feat(deps): upgrade upstream dependencies

[voidzero-guard]

Summary

• Bump rolldown to v1.1.0 (c462c7c); vite is unchanged on v8.0.16 (f94df87).
• Bump oxc Rust crates to 0.134.0 (including oxc_resolver to 11.21.0 and oxc_sourcemap to 7) and the valibot catalog entry to 1.4.1 to satisfy the rolldown upgrade.
• Regenerate NAPI bindings to track new rolldown surface (sourcemap signals, BindingResult-wrapped dev-engine methods, new match-group option).

Dependency updates

Package	From	To
rolldown	a287faa	v1.1.0 (c462c7c)

Code changes

• Cargo.toml: bump oxc crates 0.133.0 -> 0.134.0, oxc_resolver 11.19.1 -> 11.21.0, oxc_sourcemap 6 -> 7 (lockfile updates in Cargo.lock).
• pnpm-workspace.yaml: bump valibot catalog entry 1.4.0 -> 1.4.1 and extend minimumReleaseAgeExclude with oxc 0.134.0 packages (lockfile updates in pnpm-lock.yaml).
• packages/cli/binding/index.d.cts: regenerated NAPI bindings — BindingResult-wrapped ensureLatestBuildOutput/invalidate, nullable BindingHookRenderChunkOutput.map, new sourcemapBroken checks option, new includeDependenciesRecursively match-group option.
• packages/core/package.json: bump bundled rolldown version 1.0.3 -> 1.1.0.
• packages/tools/.upstream-versions.json: record new rolldown hash.

Build status

• sync-remote-and-build: success
• build-upstream: failure

[netlify]

✅ Deploy Preview for viteplus-preview canceled.

Name	Link
🔨 Latest commit	2179eb6
🔍 Latest deploy log	https://app.netlify.com/projects/viteplus-preview/deploys/6a2137bf1a3d7000088280f5

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​oxc_allocator@​0.133.0 ⏵ 0.134.0
	cargo/​oxc_ast@​0.133.0 ⏵ 0.134.0
	cargo/​oxc_parser@​0.133.0 ⏵ 0.134.0
	cargo/​oxc_resolver@​11.19.1 ⏵ 11.21.0	+1
	cargo/​oxc_span@​0.133.0 ⏵ 0.134.0

View full report