release: v1.0.0-rc.14

[github-actions]

[1.0.0-rc.14] - 2026-04-08

🚀 Features

• rust: add disable_panic_hook feature to disable the panic hook (feat(rust): add disable_panic_hook feature to disable the panic hook #9023) by @sapphi-red
• support inlineConst for CJS exports accessed through module.exports (feat: support inlineConst for CJS exports accessed through module.exports #8976) by @h-a-n-a

🐛 Bug Fixes

• rolldown_plugin_vite_import_glob: normalize resolved alias path to prevent double slashes (fix(rolldown_plugin_vite_import_glob): normalize resolved alias path to prevent double slashes #9032) by @shulaoda
• rolldown_plugin_vite_import_glob: follow symlinks in file scanning (fix(rolldown_plugin_vite_import_glob): follow symlinks in file scanning #9000) by @copilot
• wrap CJS entry modules for IIFE/UMD when using exports/module (fix: wrap CJS entry modules for IIFE/UMD when using exports/module #8999) by @IWANABETHATGUY
• emit separate __toESM bindings for mixed ESM/CJS external imports (fix: emit separate __toESM bindings for mixed ESM/CJS external imports #8987) by @IWANABETHATGUY
• tree-shake dead dynamic imports to side-effect-free CJS modules (fix: tree-shake dead dynamic imports to side-effect-free CJS modules #8529) by @sapphi-red
• skip inlining stale CJS export constants on module.exports reassignment (fix: skip inlining stale CJS export constants on module.exports reassignment #8990) by @IWANABETHATGUY

🚜 Refactor

• generator: migrate ecma formatting from npx oxfmt to vp fmt (refactor(generator): migrate ecma formatting from npx oxfmt to vp fmt #9022) by @shulaoda
• generator: replace npx oxfmt with vp fmt for ecma formatting (refactor(generator): replace npx oxfmt with vp fmt for ecma formatting #9021) by @shulaoda

📚 Documentation

• contrib-guide: mention that running tests on older Node.js version will have different stat results (docs(contrib-guide): mention that running tests on older Node.js version will have different stat results #8996) by @claude

⚙️ Miscellaneous Tasks

• deps: update npm packages (chore(deps): update npm packages #9002) by @renovate[bot]
• deps: update dependency @napi-rs/cli to v3.6.1 (chore(deps): update dependency @napi-rs/cli to v3.6.1 #9034) by @renovate[bot]
• deps: upgrade oxc to 0.124.0 (chore(deps): upgrade oxc to 0.124.0 #9018) by @shulaoda
• deps: update test262 submodule for tests (chore(deps): update test262 submodule for tests #9010) by @sapphi-red
• deps: update dependency oxfmt to ^0.44.0 (chore(deps): update dependency oxfmt to ^0.44.0 #9012) by @renovate[bot]
• deps: update dependency vite to v8.0.5 [security] (chore(deps): update dependency vite to v8.0.5 [security] #9009) by @renovate[bot]
• deps: update dependency vite-plus to v0.1.16 (chore(deps): update dependency vite-plus to v0.1.16 #9008) by @renovate[bot]
• deps: update rust crates (chore(deps): update rust crates #9003) by @renovate[bot]
• deps: update github-actions (chore(deps): update github-actions #9004) by @renovate[bot]
• deps: update dependency lodash-es to v4.18.1 [security] (chore(deps): update dependency lodash-es to v4.18.1 [security] #8992) by @renovate[bot]
• deps: update crate-ci/typos action to v1.45.0 (chore(deps): update crate-ci/typos action to v1.45.0 #8988) by @renovate[bot]
• upgrade oxc npm packages to 0.123.0 (chore: upgrade oxc npm packages to 0.123.0 #8985) by @shulaoda

◀️ Revert

• "chore(deps): update dependency oxfmt to ^0.44.0 (chore(deps): update dependency oxfmt to ^0.44.0 #9012)" (revert: "chore(deps): update dependency oxfmt to ^0.44.0 (#9012)" #9019) by @shulaoda

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vite@​8.0.5

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: packages/rolldown/tests/package.json → npm/vite@8.0.5 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@8.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[netlify]

✅ Deploy Preview for rolldown-rs ready!

Name	Link
🔨 Latest commit	9b1deee
🔍 Latest deploy log	https://app.netlify.com/projects/rolldown-rs/deploys/69d6330f0d69f70008f2bd5f
😎 Deploy Preview	https://deploy-preview-9035--rolldown-rs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.