deps(deps): bump the minor-and-patch group with 3 updates

[dependabot]

Bumps the minor-and-patch group with 3 updates: vite, @rollup/rollup-win32-x64-msvc and electron.

Updates vite from 8.0.12 to 8.0.13

Release notes

Sourced from vite's releases.

v8.0.13

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.13 (2026-05-14)

Features

• bundled-dev: add lazy bundling support (#21406) (4f0949f)
• optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)
• update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

• build: copy public directory after building same environment with write=false (#22328) (158e8ae)
• css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)
• css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)
• make isBundled per environment (#22257) (a576326)
• ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

• remove irrelevant commits from changelog (#22430) (6ea3838)
• update changelog (#22413) (fcdc87c)

Commits

• a46f11a release: v8.0.13
• d9b18e0 fix(ssr): avoid rewriting labels that collide with imports (#22451)
• 4f0949f feat(bundled-dev): add lazy bundling support (#21406)
• 158e8ae fix(build): copy public directory after building same environment with `write...
• 47071ce feat(optimizer): improve the esbuild plugin converter to pass some properties...
• 8e59c97 fix(css): keep deprecated name/originalFileName in synthetic `assetFileNa...
• a576326 fix: make isBundled per environment (#22257)
• 8c766a6 feat: update rolldown to 1.0.1 (#22444)
• b7edcb7 fix(css): await sass/less/styl worker disposal on teardown (fix #22274) (#22275)
• fcdc87c chore: update changelog (#22413)
• Additional commits viewable in compare view

Updates @rollup/rollup-win32-x64-msvc from 4.60.3 to 4.60.4

Release notes

Sourced from @​rollup/rollup-win32-x64-msvc's releases.

v4.60.4

4.60.4

2026-05-14

Bug Fixes

• Improve stability of chunk hashes (#6362)

Pull Requests

• #6362: fix: stabilize chunk assignment across parallel file reads (@​sonukapoor, @​Sonu Kapoor, @​TrickyPi, @​lukastaegert)
• #6370: fix(deps): update minor/patch updates (@​renovate[bot])
• #6371: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6372: chore(deps): update react monorepo to v19 (major) (@​renovate[bot])
• #6373: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6375: Resolve vulnerabilities (@​lukastaegert)

Changelog

Sourced from @​rollup/rollup-win32-x64-msvc's changelog.

4.60.4

2026-05-14

Bug Fixes

• Improve stability of chunk hashes (#6362)

Pull Requests

• #6362: fix: stabilize chunk assignment across parallel file reads (@​sonukapoor, @​Sonu Kapoor, @​TrickyPi, @​lukastaegert)
• #6370: fix(deps): update minor/patch updates (@​renovate[bot])
• #6371: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6372: chore(deps): update react monorepo to v19 (major) (@​renovate[bot])
• #6373: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6375: Resolve vulnerabilities (@​lukastaegert)

Commits

• d311a84 4.60.4
• 6aa3248 fix: stabilize chunk assignment across parallel file reads (#6362)
• 82a0fe7 Resolve vulnerabilities (#6375)
• 71f5ebc chore(deps): update dependency lru-cache to v11 (#6371)
• af91d77 chore(deps): lock file maintenance (#6373)
• 65e7b94 chore(deps): update react monorepo to v19 (major) (#6372)
• 642587f fix(deps): update minor/patch updates (#6370)
• See full diff in compare view

Updates electron from 41.5.0 to 42.1.0

Release notes

Sourced from electron's releases.

electron v42.1.0

Release Notes for v42.1.0

Fixes

• Fixed a crash in the macOS Touch ID WebAuthn prompt caused by a missing string resource, and added touchID.promptReason to app.configureWebAuthn() to customize the prompt text. #51594 (Also in 41, 43)
• Fixed a crash on MacOS when a user clicked into a title bar or top view. #51605 (Also in 43)

Other Changes

• Improved performance of webRequest header conversions and several other gin converter hot paths. #51607 (Also in 43)
• Improved performance of native event emission, IPC dispatch, and option-dictionary parsing. #51614 (Also in 41)

electron v42.0.1

Release Notes for v42.0.1

Fixes

• Fixed DesktopCapturer crash on macOS. #51506
• Fixed ELECTRON_INSTALL_PLATFORM being ignored when resolving the Electron executable path during postinstall, which caused path.txt to be written for the host platform instead of the requested target and made isInstalled() always re-download on subsequent installs. #51370
• Fixed app.getLoginItemSettings() returning undefined for executableWillLaunchAtLogin on macOS; the property is now always a boolean. #51507 (Also in 40, 41)
• Fixed a potential race condition crash when closing DevTools. #51473 (Also in 41)

Other Changes

• Updated Chromium to 148.0.7778.97. #51517

electron v42.0.0

Release Notes for v42.0.0

Stack Upgrades

• Chromium 148.0.7778.96
  • New in 148
  • New in 147
• Node v24.15.0
  • Node 24.15.0 blog post
• V8 14.8

Breaking Changes

Behavior Changed: macOS notifications now use UNNotification API

Electron has migrated from the deprecated NSUserNotification API to the UNNotification API on macOS. The new API requires that an application be code-signed in order for notifications to be displayed. If an application is not code-signed, notifications will emit a failed event on the Notification object. #47817

Behavior Changed: electron no longer downloads itself via postinstall script

Previously, the electron npm package would download the Electron binary from the repository's GitHub Releases in the package's postinstall script. With recent supply chain security attacks against the npm ecosystem with postinstall scripts as a common attack vector, Electron will now download itself dynamically the first time that its main bin script is run (e.g. via npx electron). See [RFC #22](electron/rfcs#22) for more context. #49328

Behavior Changed: Offscreen rendering default device scale factor

Previously, OSR used the primary display's device scale factor for rendering. Starting from Electron 42, the default changes to a constant value of 1.0 for more consistent output sizes. Use webPreferences.offscreen.deviceScaleFactor to specify a custom value. #49683

... (truncated)

Commits

• 9604c46 refactor: simplify content_view_ hit-test transparency on macOS (#51626)
• e229b1d perf: reduce per-call overhead in gin converters (#51607)
• e639fa0 fix: don't return a nullptr from TargetForRect (#51605)
• bce23fc perf: reduce per-call overhead in gin_helper hot paths (#51614)
• eac794f fix: ship IDS_WEBAUTHN_TOUCH_ID_PROMPT_REASON and allow overriding it (#51594)
• b133532 ci: pin Homebrew version in CI runs (#51545)
• a8a9854 chore: update breaking changes for Electron 42 (#51550)
• e7021e3 fix: test idempotency issues (#51526)
• e49c3c6 test: make sure there are no orphaned electron processes running (#51485)
• 90ef05b chore: bump chromium to 148.0.7778.97 (42-x-y) (#51517)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

🚨 Major version update detected!

This PR contains major version changes that may include breaking changes:

• Dependency: vite, @rollup/rollup-win32-x64-msvc, electron
• Update type: version-update:semver-major

Please review this carefully before merging.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.