chore: sync root package-lock.json with app workspace (@vitejs/plugin-react-swc v4)

[Copilot]

npm ci was failing in the Playwright Tests CI job because the root package-lock.json didn't include the @swc/core@1.15.33 platform-specific binaries required by @vitejs/plugin-react-swc@^4.3.0 (upgraded in app/).

Changes

• Regenerated root package-lock.json via npm install from the repo root, picking up the updated app workspace resolution — @vitejs/plugin-react-swc bumped from ^3.11.0 → ^4.3.0 with all @swc/core platform binaries now present in the lock file.

The mismatch between app/package-lock.json and the root lock file was the sole cause of the CI failure; no source files were modified.

Original prompt

Problem

The Playwright Tests CI job is failing at the "Install root dependencies" step (npm ci) with errors like:

npm error Missing: @swc/core-darwin-x64@1.15.33 from lock file
npm error Missing: @swc/core-linux-x64-gnu@1.15.33 from lock file
npm error Missing: @swc/core-linux-arm64-gnu@1.15.33 from lock file
... (and other @swc/core platform variants)

Root cause: The root package-lock.json is out of sync with app/package.json. The app package upgraded @vitejs/plugin-react-swc from ^3.11.0 to ^4.3.0, which has @swc/core@1.15.33 platform-specific binaries as dependencies. These were added to app/package-lock.json but were never reflected in the root package-lock.json. Since npm ci strictly enforces the lock file, it fails.

Failing job: https://github.com/FalkorDB/QueryWeaver/actions/runs/25627969237/job/75226367251

Fix

Regenerate the root package-lock.json by running npm install from the repo root so it picks up the updated app workspace dependencies (including @vitejs/plugin-react-swc@^4.3.0 and its @swc/core platform binaries).

# From repo root
npm install

Then commit the updated package-lock.json.

Steps to implement

1. Run npm install from the repository root to regenerate package-lock.json with the correct resolved versions that match what's in app/package-lock.json.
2. Commit the updated root package-lock.json.

Do not modify any source files, workflow files, or package.json files — only the root package-lock.json needs to be updated.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Please find a solution for this failing job. Use the logs, job definition, and any referenced files where the failure occurred. Keep your response focused on the solution and include code suggestions when appropriate.

Assistant: I'll grab the job logs right away!

Assistant: ## Root Cause

The job fails at the "Install root dependencies" step (npm ci) with:

npm error Missing: @swc/core-darwin-x64@1.15.33 from lock file
npm error Missing: @swc/core-linux-x64-gnu@1.15.33 from lock file
... (and other platform variants)

The root package-lock.json is out of sync with app/package.json. Specifically:

• Root package-lock.json (line 81) declares "@vitejs/plugin-react-swc": "^3.11.0" for the app workspace
• app/package-lock.json (line 71) has it updated to "@vitejs/plugin-react-swc": "^4.3.0"

The @swc/core native platform binaries at version 1.15.33 are peer dependencies of @vitejs/plugin-react-swc v4.x, but they were never added to the root package-lock.json when the app dependency was upgraded. Since npm ci strictly enforces the lock file, it fails.

Solution

Regenerate the root package-lock.json to bring it in sync with the current state of app/package.json:

# From the repo root
npm install
git add package-lock.json
git commit -m "chore: sync root package-lock.json with updated app dependencies"

This will re-resolve the app workspace (including the new @vitejs/plugin-react-swc@^4.3.0 and its @swc/core platform binaries) and write them properly into the root lock file. After that, npm ci in CI will succeed.

Note: Going forward, whenever app/package.json or app/package-lock.json is updated, make sure to also run npm install from the repo root and commit the updated root package-lock.json.

User: please fix it in a PR

Assistant: I've submitted a PR creation request to fix the issue. The coding agent will:

1. Run npm install from the repo root to regenerate the root package-lock.json, pulling in the @swc/core@1.15.33 platform binaries that @vitejs/plugin-react-swc@^4.3.0 requires.
2. Commit and open a PR with the updated lock file.

Once merged, npm ci in the Playwright Tests workflow should pass cleanly. You'll be notified when the PR is ready for review.

This pull request was created from Copilot chat.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@rolldown/pluginutils	1.0.0-rc.7	Unknown	Unknown
npm/@swc/core	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-darwin-arm64	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-darwin-x64	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-linux-arm-gnueabihf	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-linux-arm64-gnu	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-linux-arm64-musl	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-linux-ppc64-gnu	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-linux-s390x-gnu	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-linux-x64-gnu	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-linux-x64-musl	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-win32-arm64-msvc	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-win32-ia32-msvc	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/core-win32-x64-msvc	1.15.33	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/types	0.1.26	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@vitejs/plugin-react-swc	4.3.0	🟢 7.2	Details Check Score Reason Code-Review ⚠️ 2 Found 6/22 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 7 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8
npm/postcss	8.5.14	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 1 Found 3/29 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6

Scanned Files

• package-lock.json