fix(deps): Update dependency rollup to ^4.40.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
rollup (source)	^4.38.0 -> ^4.40.2

---

Release Notes

rollup/rollup (rollup)

v4.40.2

Compare Source

2025-05-06

Bug Fixes

• Create correct IIFE/AMD/UMD bundles when using a mutable default export (#​5934)
• Fix execution order when using top-level await for dynamic imports with inlineDynamicImports (#​5937)
• Throw when the output is watched in watch mode (#​5939)

Pull Requests

• #​5934: fix(exports): avoid "exports is not defined" ReferenceError (@​dasa)
• #​5937: consider TLA imports have higher execution priority (@​TrickyPi)
• #​5939: fix: watch mode input should not be an output subpath (@​btea)
• #​5940: chore(deps): update dependency vite to v6.3.4 [security] (@​renovate[bot])
• #​5941: chore(deps): update dependency eslint-plugin-unicorn to v59 (@​renovate[bot])
• #​5942: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5943: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.40.1

Compare Source

2025-04-28

Bug Fixes

• Limit hash size for asset file names to the supported 21 (#​5921)
• Do not inline user-defined entry chunks or chunks with explicit file name (#​5923)
• Avoid top-level-await cycles when non-entry chunks use top-level await (#​5930)
• Expose package.json via exports (#​5931)

Pull Requests

• #​5921: fix(assetFileNames): reduce max hash size to 21 (@​shulaoda)
• #​5923: fix: generate the separate chunk for the entry module with explicated chunk filename or name (@​TrickyPi)
• #​5926: fix(deps): update rust crate swc_compiler_base to v18 (@​renovate[bot])
• #​5927: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5928: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5930: Avoid chunks TLA dynamic import circular when TLA dynamic import used in non-entry modules (@​TrickyPi)
• #​5931: chore: add new ./package.json entry (@​JounQin, @​lukastaegert)
• #​5936: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.40.0

Compare Source

2025-04-12

Features

• Only show eval warnings on first render and only when the call is not tree-shaken (#​5892)
• Tree-shake non-included dynamic import members when the handler just maps to one named export (#​5898)

Bug Fixes

• Consider dynamic imports nested within top-level-awaited dynamic import expressions to be awaited as well (#​5900)
• Fix namespace rendering when tree-shaking is disabled (#​5908)
• When using multiple transform hook filters, all of them need to be satisfied together (#​5909)

Pull Requests

• #​5892: Warn when eval or namespace calls are rendered, not when they are parsed (@​SunsetFi, @​lukastaegert)
• #​5898: feat: treeshake dynamic import chained member expression (@​privatenumber, @​lukastaegert)
• #​5900: consider the dynamic import within a TLA call expression as a TLA import (@​TrickyPi)
• #​5904: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #​5905: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5908: Fix treeshake: false breaking destructured namespace imports (@​Skn0tt)
• #​5909: Correct the behavior when multiple transform filter options are specified (@​sapphi-red)
• #​5915: chore(deps): update dependency @​types/picomatch to v4 (@​renovate[bot])
• #​5916: fix(deps): update rust crate swc_compiler_base to v17 (@​renovate[bot])
• #​5917: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​5918: chore(deps): update dependency vite to v6.2.6 [security] (@​renovate[bot], @​lukastaegert)

v4.39.0

Compare Source

2025-04-02

Features

• Do not create separate facade chunks if a chunk would contain several entry modules that allow export extension if there are no export name conflicts (#​5891)

Bug Fixes

• Mark the id property as optional in the filter for the resolveId hook (#​5896)

Pull Requests

• #​5891: chunk: merge allow-extension modules (@​wmertens, @​lukastaegert)
• #​5893: chore(deps): update dependency vite to v6.2.4 [security] (@​renovate[bot])
• #​5896: fix: resolveId id filter is optional (@​sapphi-red)

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	rollup@​4.38.0 ⏵ 4.40.2	+1			+1

View full report