build(deps): bump the major-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the major-dependencies group with 6 updates in the / directory:

Package	From	To
csv-parse	5.6.0	6.1.0
@electron/fuses	1.8.0	2.0.0
cross-env	7.0.3	10.0.0
dotenv	16.6.1	17.2.1
electron	36.7.3	37.2.5
vite	6.3.5	7.0.6

Updates csv-parse from 5.6.0 to 6.1.0

Changelog

Sourced from csv-parse's changelog.

6.1.0 (2025-07-16)

Features

• csv-parse: add generic type argument (#457) (ef71342), closes #278 #407
• csv-parse: boolean and null comment type (b9ac1f0)
• csv-parse: callback records defined type (3d4f225)
• csv-parse: casting context raw export (a26f5d7)
• csv-parse: input as Uint8Array (fix #458) (24af461)
• csv-parse: normailzsed options type (da7a62e)
• csv-parse: normalize_options export (9056293)
• csv-parse: null comment_no_infix type (d8bf4fd)
• csv-parse: on_skip catch thrown error (987a3a9)
• csv-parse: use ts unknown instead of any when possible (a47badf)

Bug Fixes

• csv-parse: normalized columns with auto-detected bom (fix #460) (4abcc44)

6.0.0 (2025-07-10)

⚠ BREAKING CHANGES

• csv-parse: rename group_columns_by_name option
• csv-parse: rename RECORD_INCONSISTENT_FIELDS_LENGTH
• csv-parse: rename RECORD_DONT_MATCH_COLUMNS_LENGTH
• csv-parse: rename skip_records_with_error
• csv-parse: rename skip_records_with_empty_values
• csv-parse: rename relax to relax_quotes

Features

• backport support for node 14 (dbfeb78)
• backward support for node 8 (496231d)
• csv-parse: add columns property in Info object type (#390) (2dd2a92)
• csv-parse: add generic type argument (#457) (ef71342), closes #278 #407
• csv-parse: boolean and null comment type (b9ac1f0)
• csv-parse: callback records defined type (3d4f225)
• csv-parse: cast_date as a function (fix #342) (2807d29)
• csv-parse: casting context raw export (a26f5d7)
• csv-parse: implement TransformStream (#445) (1213de8)
• csv-parse: improve record_delimiter validation (67b7da8)
• csv-parse: input as Uint8Array (fix #458) (24af461)
• csv-parse: new comment_no_infix option (fix #325) (caca5c3)
• csv-parse: normailzsed options type (da7a62e)
• csv-parse: normalize_options export (9056293)
• csv-parse: null comment_no_infix type (d8bf4fd)
• csv-parse: objname index (015b936)
• csv-parse: on_skip catch thrown error (987a3a9)
• csv-parse: skip_line_with_errors used with raw print current buffer (fix #292) (2741990)

... (truncated)

Commits

• c0e42c9 chore(release): publish
• 4abcc44 fix(csv-parse): normalized columns with auto-detected bom (fix #460)
• d6b53b3 chore(release): publish
• e3923c3 test(csv-parse): update legacy exclusion list
• a47badf feat(csv-parse): use ts unknown instead of any when possible
• 24af461 feat(csv-parse): input as Uint8Array (fix #458)
• 388daf8 test(csv-parse): api ts conversion
• e85beb3 refactor(csv-parse): re-order error codes
• cf96584 test(csv-parse): options ts convertion
• da7a62e feat(csv-parse): normailzsed options type
• Additional commits viewable in compare view

Updates @electron/fuses from 1.8.0 to 2.0.0

Release notes

Sourced from @​electron/fuses's releases.

v2.0.0

2.0.0 (2025-08-01)

• feat!: bump engines requirement to Node 22 (#67) (7edb872), closes #67

BREAKING CHANGES

• bumps required Node.js version to >=22.12.0. ESM-only.

• chore: replace star imports of builtin Node modules

• build: don't emit when type checking in test script

Co-authored-by: Erick Zhao erick@hotmail.ca

Commits

• 7edb872 feat!: bump engines requirement to Node 22 (#67)
• 6af60ff ci: timeout release job after 1 hour (#66)
• c57a4c0 build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 (#65)
• f752b2a build(deps): bump actions/setup-node from 4.2.0 to 4.3.0 (#64)
• bace69a build(deps): bump dsanders11/project-actions from 1.5.1 to 1.7.0 (#63)
• 115348a build(deps): bump actions/setup-node from 4.1.0 to 4.2.0 (#60)
• 26c1e6f build(deps): bump dsanders11/project-actions from 1.4.0 to 1.5.1 (#59)
• f903400 refactor: remove fs-extra from deps (#58)
• 2e2bc94 build(deps): bump cross-spawn from 7.0.3 to 7.0.6 (#56)
• 6e125c7 build(deps): bump continuousauth/action from 1.0.4 to 1.0.5 (#55)
• Additional commits viewable in compare view

Updates cross-env from 7.0.3 to 10.0.0

Release notes

Sourced from cross-env's releases.

v10.0.0

10.0.0 (2025-07-25)

TL;DR: You should probably not have to change anything if:

• You're using a modern maintained version of Node.js (v20+ is tested)
• You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

• Replace Jest with Vitest for testing
• Convert all source files from .js to .ts with proper TypeScript types
• Use zshy for ESM-only builds (removes CJS support)
• Adopt @​epic-web/config for TypeScript, ESLint, and Prettier
• Update to Node.js >=20 requirement
• Remove kcd-scripts dependency
• Add comprehensive e2e tests with GitHub Actions matrix testing
• Update GitHub workflow with caching and cross-platform testing
• Modernize documentation and remove outdated sections
• Update all dependencies to latest versions
• Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely modernized with the latest tooling and best practices

BREAKING CHANGES

• This is a major rewrite that changes the module format from CommonJS to ESM-only. The package now requires Node.js >=20 and only exports ESM modules (not relevant in most cases).

Commits

• 8635e80 fix(release): manually release a major version
• 3a58f22 chore: fix npmrc registry
• b70bfff chore(ci): add names to steps and workflows
• cc5759d fix(release): manually release a major version
• 080a859 chore: remove publish script
• 31e5bc7 chore(ci): restore built files
• 81e9c34 chore(ci): add back semantic-release
• 3e380cb fix: link to license
• 0642472 fix: handle edge case and update README for clarity
• 3ff5b3d feat: modernize cross-env with TypeScript, Vitest, and ESM-only build (#261)
• Additional commits viewable in compare view

Updates dotenv from 16.6.1 to 17.2.1

Changelog

Sourced from dotenv's changelog.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
</tr></table> 

... (truncated)

Commits

• 37cf55a 17.2.1
• f2d92e9 changelog 🪵
• bd27017 Merge pull request #897 from motdotla/adjust-tip-for-click
• 8a9ce45 add to tests
• 19e5ad9 adjust clickable tip
• 4186757 Merge pull request #894 from mjomble/patch-1
• 04322a6 Merge pull request #895 from andersr/add-es6-config-info-to-readme
• 1102cab Add info about ES6 import with config options
• 5566b77 Fixed link in changelog
• 11acd9f 17.2.0
• Additional commits viewable in compare view

Updates electron from 36.7.3 to 37.2.5

Release notes

Sourced from electron's releases.

electron v37.2.5

Release Notes for v37.2.5

Other Changes

• Updated Chromium to 138.0.7204.168. #47861

electron v37.2.4

Release Notes for v37.2.4

Fixes

• Fixed a bug where app extensions filters didn't allow for selecting app bundles in macOS file dialogs. #47839 (Also in 36, 38)
• Fixed an issue where certain operations performed in a window close callback could trigger a crash. #47813 (Also in 36, 38)

Other Changes

• Updated Chromium to 138.0.7204.157. #47773
• Updated Node.js to v22.17.1. #47774

electron v37.2.3

Release Notes for v37.2.3

Fixes

• Fixed a child process crash on macOS when the running application is replaced with one that has a newer implementation triggering the sandbox. #47784 (Also in 38)
• Fixed a crash when adding the -electron-corner-smoothing CSS rule to a stylesheet with no associated document. #47792
• Fixed an issue where require('node:sqlite') didn't work. #47756 (Also in 36, 38)

electron v37.2.2

Release Notes for v37.2.2

Other Changes

• Updated Chromium to 138.0.7204.100. #47701

electron v37.2.1

Release Notes for v37.2.1

Fixes

• Fixed a crash when calling desktopCapturer.getSources with an empty thumbnail size. #47653 (Also in 36, 38)
• Fixed an issue where child windows could crash if they were opened from a fullscreen parent and have roundedCorners set to false. #47682 (Also in 36, 38)
• Fixed an issue where the window required restart in order to recognize system accent color setting change. #47656 (Also in 36, 38)

electron v37.2.0

Release Notes for v37.2.0

Other Changes

• Updated Chromium to 138.0.7204.97. #47619

... (truncated)

Commits

• 1bf39c1 chore: bump chromium to 138.0.7204.168 (37-x-y) (#47861)
• 2359cfe build: improve check-zip-manifest (#47853)
• cb11c33 build: fix ffmpeg generation on Windows non-x64 (#47846)
• d49515d fix: dialog file filters and macOS app bundles (#47839)
• 2e460c0 refactor: reduce scope of temporaries when getting dictionary values (#47799)
• 36aba22 chore: bump node to v22.17.1 (37-x-y) (#47774)
• 7f00dc7 ci: remove kTCCServiceMicrophone change (#47822)
• 6c9bbdf build(dev-deps): drop unused @​types/webpack dep (#47808)
• 9e3b036 test: re-enable native module tests (#47803)
• d5c68c2 fix: handle missing NativeWindowMac in ElectronNSWindow (#47813)
• Additional commits viewable in compare view

Updates vite from 6.3.5 to 7.0.6

Release notes

Sourced from vite's releases.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

v7.0.3

Please refer to CHANGELOG.md for details.

create-vite@7.0.3

Please refer to CHANGELOG.md for details.

v7.0.2

Please refer to CHANGELOG.md for details.

create-vite@7.0.2

Please refer to CHANGELOG.md for details.

v7.0.1

Please refer to CHANGELOG.md for details.

create-vite@7.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.0.1

Please refer to CHANGELOG.md for details.

create-vite@7.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@7.0.0

Please refer to CHANGELOG.md for details.

v7.0.0

Please refer to CHANGELOG.md for details.

v7.0.0-beta.2

Please refer to CHANGELOG.md for details.

v7.0.0-beta.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.0.0-beta.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.0.0-beta.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.0.6 (2025-07-24)

Bug Fixes

• deps: update all non-major dependencies (#20442) (e49f505)
• dev: incorrect sourcemap when optimized CJS is imported (#20458) (ead2dec)
• module-runner: normalize file:// on windows (#20449) (1c9cb49)
• respond with correct headers and status code for HEAD requests (#20421) (23d04fc)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#20441) (f689d61)
• remove some files from prettier ignore (#20459) (8403f69)

Code Refactoring

• use environment transform request (#20430) (24e6a0c)

7.0.5 (2025-07-17)

Bug Fixes

• deps: update all non-major dependencies (#20406) (1a1cc8a)
• remove special handling for Accept: text/html (#20376) (c9614b9)
• watch assets referenced by new URL(, import.meta.url) (#20382) (6bc8bf6)

Miscellaneous Chores

• deps: update dependency rolldown to ^1.0.0-beta.27 (#20405) (1165667)

Code Refactoring

• use foo.endsWith("bar") instead of /bar$/.test(foo) (#20413) (862e192)

7.0.4 (2025-07-10)

Bug Fixes

• allow resolving bare specifiers to relative paths for entries (#20379) (324669c)

Build System

• remove @oxc-project/runtime devDep (#20389) (5e29602)

7.0.3 (2025-07-08)

Bug Fixes

• client: protect against window being defined but addEv undefined (#20359) (31d1467)
• define: replace optional values (#20338) (9465ae1)
• deps: update all non-major dependencies (#20366) (43ac73d)

Miscellaneous Chores

... (truncated)

Commits

• bdde0f9 release: v7.0.6
• 23d04fc fix: respond with correct headers and status code for HEAD requests (#20421)
• ead2dec fix(dev): incorrect sourcemap when optimized CJS is imported (#20458)
• e49f505 fix(deps): update all non-major dependencies (#20442)
• f689d61 chore(deps): update rolldown-related dependencies (#20441)
• 8403f69 chore: remove some files from prettier ignore (#20459)
• 1c9cb49 fix(module-runner): normalize file:// on windows (#20449)
• 24e6a0c refactor: use environment transform request (#20430)
• 832f687 release: v7.0.5
• c9614b9 fix: remove special handling for Accept: text/html (#20376)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[steveoh]

@dependabot rebase