chore(deps): refresh workspace dependencies#2811
Conversation
Apply safe minor and patch updates across the monorepo, regenerate the Bun lockfile, and add root overrides for vulnerable transitive packages that can be patched without changing package behavior. Also update the docs site dependency set and clean up docs CSS so the stricter Biome version still passes CI.
🦋 Changeset detectedLatest commit: 1acf60e The changes in this PR will be included in the next version bump. This PR includes changesets to release 31 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (8)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughThis PR updates many dependency versions across the monorepo (root and package-level), bumps Bun/packageManager versions in workflows and root manifest, and adjusts docs CSS (responsive base font sizing, global inline Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related issues
Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Review Summary by QodoRefresh workspace dependencies and add Bun overrides for security
WalkthroughsDescription• Update workspace dependencies to latest minor/patch versions • Add Bun overrides for vulnerable transitive packages • Upgrade Biome to stricter version and fix CSS compliance • Improve code formatting consistency across package.json files Diagramflowchart LR
A["Dependency Updates"] --> B["Root package.json"]
A --> C["Docs Dependencies"]
A --> D["Package Dependencies"]
B --> E["Bun Overrides Added"]
C --> F["Biome CSS Fixes"]
D --> G["Minor/Patch Versions"]
E --> H["Security Improvements"]
F --> I["Stricter Linting Pass"]
File Changes2. docs/package.json
|
Code Review by Qodo
1.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
Greptile SummaryThis PR performs a broad dependency refresh across the node-minify monorepo: it bumps Bun from 1.3.5 to 1.3.10, upgrades workspace and docs dependencies (astro 5.0→5.18, @swc/core 1.10→1.15, lightningcss 1.28→1.31, wrangler 4.0→4.71, and more), and introduces a root-level Notable issue:
All other findings:
Confidence Score: 4/5
Last reviewed commit: 7e9124e |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| "cross-spawn": "6.0.6", | ||
| "devalue": "5.6.3", | ||
| "http-cache-semantics": "4.1.1", | ||
| "js-yaml": "4.1.1", |
There was a problem hiding this comment.
http-cache-semantics override pins a version below what astro@5.18.0 requires.
The override sets http-cache-semantics to 4.1.1, but astro@5.18.0 declares "http-cache-semantics": "^4.2.0" in its dependencies. Bun's overrides mechanism will force 4.1.1 globally, bypassing astro's semver constraint.
While HTTP caching may appear functional (it's only a minor version difference), any behavior changed, fixed, or added between versions 4.1.1 and 4.2.0 will be silently missing. Since the intent of this override is to apply security patches to transitive dependencies, consider bumping to 4.2.0 or higher to avoid breaking astro's declared minimum:
| "js-yaml": "4.1.1", | |
| "http-cache-semantics": "4.2.0", |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/src/styles/index.css`:
- Around line 165-178: Replace the deprecated declaration inside the code
selector: remove the obsolete "word-break: break-word" rule and instead add
"overflow-wrap: anywhere" (and optionally keep "word-break: normal" if explicit
behavior is desired) so inline code blocks use the modern equivalent; update the
block in the CSS rule for the code selector where variables like --font-mono and
--theme-code-inline-bg are defined (the code { ... } rule) to reflect this
change.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 01f8fd98-0c5b-4980-9c85-7e71abf65968
⛔ Files ignored due to path filters (1)
bun.lockis excluded by!**/*.lock
📒 Files selected for processing (31)
docs/package.jsondocs/src/styles/index.csspackage.jsonpackages/action/package.jsonpackages/babel-minify/package.jsonpackages/benchmark/package.jsonpackages/clean-css/package.jsonpackages/cli/package.jsonpackages/core/package.jsonpackages/crass/package.jsonpackages/cssnano/package.jsonpackages/csso/package.jsonpackages/esbuild/package.jsonpackages/google-closure-compiler/package.jsonpackages/html-minifier/package.jsonpackages/imagemin/package.jsonpackages/jsonminify/package.jsonpackages/lightningcss/package.jsonpackages/minify-html/package.jsonpackages/no-compress/package.jsonpackages/oxc/package.jsonpackages/run/package.jsonpackages/sharp/package.jsonpackages/sqwish/package.jsonpackages/svgo/package.jsonpackages/swc/package.jsonpackages/terser/package.jsonpackages/uglify-es/package.jsonpackages/uglify-js/package.jsonpackages/utils/package.jsonpackages/yui/package.json
Remove the remaining root overrides to avoid forcing incompatible transitive versions across the workspace. Align workflow and composite action Bun pins with packageManager, apply the docs CSS review fix, and add a changeset for the published dependency bumps.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #2811 +/- ##
========================================
Coverage 95.22% 95.22%
========================================
Files 73 73
Lines 1739 1739
Branches 527 527
========================================
Hits 1656 1656
Misses 83 83 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
1 participant
Summary
Validation
Notes
Summary by cubic
Refresh workspace dependencies, align
bun@1.3.10across CI, and remove risky root overrides to avoid transitive conflicts. Cutsbun auditfindings from 22 to 7 and keeps docs CSS working with stricter@biomejs/biome.Dependencies
packageManagertobun@1.3.10; bump@biomejs/biome@2.4.6,vitest@4.0.18,tsdown@0.20.3,vite-tsconfig-paths@6.1.1,@types/node@22.19.15.cssnano@7.1.x,esbuild@0.27.3,html-minifier-next@4.19.x,imagemin@9.0.1,lightningcss@1.31.x,sharp@0.34.5,svgo@4.0.1,@swc/core@1.15.x,@minify-html/node@0.18.1.astro@5.18,@astrojs/cloudflare@12.6.12,@astrojs/preact@4.1.3,preact@10.28.x,wrangler@4.71.0; tidy CSS to satisfy new Biome rules.overridesto avoid forcing incompatible transitives.Bug Fixes
pngquantinstall; align Bun pin to1.3.10across workflows and the@node-minify/actioncomposite action.Written for commit 1acf60e. Summary will update on new commits.
Summary by CodeRabbit
New Features
Chores
Style