and were previously flagged as undeclared variables in projects using Mocha.

• #8855 6918c9e Thanks @​ruidosujeira! - Fixed #8840. Now the Biome CSS parser correctly parses not + scroll-state inside @container queries.

• #9111 4fb55cf Thanks @​Jayllyz! - Slightly improved performance of noIrregularWhitespace by adding early return optimization and simplifying character detection logic.

• #8975 086a0c5 Thanks @​FrankFMY! - Fixed #8478: useDestructuring no longer suggests destructuring when the variable has a type annotation, like const foo: string = object.foo.

2.4.2

Patch Changes

• #9103 fc9850c Thanks @​dyc3! - Fixed #9098: useImportType no longer incorrectly flags imports used in Svelte control flow blocks ({#if}, {#each}, {#await}, {#key}) as type-only imports.

• #9106 f4b7296 Thanks @​dyc3! - Updated rule source metadata for rules from html-eslint.

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noConditionalExpect. This rule disallows conditional expect() calls inside tests, which can lead to tests that silently pass when assertions never run.

  // Invalid - conditional expect may not run
  test("conditional", async ({ page }) => {
    if (someCondition) {
      await expect(page).toHaveTitle("Title");
    }

... (truncated)

Commits

• 6c296ea ci: release (#9160)
• 312b6db ci: release (#9116)
• b99e7db ci: release (#9104)
• 4a5ff40 feat(lint): add Playwright ESLint rules (#8960)
• 5153f2f ci: release (#9094)
• 4cc531c chore: docs that break website (#9077)
• bf6e5f9 ci: release (#9045)
• e014336 feat: promote rules for v2.4 (#9011)
• 7e33fd5 Merge remote-tracking branch 'origin/main' into next
• df21006 ci: release (#8973)
• Additional commits viewable in compare view

Updates @storybook/react from 10.2.3 to 10.2.13

Release notes

Sourced from @​storybook/react's releases.

v10.2.13

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

v10.2.12

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

v10.2.11

10.2.11

• Addon-Vitest: Fix postinstall a11y installation - #33888, thanks @​valentinpalkovic!
• Manifests: Use correct story name - #33709, thanks @​JReinhold!
• Next.js: Handle legacyBehavior prop in Link mock component - #33862, thanks @​yatishgoel!
• React: Fix manifest stories empty when meta has no explicit title - #33878, thanks @​kasperpeulen!

v10.2.10

10.2.10

• Core: Require token for websocket connections - #33820, thanks @​ghengeveld!

v10.2.9

10.2.9

• Addon-Vitest: Improve config file detection in monorepos - #33814, thanks @​valentinpalkovic!
• Builder-Vite: Update dependencies react-vite framework - #33810, thanks @​valentinpalkovic!
• Builder-Vite: Use relative path for mocker entry in production builds - #33792, thanks @​DukeDeSouth!
• Next.js: Fix Link component override in appDirectory configuration - #31251, thanks @​yatishgoel!

v10.2.8

10.2.8

• Telemetry: Add Expo metaframework - #33783, thanks @​copilot-swe-agent!
• Telemetry: Add init exit event - #33773, thanks @​valentinpalkovic!
• Telemetry: Add share events - #33766, thanks @​ndelangen!
• Test: Update event creation logic in user-event package - #33787, thanks @​valentinpalkovic!

v10.2.7

10.2.7

• CSF: Fix cross-file story imports in csf-factories codemod - #33723, thanks @​yatishgoel!

... (truncated)

Changelog

Sourced from @​storybook/react's changelog.

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

10.2.11

• Addon-Vitest: Fix postinstall a11y installation - #33888, thanks @​valentinpalkovic!
• Manifests: Use correct story name - #33709, thanks @​JReinhold!
• Next.js: Handle legacyBehavior prop in Link mock component - #33862, thanks @​yatishgoel!
• React: Fix manifest stories empty when meta has no explicit title - #33878, thanks @​kasperpeulen!

10.2.10

• Core: Require token for websocket connections - #33820, thanks @​ghengeveld!

10.2.9

• Addon-Vitest: Improve config file detection in monorepos - #33814, thanks @​valentinpalkovic!
• Builder-Vite: Update dependencies react-vite framework - #33810, thanks @​valentinpalkovic!
• Builder-Vite: Use relative path for mocker entry in production builds - #33792, thanks @​DukeDeSouth!
• Next.js: Fix Link component override in appDirectory configuration - #31251, thanks @​yatishgoel!

10.2.8

• Telemetry: Add Expo metaframework - #33783, thanks @​copilot-swe-agent!
• Telemetry: Add init exit event - #33773, thanks @​valentinpalkovic!
• Telemetry: Add share events - #33766, thanks @​ndelangen!
• Test: Update event creation logic in user-event package - #33787, thanks @​valentinpalkovic!

10.2.7

• CSF: Fix cross-file story imports in csf-factories codemod - #33723, thanks @​yatishgoel!
• Core: Fix rendering of View Transitions in Firefox - #33651, thanks @​ghengeveld!
• Globals: Repair dynamicTitle: false for user-defined tools - #33284, thanks @​ia319!
• Logger: Honor --loglevel for npmlog output - #33776, thanks @​LouisLau-art!

10.2.6

• Addon-Vitest: Skip postinstall setup when configured - #33712, thanks @​valentinpalkovic!

... (truncated)

Commits

• 305b534 Bump version from "10.2.12" to "10.2.13" [skip ci]
• 68f811f Bump version from "10.2.11" to "10.2.12" [skip ci]
• be01dca Bump version from "10.2.10" to "10.2.11" [skip ci]
• 4785d5d Merge pull request #33878 from storybookjs/kasper/fix-manifest-stories-no-title
• cc2a7ab Merge pull request #33709 from storybookjs/jeppe/use-correct-story-name-in-ma...
• c812573 Bump version from "10.2.9" to "10.2.10" [skip ci]
• 4cdde82 Bump version from "10.2.8" to "10.2.9" [skip ci]
• 719b6ca Bump version from "10.2.7" to "10.2.8" [skip ci]
• 8d687ec Bump version from "10.2.6" to "10.2.7" [skip ci]
• cc0d1f9 Bump version from "10.2.5" to "10.2.6" [skip ci]
• Additional commits viewable in compare view

Updates @storybook/react-vite from 10.2.3 to 10.2.13

Release notes

Sourced from @​storybook/react-vite's releases.

v10.2.13

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

v10.2.12

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

v10.2.11

10.2.11

• Addon-Vitest: Fix postinstall a11y installation - #33888, thanks @​valentinpalkovic!
• Manifests: Use correct story name - #33709, thanks @​JReinhold!
• Next.js: Handle legacyBehavior prop in Link mock component - #33862, thanks @​yatishgoel!
• React: Fix manifest stories empty when meta has no explicit title - #33878, thanks @​kasperpeulen!

v10.2.10

10.2.10

• Core: Require token for websocket connections - #33820, thanks @​ghengeveld!

v10.2.9

10.2.9

• Addon-Vitest: Improve config file detection in monorepos - #33814, thanks @​valentinpalkovic!
• Builder-Vite: Update dependencies react-vite framework - #33810, thanks @​valentinpalkovic!
• Builder-Vite: Use relative path for mocker entry in production builds - #33792, thanks @​DukeDeSouth!
• Next.js: Fix Link component override in appDirectory configuration - #31251, thanks @​yatishgoel!

v10.2.8

10.2.8

• Telemetry: Add Expo metaframework - #33783, thanks @​copilot-swe-agent!
• Telemetry: Add init exit event - #33773, thanks @​valentinpalkovic!
• Telemetry: Add share events - #33766, thanks @​ndelangen!
• Test: Update event creation logic in user-event package - #33787, thanks @​valentinpalkovic!

v10.2.7

10.2.7

• CSF: Fix cross-file story imports in csf-factories codemod - #33723, thanks @​yatishgoel!

... (truncated)

Changelog

Sourced from @​storybook/react-vite's changelog.

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

10.2.11

• Addon-Vitest: Fix postinstall a11y installation - #33888, thanks @​valentinpalkovic!
• Manifests: Use correct story name - #33709, thanks @​JReinhold!
• Next.js: Handle legacyBehavior prop in Link mock component - #33862, thanks @​yatishgoel!
• React: Fix manifest stories empty when meta has no explicit title - #33878, thanks @​kasperpeulen!

10.2.10

• Core: Require token for websocket connections - #33820, thanks @​ghengeveld!

10.2.9

• Addon-Vitest: Improve config file detection in monorepos - #33814, thanks @​valentinpalkovic!
• Builder-Vite: Update dependencies react-vite framework - #33810, thanks @​valentinpalkovic!
• Builder-Vite: Use relative path for mocker entry in production builds - #33792, thanks @​DukeDeSouth!
• Next.js: Fix Link component override in appDirectory configuration - #31251, thanks @​yatishgoel!

10.2.8

• Telemetry: Add Expo metaframework - #33783, thanks @​copilot-swe-agent!
• Telemetry: Add init exit event - #33773, thanks @​valentinpalkovic!
• Telemetry: Add share events - #33766, thanks @​ndelangen!
• Test: Update event creation logic in user-event package - #33787, thanks @​valentinpalkovic!

10.2.7

• CSF: Fix cross-file story imports in csf-factories codemod - #33723, thanks @​yatishgoel!
• Core: Fix rendering of View Transitions in Firefox - #33651, thanks @​ghengeveld!
• Globals: Repair dynamicTitle: false for user-defined tools - #33284, thanks @​ia319!
• Logger: Honor --loglevel for npmlog output - #33776, thanks @​LouisLau-art!

10.2.6

• Addon-Vitest: Skip postinstall setup when configured - #33712, thanks @​valentinpalkovic!

... (truncated)

Commits

• 305b534 Bump version from "10.2.12" to "10.2.13" [skip ci]
• 68f811f Bump version from "10.2.11" to "10.2.12" [skip ci]
• be01dca Bump version from "10.2.10" to "10.2.11" [skip ci]
• c812573 Bump version from "10.2.9" to "10.2.10" [skip ci]
• 4cdde82 Bump version from "10.2.8" to "10.2.9" [skip ci]
• eb607d3 Merge pull request #33810 from storybookjs/valentin/fix-sec-issue
• 719b6ca Bump version from "10.2.7" to "10.2.8" [skip ci]
• 8d687ec Bump version from "10.2.6" to "10.2.7" [skip ci]
• cc0d1f9 Bump version from "10.2.5" to "10.2.6" [skip ci]
• 1053c2a Bump version from "10.2.4" to "10.2.5" [skip ci]
• Additional commits viewable in compare view

Updates @types/react from 19.2.10 to 19.2.14

Commits

• See full diff in compare view

Updates @vitejs/plugin-react from 5.1.2 to 5.1.4

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@5.1.4

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

plugin-react@5.1.3

No release notes provided.

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.4 (2026-02-10)

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

5.1.3 (2026-02-02)

Commits

• f066114 release: plugin-react@5.1.4
• e299dca fix(plugin-react): canSkipBabel not checking babel.overrides (#1098)
• 12ffadc fix(deps): update all non-major dependencies (#1103)
• cf0cb8a release: plugin-react@5.1.3
• 99e480c fix(deps): update all non-major dependencies (#1090)
• 77f5e42 fix(deps): update react 19.2.4 (#1084)
• e327da4 fix(deps): update all non-major dependencies (#1083)
• 3d3dbc2 chore: add metadata for vite-plugin-registry (#1078)
• 58dfb9d fix(deps): update all non-major dependencies (#1066)
• fefad3d fix(deps): update all non-major dependencies (#1048)
• Additional commits viewable in compare view

Updates msw from 2.12.7 to 2.12.10

Release notes

Sourced from msw's releases.

v2.12.10 (2026-02-10)

Bug Fixes

• export AnyHandler type (#2663) (90f9be4f96b7fb071ef655a8044eca3c15910404) @​kettanaito

v2.12.9 (2026-02-06)

Bug Fixes

• ws: support relative urls in ws.link (#2661) (2f1d23c1c4392638a7dfbc95d00ede6062aeae6c) @​kettanaito

v2.12.8 (2026-02-03)

Bug Fixes

• update @mswjs/interceptors to fix a memory leak (#2659) (e5e905f60c4ad8dd621e720cde26390c84104362) @​kettanaito
• update rettime (#2657) (3a7b4510138bc6e7ab5078f53e623d6a25cfd9ac) @​kettanaito

Commits

• 720d55f chore(release): v2.12.10
• 90f9be4 fix: export AnyHandler type (#2663)
• 4859e41 chore(release): v2.12.9
• 2f1d23c fix(ws): support relative urls in ws.link (#2661)
• 9a82137 chore(release): v2.12.8
• d2dd270 chore: fetch correct depth for release
• 4cfccff chore: update pnpm version everywhere
• 4de516b chore: set pnpm to 9.15.0 in package.json
• 7538501 chore: split release job into two (#2660)
• 9886892 chore: update @ossjs/release
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for msw since your current version.

Updates rollup from 4.57.1 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6275: Validate bundle stays within output dir (@​lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

• #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@​njg7194, @​lukastaegert)
• #6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@​millerick, @​lukastaegert)
• #6260: fix(deps): update rust crate swc_compiler_base to v47 (@​renovate[bot], @​lukastaegert)
• #6261: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6262: Avoid unnecessary cloning of the code string (@​lukastaegert)
• #6263: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6265: chore(deps): lock file maintenance (@​renovate[bot])
• #6267: fix(deps): update minor/patch updates (@​renovate[bot])
• #6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@​renovate[bot], @​lukastaegert)
• #6269: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6270: chore(deps): lock file maintenance (@​renovate[bot])
• #6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6275: Validate bundle stays within output dir (@​lukastaegert)

4.58.0

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

• #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplic...

  Description has been truncated

[dependabot]

Assignees

The following users could not be added as assignees: jonasscholl. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.