deps: bump @swc/core from 1.15.33 to 1.15.40

[dependabot]

Bumps @swc/core from 1.15.33 to 1.15.40.

Changelog

Sourced from @​swc/core's changelog.

[1.15.40] - 2026-05-23

Bug Fixes

• (es/minifier) Preserve args for destructured callbacks (#11830) (21873b0)

• (es/minifier) Avoid generating mangled property names that collide with existing properties (#11839) (9b4fab5)

• (es/minifier) Respect ecma for iife temp vars (#11873) (e481934)

• (es/minifier) Preserve default parameter object props (#11884) (71ff84f)

• (es/parser) Reject object-rest assignment to array/object literal (#11875) (7b57d1f)

• (es/parser) Reject object rest assignment to literals (#11881) (4ec2eaf)

• (es/react) Exclude self-recursive hooks from refresh dependency array (#11838) (9101c71)

• (ts/fast-dts) Strip definite assertions in dts (#11858) (2ab1b8a)

• (ts/fast-strip) Reject unsafe assertion erasure in binary expressions (#11828) (aa5b539)

• (typescript) Strip parameter binding defaults in dts (#11857) (800bc17)

Documentation

• Update agent guidance (#11842) (bf2d015)

• Add security policy (#11876) (6c43c2d)

• Clarify security scope for npm packages (#11877) (4662db8)

• Clarify untrusted input security model (#11882) (5463777)

... (truncated)

Commits

• 112729b chore: Publish 1.15.40 with swc_core v66.0.5
• 13a5608 chore: Publish 1.15.40-nightly-20260523.1 with swc_core v66.0.5
• bc6ee83 chore: Publish 1.15.39-nightly-20260523.1 with swc_core v66.0.5
• 3a68ad5 chore: Publish 1.15.38-nightly-20260522.1 with swc_core v66.0.5
• d0f0d5a chore: Publish 1.15.37-nightly-20260522.1 with swc_core v66.0.5
• 969df79 chore: Publish 1.15.36-nightly-20260522.1 with swc_core v66.0.5
• 38c2a44 chore: Publish 1.15.35-nightly-20260522.1 with swc_core v66.0.4
• 18df110 chore: Publish 1.15.34-nightly-20260522.1 with swc_core v66.0.4
• 20d92eb security: update rkyv and Rust dependencies (#11851)
• 0d8e651 chore: Publish crates with swc_core v65.0.3
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

^{Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.}

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​swc/​core@​1.15.40

View full report