Update package dependencies

[JoachimLK]

Update various package dependencies in package.json to their latest versions to ensure compatibility and security. This change is necessary for maintaining the project's health and performance.

Summary by CodeRabbit

• Chores
  • Updated dependency version constraints to use fixed versions instead of flexible ranges, improving build reproducibility and stability.

[railway-app]

🚅 Deployed to the reqcore-pr-184 environment in applirank

Service	Status	Web	Updated (UTC)
applirank	✅ Success (View Logs)		May 16, 2026 at 6:25 pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0f32899b-9801-44e6-ab87-dc24ccb60eb0

📥 Commits

Reviewing files that changed from the base of the PR and between a1edd32 and d375bb7.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

---

📝 Walkthrough

Walkthrough

This PR updates the package.json file to replace minimum-version constraints with exact pinned versions for transitive dependencies in the overrides section. Fifteen transitive packages are pinned to specific versions for reproducibility and stability.

Changes

Transitive Dependency Version Pinning

Layer / File(s)	Summary
Transitive dependency version overrides package.json	The overrides section pins exact versions for transitive dependencies (fast-xml-parser, tar, minimatch, glob, @isaacs/brace-expansion, rollup, esbuild, serialize-javascript, underscore, h3, devalue, unhead, uuid, fast-xml-builder, simple-git, protobufjs) instead of using minimum-version (>=) constraints.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Pinned and true, no more the range,
Exact versions—no change, no change!
Where >= once danced with uncertainty's flair,
Now solid numbers live there everywhere.
Stability blooms in the lock so tight,
Transitive dreams now perfectly right! 🎯

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete and missing most required template sections including Type of change checkboxes, Validation checkboxes, and DCO sign-off.	Complete the pull request description by filling out all required template sections: Type of change, Validation, and DCO sign-off requirements.
Title check	❓ Inconclusive	The title 'Update package dependencies' is vague and generic, lacking specific information about what was changed or improved in the dependencies.	Consider using a Conventional Commits format (e.g., 'chore(deps): pin transitive dependencies to exact versions') to clarify the nature of the change.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/v2-fix-dependencies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}