chore(deps-dev): bump rollup from 2.40.0 to 2.80.0 in /plugins/example-action-plugin

[dependabot]

Bumps rollup from 2.40.0 to 2.80.0.

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

• #6277: Validate bundle stays within output dir (@​lukastaegert)

2.79.2

2024-09-26

Bug Fixes

• Resolve CVE-2024-43788 (#5677)

Pull Requests

• #5677: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (@​fabianszabo)

2.79.1

2022-09-22

Bug Fixes

• Avoid massive performance degradation when creating thousands of chunks (#4643)

Pull Requests

• #4639: fix: typo docs and contributors link in CONTRIBUTING.md (@​takurinton)
• #4641: Update type definition of resolveId (@​ivanjonas)
• #4643: Improve performance of chunk naming collision check (@​lukastaegert)

2.79.0

2022-08-31

Features

• Add amd.forceJsExtensionForImports to enforce using .js extensions for relative AMD imports (#4607)

Pull Requests

• #4607: add option to keep extensions for amd (@​wh1tevs)

... (truncated)

Commits

• d17ae15 2.80.0
• d6dee5e Validate bundle stays within output dir (#6277)
• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• 69ff418 2.79.1
• 04dce1b Update changelog
• 159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
• e1392b3 Update type definition of resolveId (#4641)
• 7836357 Improve performance of chunk naming collision check (#4643)
• 71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Low risk dev-tooling bump limited to the plugins/example-action-plugin build pipeline, though Rollup behavior changes could affect bundling/output during plugin builds.

Overview
Updates the plugins/example-action-plugin build tooling by bumping rollup from 2.40.0 to 2.80.0 in package.json and package-lock.json.

The lockfile is refreshed accordingly (including Rollup’s optional fsevents range update), with no runtime dependency or source-code changes.

^{Written by Cursor Bugbot for commit ad139e6. This will update automatically on new commits. Configure here.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: ad139e6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[nx-cloud]

🤖 Nx Cloud AI Fix Eligible

An automatically generated fix could have helped fix failing tasks for this run, but Self-healing CI is disabled for this workspace. Visit workspace settings to enable it and get automatic fixes in future runs.

_{To disable these notifications, a workspace admin can disable them in workspace settings.}

---

View your CI Pipeline Execution ↗ for commit ad139e6

Command	Status	Duration	Result
nx test @e2e/sveltekit	❌ Failed	3m 23s	View ↗
nx test @e2e/qwik-city	✅ Succeeded	7m 38s	View ↗
nx test @e2e/angular-17	✅ Succeeded	6m 29s	View ↗
nx test @e2e/angular-17-ssr	✅ Succeeded	5m 5s	View ↗
nx test @e2e/react	✅ Succeeded	4m 33s	View ↗
nx test @e2e/vue	✅ Succeeded	4m 17s	View ↗
nx test @e2e/nextjs-sdk-next-app	✅ Succeeded	6m 47s	View ↗
nx test @e2e/react-sdk-next-15-app	✅ Succeeded	5m 4s	View ↗
Additional runs (37)	✅ Succeeded	...	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-27 22:17:28 UTC