fix: upgrade @rollup/plugin-terser to fix serialize-javascript vulnerability

[pkaeding]

BEGIN_COMMIT_OVERRIDE
chore: upgrade @rollup/plugin-terser to fix serialize-javascript vulnerability
END_COMMIT_OVERRIDE

Requirements

• I have added test coverage for new or changed functionality
• I have followed the repository's pull request submission guidelines
• I have validated my changes against all supported platform versions

Related issues

Remediates high-severity Dependabot alerts for serialize-javascript:

• GHSA-5c6j-r48x-rmvq — RCE via RegExp.flags and Date.prototype.toISOString()
• GHSA-qj8w-gfj5-8c6v — CPU Exhaustion DoS via crafted array-like objects

Describe the solution you've provided

Upgrades @rollup/plugin-terser from ^0.4.3 to ^1.0.0. The new version depends on serialize-javascript@^7.0.3, which resolves to 7.0.5 (the patched version). The plugin's peer dependency on rollup (^2.0.0||^3.0.0||^4.0.0) is unchanged, so no other changes are needed.

Build and all 93 tests pass with the upgrade.

Describe alternatives you've considered

An npm overrides field to force serialize-javascript@7.0.5 under the old terser version, but a clean major bump is simpler and better maintained.

Additional context

This is a devDependency-only change — no runtime code is affected.

Link to Devin session: https://app.devin.ai/sessions/f782088a3883446e8bb7b049e5631747
Requested by: @pkaeding

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring