Bump rolldown from 1.0.0-rc.17 to 1.0.0-rc.18 in the npm group

[dependabot]

Bumps the npm group with 1 update: rolldown.

Updates rolldown from 1.0.0-rc.17 to 1.0.0-rc.18

Release notes

Sourced from rolldown's releases.

v1.0.0-rc.18

[1.0.0-rc.18] - 2026-04-29

💥 BREAKING CHANGES

• optimization: default unspecified inlineConst.mode to smart (#9248) by @​IWANABETHATGUY

🐛 Bug Fixes

• rolldown_plugin_vite_import_glob: return error instead of panicking when virtual module uses a relative glob (#9241) by @​shulaoda
• binding: treat empty inlineConst object as omitted (#9247) by @​IWANABETHATGUY
• rolldown: keep enum declaration for optional-chain access (#9229) by @​Dunqing
• link_stage: restore inline let-else in exports-kind filter (#9237) by @​IWANABETHATGUY
• dev/lazy: avoid module reinitialization in lazy compilation patches (#9179) by @​h-a-n-a
• dev: visit identifier references for runtime rewrites in HMR finalizer (#9191) by @​h-a-n-a
• chunk-optimizer: pick dominator for runtime placement to avoid cycles (#9164) by @​IWANABETHATGUY
• make this.emitFile chunk path synchronous to avoid deadlock (#9031) by @​lazarv
• use sentinel id for browser: false ignored modules (#9192) by @​shulaoda
• prevent chunk optimizer from creating import cycles (#9228) by @​IWANABETHATGUY

🚜 Refactor

• replace tokio::sync::Mutex with std::sync::Mutex for non-IO data (#9176) by @​shulaoda
• rolldown_plugin_vite_import_glob: do not rewrite import path for absolute base (#9195) by @​shulaoda
• runtime_helper: wrap DependedRuntimeHelperMap in a struct (#9215) by @​IWANABETHATGUY
• drop redundant clear() in determine_safely_merge_cjs_ns (#9206) by @​IWANABETHATGUY
• clean up generate_lazy_export (#9208) by @​IWANABETHATGUY
• bitset: return bool from set_bit to fuse guard-and-set (#9207) by @​IWANABETHATGUY
• link_stage: simplify exports-kind filter and clarify safety comments (#9205) by @​IWANABETHATGUY

📚 Documentation

• determine_module_exports_kind (#9252) by @​IWANABETHATGUY
• fix dead link to esbuild ESM/CJS interop tests (#9230) by @​Copilot
• remove CSS bundling references (#9234) by @​shulaoda
• correct IncrementalFullBuild row in BundleMode table (#9214) by @​IWANABETHATGUY
• design: add bundler data lifecycle design doc (#9212) by @​hyf0
• remove minifier alpha status notices (#9202) by @​sapphi-red

⚙️ Miscellaneous Tasks

• upgrade oxc to 0.128.0 (#9260) by @​shulaoda
• deps: bump rolldown-ariadne to 0.6.0 (#9254) by @​IWANABETHATGUY
• deps: update github actions (#9259) by @​renovate[bot]
• deps: update github actions (#9258) by @​renovate[bot]
• remove renovate overrides (#9257) by @​Boshen
• use ubuntu-latest for security workflow (#9256) by @​Boshen
• notify Discord around release publish (#9251) by @​Boshen
• add release environment to npm publish workflow (#9250) by @​Boshen
• justfile: drop the -- separator before forwarded args in vp run (#9246) by @​shulaoda

... (truncated)

Changelog

Sourced from rolldown's changelog.

[1.0.0-rc.18] - 2026-04-29

💥 BREAKING CHANGES

• optimization: default unspecified inlineConst.mode to smart (#9248) by @​IWANABETHATGUY

🐛 Bug Fixes

• rolldown_plugin_vite_import_glob: return error instead of panicking when virtual module uses a relative glob (#9241) by @​shulaoda
• binding: treat empty inlineConst object as omitted (#9247) by @​IWANABETHATGUY
• rolldown: keep enum declaration for optional-chain access (#9229) by @​Dunqing
• link_stage: restore inline let-else in exports-kind filter (#9237) by @​IWANABETHATGUY
• dev/lazy: avoid module reinitialization in lazy compilation patches (#9179) by @​h-a-n-a
• dev: visit identifier references for runtime rewrites in HMR finalizer (#9191) by @​h-a-n-a
• chunk-optimizer: pick dominator for runtime placement to avoid cycles (#9164) by @​IWANABETHATGUY
• make this.emitFile chunk path synchronous to avoid deadlock (#9031) by @​lazarv
• use sentinel id for browser: false ignored modules (#9192) by @​shulaoda
• prevent chunk optimizer from creating import cycles (#9228) by @​IWANABETHATGUY

🚜 Refactor

• replace tokio::sync::Mutex with std::sync::Mutex for non-IO data (#9176) by @​shulaoda
• rolldown_plugin_vite_import_glob: do not rewrite import path for absolute base (#9195) by @​shulaoda
• runtime_helper: wrap DependedRuntimeHelperMap in a struct (#9215) by @​IWANABETHATGUY
• drop redundant clear() in determine_safely_merge_cjs_ns (#9206) by @​IWANABETHATGUY
• clean up generate_lazy_export (#9208) by @​IWANABETHATGUY
• bitset: return bool from set_bit to fuse guard-and-set (#9207) by @​IWANABETHATGUY
• link_stage: simplify exports-kind filter and clarify safety comments (#9205) by @​IWANABETHATGUY

📚 Documentation

• determine_module_exports_kind (#9252) by @​IWANABETHATGUY
• fix dead link to esbuild ESM/CJS interop tests (#9230) by @​Copilot
• remove CSS bundling references (#9234) by @​shulaoda
• correct IncrementalFullBuild row in BundleMode table (#9214) by @​IWANABETHATGUY
• design: add bundler data lifecycle design doc (#9212) by @​hyf0
• remove minifier alpha status notices (#9202) by @​sapphi-red

⚙️ Miscellaneous Tasks

• upgrade oxc to 0.128.0 (#9260) by @​shulaoda
• deps: bump rolldown-ariadne to 0.6.0 (#9254) by @​IWANABETHATGUY
• deps: update github actions (#9259) by @​renovate[bot]
• deps: update github actions (#9258) by @​renovate[bot]
• remove renovate overrides (#9257) by @​Boshen
• use ubuntu-latest for security workflow (#9256) by @​Boshen
• notify Discord around release publish (#9251) by @​Boshen
• add release environment to npm publish workflow (#9250) by @​Boshen
• justfile: drop the -- separator before forwarded args in vp run (#9246) by @​shulaoda
• deps: update test262 submodule for tests (#9243) by @​sapphi-red

... (truncated)

Commits

• 2c4a957 release: v1.0.0-rc.18 (#9266)
• 5ac3e69 fix(optimization)!: default unspecified inlineConst.mode to smart (#9248)
• dc48b1e fix(binding): treat empty inlineConst object as omitted (#9247)
• 6f6cf5a fix: make this.emitFile chunk path synchronous to avoid deadlock (#9031)
• 1d79b02 fix: use sentinel id for browser: false ignored modules (#9192)
• de65659 refactor(rolldown_plugin_vite_import_glob): do not rewrite import path for ab...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions