Skip to content

fix(deps): update all dependencies#31

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Open

fix(deps): update all dependencies#31
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented Feb 19, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@biomejs/biome (source) ^2.4.0^2.5.2 age confidence devDependencies minor
@changesets/changelog-github (source) ^0.5.2^0.7.0 age confidence devDependencies minor
@changesets/cli (source) ^2.29.8^2.31.0 age confidence devDependencies minor
@effect/cli (source) ^0.73.2^0.75.2 age confidence dependencies minor
@effect/cluster (source) ^0.56.4^0.59.0 age confidence dependencies minor
@effect/experimental (source) ^0.58.0^0.60.0 age confidence dependencies minor
@effect/platform (source) ^0.94.5^0.96.2 age confidence dependencies minor
@effect/platform-node (source) ^0.104.1^0.107.0 age confidence dependencies minor
@effect/printer (source) ^0.47.0^0.49.0 age confidence dependencies minor
@effect/printer-ansi (source) ^0.47.0^0.49.0 age confidence dependencies minor
@effect/rpc (source) ^0.73.1^0.75.1 age confidence dependencies minor
@effect/sql (source) ^0.49.0^0.51.1 age confidence dependencies minor
@effect/typeclass (source) ^0.38.0^0.40.0 age confidence dependencies minor
@effect/vitest (source) ^0.27.0^0.29.0 age confidence devDependencies minor
@effect/workflow (source) ^0.16.0^0.18.2 age confidence dependencies minor
@eslint-community/eslint-plugin-eslint-comments ^4.6.0^4.7.2 age confidence devDependencies minor
@eslint/compat (source) 2.0.22.1.0 age confidence devDependencies minor
@eslint/eslintrc 3.3.33.3.5 age confidence devDependencies patch
@​prover-coder-ai/eslint-plugin-suggest-members ^0.0.25^0.0.26 age confidence devDependencies patch
@types/node (source) ^24.10.13^24.13.2 age confidence devDependencies minor
@typescript-eslint/eslint-plugin (source) ^8.55.0^8.62.1 age confidence devDependencies minor
@typescript-eslint/parser (source) ^8.55.0^8.62.1 age confidence devDependencies minor
@vitest/coverage-v8 (source) ^4.0.18^4.1.9 age confidence devDependencies minor
@vitest/eslint-plugin ^1.6.9^1.6.21 age confidence devDependencies patch
actions/checkout v6v7 age confidence action major
actions/upload-artifact v6v7 age confidence action major
effect (source) ^3.19.17^3.21.4 age confidence dependencies minor
eslint (source) ^10.0.0^10.6.0 age confidence devDependencies minor
eslint-import-resolver-typescript ^4.4.4^4.4.5 age confidence devDependencies patch
eslint-plugin-simple-import-sort ^12.1.1^13.0.0 age confidence devDependencies major
eslint-plugin-sonarjs (source) ^3.0.7^4.1.0 age confidence devDependencies major
eslint-plugin-sort-destructure-keys ^2.0.0^3.0.0 age confidence devDependencies major
eslint-plugin-unicorn ^63.0.0^70.0.0 age confidence devDependencies major
globals ^17.3.0^17.7.0 age confidence devDependencies minor
jscpd (source) ^4.0.8^5.0.11 age confidence devDependencies major
node 24.13.124.18.0 age confidence uses-with minor
pnpm (source) 10.29.311.10.0 age confidence packageManager major
pnpm/action-setup v4v6 age confidence action major
pnpm/action-setup v3v6 age confidence action major
ts-morph ^27.0.2^28.0.0 age confidence dependencies major
typescript (source) ^5.9.3^6.0.3 age confidence devDependencies major
typescript-eslint (source) ^8.55.0^8.62.1 age confidence devDependencies minor
vite (source) ^7.3.1^8.1.3 age confidence devDependencies major
vitest (source) ^4.0.18^4.1.9 age confidence devDependencies minor

cc @skulidropek


Release Notes

biomejs/biome (@​biomejs/biome)

v2.5.2

Compare Source

Patch Changes
  • #​10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #​10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #​10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #​10752 f62fb8b Thanks @​ematipico! - Fixed #​10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #​10796 f1b3ab2 Thanks @​ematipico! - Fixed #​10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #​10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    
    // Now also reported, like `as const` (returns `false`):
    function isReady(): boolean {
      return false as false;
    }
  • #​10678 8f073a7 Thanks @​PranavAchar01! - Fixed #​7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #​10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }
  • #​10757 6232fcd Thanks @​PranavAchar01! - Fixed #​8269: the CSS parser now accepts Tailwind @variant and @utility names that start with a digit, such as the 2xl breakpoint.

    @&#8203;utility container {
      @&#8203;variant 2xl {
        max-width: 1400px;
      }
    }
  • #​10777 575ced6 Thanks @​WaterWhisperer! - Fixed an issue reported in #​10708: the GitLab reporter now handles --verbose diagnostics filtering correctly.

  • #​10281 0efe244 Thanks @​Zelys-DFKH! - Fixed a bug where GritQL patterns rejected positional (unkeyed) arguments.

  • #​10758 e36fd8a Thanks @​henrybrewer00-dotcom! - Fixed #​10697: The formatter no longer removes the parentheses around an await or yield expression used as the target of a TypeScript instantiation expression. For example, (await makeFactory)<Value> is no longer reformatted to await makeFactory<Value>, which would change the meaning of the code.

  • #​10586 3617094 Thanks @​IxxyDev! - Fixed #​9568: noFloatingPromises no longer reports a false positive when calling an overloaded function and the selected overload does not return a promise.

    function bestEffort(cb: () => Promise<number>): Promise<number>;
    function bestEffort(cb: () => number): number;
    function bestEffort(
      cb: () => number | Promise<number>,
    ): Promise<number> | number {
      return cb() as Promise<number> | number;
    }
    
    // This resolves to the second overload, which returns `number`, so it is no
    // longer flagged as a floating promise.
    bestEffort(() => 42);
  • #​10766 7aff4c1 Thanks @​JamBalaya56562! - Fixed #​2862: noInteractiveElementToNoninteractiveRole no longer reports custom elements (a tag name containing a dash, e.g. <my-button role="img" />). Per the W3C HTML-ARIA specification, a custom element may be given any role or none.

  • #​10680 771daa4 Thanks @​WaterWhisperer! - Fixed #​10635: Biome now recognizes chained
    table tests such as test.concurrent.each() and it.concurrent.each() as test calls, fixing
    noMisplacedAssertion false positives and improving formatting for those test declarations.

  • #​10759 34570b5 Thanks @​henrybrewer00-dotcom! - Fixed #​10636: noStaticElementInteractions no longer reports a false positive for event handlers on Svelte special elements such as <svelte:window>, <svelte:document>, and <svelte:body>. These are not real DOM elements, so they are now ignored by the rule.

  • #​10741 bd2364e Thanks @​JamBalaya56562! - Fixed #​6686: the rage command now respects the --config-path option and the BIOME_CONFIG_PATH environment variable when loading the Biome configuration. Previously it always used the default configuration resolution and reported the configuration as Not set when no biome.json existed in the working directory.

  • #​10763 2c3e82d Thanks @​Aqu1bp! - Fixed #​10742: noSolidDestructuredProps now reports destructured props in Solid function components and JSX children.

  • #​10606 a4cc4ab Thanks @​Mokto! - Fixed false positives in noUnusedImports, noUnusedVariables, and useImportType for Svelte components that use both a <script module> and a <script> block. The two blocks compile to a single module and share a top-level scope, so a binding (import, function, or variable) declared in one block and used only in the other is no longer reported as unused.

  • #​10767 36d5aa7 Thanks @​otkrickey! - Fixed #​10754: useVueValidVBind no longer reports the Vue 3.4+ same-name shorthand as missing a value. :foo and v-bind:foo are now accepted as equivalent to :foo="foo", while v-bind, v-bind:[dynamicArg], and :[dynamicArg] without a value continue to be reported.

  • #​10775 a918af0 Thanks @​WaterWhisperer! - Fixed an issue reported in #​10708: biome rage didn't detect running Biome daemon pipes on Windows.

  • #​10730 5a2e65b Thanks @​dinocosta! - Fixed an issue where Biome was resolving the well-known Zed settings file from the wrong location on macOS and Windows.

  • #​10807 d97fffe Thanks @​ematipico! - Fixed an issue where .scss files were incorrectly analyzed when running biome check.

  • #​10672 53c6efc Thanks @​ematipico! - Fixed a bug where Biome incorrectly formatted snippets that have parsing errors.

  • #​10719 aa649b5 Thanks @​minseong0324! - Fixed useAwaitThenable false positive when awaiting a custom thenable that is not the global Promise. A value with a callable then member is now recognized as awaitable.

    interface Thenable<T> {
      then(onfulfilled: (value: T) => void): void;
    }
    declare const t: Thenable<number>;
    async function f() {
      await t;
    }
  • #​10734 4396496 Thanks @​BangDori! - Fixed #​10708: biome migrate now preserves trivia when migrating the deprecated recommended option to preset.

  • #​10683 ae31a00 Thanks @​Netail! - Fixed #​10657 #​10671 #​10661 #​10637 #​10718: HTML rules now correctly handle dynamic attributes.

  • #​10746 54e8239 Thanks @​ematipico! - Fixed an issue where noUndeclaredClasses didn't correctly detect styles defined inside the Astro directive is:global.

  • #​10770 dd1429c Thanks @​ematipico! - Improved the Biome Language Server DX by orchestrating certain operations, so that they won't block the editor during typing. This improvement is more visible in large documents.

  • #​10473 d9b5133 Thanks @​Mokto! - Improved noUnusedImports, noUnusedVariables, noUnusedFunctionParameters, and useImportType for Svelte, Vue, and Astro files (with html.experimentalFullSupportEnabled). Bindings used only in the template — including component tags, attribute interpolations, directives, bind: shorthand, and snippet parameters — are no longer reported as unused, while genuinely unused ones still are.

  • #​10796 f1b3ab2 Thanks @​ematipico! - Fixed an issue where the Biome Language Server didn't enable project or type-aware lint rules, even when they were explicitly enabled.

  • #​10746 54e8239 Thanks @​ematipico! - Fixed an issue where noUndeclaredClasses didn't detect styles declared inside HTML documents.

  • #​10774 bde945b Thanks @​pattrickrice! - Fixed #​10268 where a race condition resulted in internal errors such as: The file biome.json does not exist in the workspace.

v2.5.1

Compare Source

Patch Changes

v2.5.0

Compare Source

Minor Changes
  • #​9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
    ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
    × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
    × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
    
  • #​9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
    <div onclick="handleClick()">Click me</div>
    
    <!-- Valid: has keyboard handler -->
    <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
    
    <!-- Valid: inherently keyboard-accessible -->
    <button onclick="handleClick()">Submit</button>
  • #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
    <html>
      <head>
        <style>
          .button {
            color: blue;
          }
        </style>
      </head>
      <body>
        <div class="button typo"></div>
      </body>
    </html>
  • #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

    /* styles.css — .ghost is never used in any importing file */
    .button {
      color: blue;
    }
    .ghost {
      color: red;
    }
    /* App.jsx */
    import "./styles.css";
    export default () => <div className="button" />;
  • #​9546 6567efa Thanks @​nhedger! - Added a biome upgrade command for standalone installations. It upgrades Homebrew installs with brew upgrade biome, updates manually installed binaries from the latest GitHub release, and tells npm users to upgrade with their package manager instead.

  • #​9716 701767a Thanks @​faizkhairi! - Added the HTML version of the useHeadingContent rule. The rule now enforces that heading elements (h1-h6) have content accessible to screen readers in HTML, Vue, Svelte, and Astro files.

    <!-- Invalid: empty heading -->
    <h1></h1>
    
    <!-- Invalid: heading hidden from screen readers -->
    <h1 aria-hidden="true">invisible content</h1>
    
    <!-- Valid: heading with text content -->
    <h1>heading</h1>
    
    <!-- Valid: heading with accessible name -->
    <h1 aria-label="Screen reader content"></h1>
  • #​9582 f437ef8 Thanks @​rahuld109! - Added the HTML version of the useKeyWithMouseEvents rule. The rule now enforces that onmouseover is accompanied by onfocus and onmouseout is accompanied by onblur in HTML, Vue, Svelte, and Astro files.

    <!-- Invalid: onmouseover without onfocus -->
    <div onmouseover="handleMouseOver()"></div>
    
    <!-- Valid: onmouseover paired with onfocus -->
    <div onmouseover="handleMouseOver()" onfocus="handleFocus()"></div>
  • #​9275 1fdbcee Thanks @​ff1451! - Added the new assist action useSortedTypeFields, which sorts the fields of GraphQL object types, interface types and input object types alphabetically, e.g. name, age, id becomes age, id, name.

  • #​10561 78075b7 Thanks @​Conaclos! - Added a new style option to useExportType,
    which enforces a style for exporting types.
    This is the same option as the one provided by useImportType.

  • #​8987 d16e32b Thanks @​DerTimonius! - Ported the useValidAnchor rule to HTML. This rule enforces that all anchors are valid and that they are navigable elements.

  • #​9533 4d251d4 Thanks @​ematipico! - The init command now prints the Biome logo.

  • #​10069 0eb9310 Thanks @​Netail! - Added the HTML lint rule noStaticElementInteractions, which enforces that static, visible elements (such as <div>) that have click handlers use the valid role attribute.

    Invalid:

    <div onclick="myFunction()"></div>
  • #​9134 2a43488 Thanks @​ematipico! - Added the assist action useSortedPackageJson.

    This action organizes package.json fields according to the same conventions as the popular sort-package-json tool.

  • #​9309 7daa18b Thanks @​Bertie690! - The allowDoubleNegation option has been added to noImplicitCoercions to allow ignoring double negations inside code.

    With the option enabled, the following example is considered valid and is ignored by the rule:

    const truthy = !!value;
  • #​9700 894f3fb Thanks @​ematipico! - The Biome Language server now supports the "go-to definition" feature.

    When the cursor of the mouse is hovering an entity (variable, CSS class, type, etc.), and the command CTRL + click is triggered, the editor jumps to where this entity is defined, if the language server can find it.

    Here's what Biome is able to resolve:

    • Variables and types used in JavaScript modules, defined in the same file or imported from another module.
    • JSX Components used in JavaScript modules, defined in the same file or imported from another module.
    • CSS classes used in JSX and HTML-ish files (Vue, Svelte and Astro), and defined in CSS files.
    • Components

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from skulidropek February 19, 2026 08:15
@renovate renovate Bot force-pushed the renovate/all branch 12 times, most recently from 6cba843 to 0f055c2 Compare February 26, 2026 20:40
@renovate renovate Bot force-pushed the renovate/all branch 9 times, most recently from 92bada8 to 71cb2e1 Compare March 7, 2026 01:14
@renovate renovate Bot force-pushed the renovate/all branch 7 times, most recently from 54d829d to 590142f Compare March 13, 2026 18:50
@renovate renovate Bot force-pushed the renovate/all branch 7 times, most recently from 5daa077 to 79555ae Compare March 31, 2026 20:40
@renovate renovate Bot force-pushed the renovate/all branch 14 times, most recently from 055e1ef to d1673ca Compare April 10, 2026 12:43
@renovate renovate Bot force-pushed the renovate/all branch 6 times, most recently from c20c888 to c23139a Compare April 16, 2026 12:07
@coderabbitai

coderabbitai Bot commented May 14, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Bumps pnpm to 11.1.3 at root and app, upgrades Changesets and many app deps/devDeps, and updates GitHub Actions versions: pnpm/action-setup → v6, Node runtime → 24.15.0, and actions/upload-artifact → v7.

Changes

Dependency and Action Upgrades

Layer / File(s) Summary
Root package manager and Changesets tooling
package.json
Root package.json updated to packageManager: "pnpm@11.1.3" and Changesets devDependencies (@changesets/changelog-github, @changesets/cli) bumped.
App package manager and dependency upgrades
packages/app/package.json
packages/app packageManager set to pnpm@11.1.3; multiple runtime dependencies and devDependencies (including @effect/*, effect, ts-morph, tooling, TypeScript, Vite/Vitest, linters) have version bumps.
GitHub Actions and workflow configuration
.github/actions/setup/action.yml, .github/workflows/checking-dependencies.yml, .github/workflows/snapshot.yml
Composite action/workflows updated: pnpm/action-setup bumped to v6, actions/setup-node node-version changed to 24.15.0, and actions/upload-artifact bumped to v7.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

Poem

🐰 A patch of pins and versions new,
I nibbled bumps and pushed them through.
Workflows hum and artifacts sing,
PNPM hops to a brighter spring.
— Rabbit with a CI carrot 🥕

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly summarizes the main change: a broad dependency update.
Description check ✅ Passed The description is directly about the dependency updates and related tooling bumps.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/all

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/actions/setup/action.yml:
- Line 13: The action uses pnpm/action-setup@v6 but the custom action default
still sets node-version: 20.16.0 which is incompatible; update the default
node-version in action.yml to Node 24 (>=24.0.0, e.g., 24.15.0 to match
checking-dependencies.yml) so the action runs on the required runtime, and after
changing the default verify pnpm selection behavior (packageManager in
package.json / pnpm@11.1.2) because v6 has a bug that may ignore
packageManager—if necessary pin the pnpm version explicitly or add configuration
to enforce packageManager to ensure the expected pnpm version is used.

In @.github/workflows/checking-dependencies.yml:
- Line 15: The workflow uses pnpm/action-setup@v6 but package.json declares
packageManager: pnpm@11.1.2, causing a mismatch; either align the workflow or
package.json: update package.json's packageManager to "pnpm@11.1.1" to match the
action's default, or explicitly configure the action in
.github/workflows/checking-dependencies.yml (pnpm/action-setup) with a
compatible with.version value (e.g., 11.1.1) until 11.1.2 is released, or remove
the explicit version so the action auto-detects from package.json and surfaces
the proper error if the version is unavailable.

In `@package.json`:
- Line 6: Update package.json to remove deprecated pnpm v10 fields and adopt
pnpm v11 format: replace any ignoredBuiltDependencies and onlyBuiltDependencies
entries with the new allowBuilds configuration (mapping allowed package patterns
or booleans accordingly) and set the engines.node field to ">=22" (or "22.x" per
project policy) so Node.js requirement is explicit for pnpm 11; also keep
packageManager set to "pnpm@11.1.2" and run the pnpm v10→v11 codemod (pnpx
codemod run pnpm-v10-to-v11) to ensure any other migration changes are applied.

In `@packages/app/package.json`:
- Line 71: Add an "engines" entry to packages/app/package.json to require
Node.js >=20.19.0 so ESLint 10.3.0 runs correctly; locate the existing "eslint":
"^10.3.0" dependency in package.json and add an "engines" object with "node":
">=20.19.0" to enforce the minimum Node version for contributors and CI.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 99f915a6-56ca-42ec-8fc8-02ccf3d20151

📥 Commits

Reviewing files that changed from the base of the PR and between 2b21043 and f9810e9.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (5)
  • .github/actions/setup/action.yml
  • .github/workflows/checking-dependencies.yml
  • .github/workflows/snapshot.yml
  • package.json
  • packages/app/package.json

Comment thread .github/actions/setup/action.yml
steps:
- uses: actions/checkout@v6
- uses: pnpm/action-setup@v4
- uses: pnpm/action-setup@v6

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

pnpm/action-setup v6 release notes

💡 Result:

pnpm/action-setup v6 release notes (from the repo’s official GitHub Releases pages) are available as a series of versioned release entries under the v6 tags. The most recent v6 entry visible in the official releases feed is v6.0.8 (published 2026-05-12), with the following changes: 1) v6.0.8 (2026-05-12) - docs(README): fix cache_dependency_path type (PR #257) [1] - fix: drop patchPnpmEnv so standalone+self-update works on Windows (PR #258) [1] - fix: update pnpm to 11.1.1 (PR #248) [1] 2) v6.0.4 (2026-04-30) - fix: use npm co-located with the action node binary (PR #239) [2] Additional v6 changes are also reflected in the v4...v6 comparison page (including updates to README/examples and caching-related input typing/behavior), which indicates that v6 introduces/updates inputs like cache_dependency_path handling. In that compare view, cache_dependency_path is described as accepting multiple paths delimited by newlines, and the example workflows are updated to use pnpm/action-setup@v6 instead of v4. [3] Notes / where to read the full set of v6 release notes: - Start at the official Releases index for pnpm/action-setup and select the v6.x.y tags. The Releases index is the source of truth for the complete v6 changelog history. [4] If you want, tell me the exact v6 range you care about (e.g., “v6.0.0 through v6.0.8” or “just v6.0.8”), and I’ll summarize only those entries.

Citations:


🌐 Web query:

Node.js 24.15.0 release notes

💡 Result:

Node.js 24.15.0 (Krypton, LTS) release notes (published 2026-04-15) list these notable changes: - cli: add --max-heap-size option [1] - cli: add --require-module / --no-require-module [2] - crypto: add raw key formats support to the KeyObject APIs [1] - fs: add throwIfNoEntry option for fs.stat and fs.promises.stat [2] - http2: add http1Options for HTTP/1 fallback configuration [2] - module: mark require(esm) as stable [2] - module: mark module compile cache as stable [2] - net: add setTOS and getTOS to Socket [2] - sqlite: add limits property to DatabaseSync [2] - sqlite: mark as release candidate [2] - src: add C++ support for diagnostics channels [2] - stream: rename Duplex.toWeb type option to readableType [2] - test_runner: add exports option for module mocks [2] - test_runner: expose worker ID for concurrent test execution [2] - test_runner: show interrupted test on SIGINT [2] Primary sources for the above are the official Node.js blog release page and the Node.js v24 changelog section for 24.15.0 [1][2].

Citations:


🏁 Script executed:

#!/bin/bash
# Check all workflow files for consistency in action versions
rg -n "pnpm/action-setup@" --type yaml
rg -n "node-version:" --type yaml

Repository: ProverCoderAI/effect-template

Length of output: 55


🏁 Script executed:

#!/bin/bash
# Check if the workflow file exists
ls -la .github/workflows/ 2>/dev/null || echo "Directory not found"

# If it exists, read the file
if [ -f ".github/workflows/checking-dependencies.yml" ]; then
  echo "=== File found, reading contents ==="
  cat -n ".github/workflows/checking-dependencies.yml"
else
  echo "File not found"
fi

# Also check with fd for any workflow files
echo "=== Searching for workflow files ==="
fd -e yml -e yaml ".github/workflows/" 2>/dev/null || fd -e yml -e yaml

Repository: ProverCoderAI/effect-template

Length of output: 1412


🏁 Script executed:

#!/bin/bash
# Check pnpm version in lock file
head -20 pnpm-lock.yaml | grep -i "version\|lockfileVersion"

# Also check package.json for pnpm version requirement if any
if [ -f "package.json" ]; then
  grep -i "pnpm" package.json
fi

# Check if there's a .npmrc or similar config
if [ -f ".npmrc" ]; then
  cat .npmrc
fi

Repository: ProverCoderAI/effect-template

Length of output: 745


🌐 Web query:

pnpm 11.1.2 release date and availability

💡 Result:

No evidence found of a pnpm 11.1.2 release as of 2026-05-14. The latest releases are v11.1.1 (published around 2026-05-12 [1]) and v11.1.0 (published 2026-05-11 [2][3][4]). Official GitHub releases page lists recent tags up to May 12 but no 11.1.2 [3]. npm registry tracks these releases [4], and no sources mention 11.1.2. It is not yet released or available.[2][3][1]

Citations:


🌐 Web query:

pnpm/action-setup configure pnpm version 11.1.2

💡 Result:

To configure pnpm/action-setup to install pnpm 11.1.2, use the action’s with.version input: steps: - uses: pnpm/action-setup@v6 with: version: 11.1.2 The version input is “Version of pnpm to install” and supports exact versions like 11.1.2 (or version ranges/tags). If you omit version, the action can use the packageManager field from your package.json instead.[1] You may optionally specify run_install if you also want the action to run pnpm install for you; otherwise run pnpm install in a later step.[1]

Citations:


Configure pnpm version in pnpm/action-setup to match project requirement.

The workflow uses pnpm/action-setup@v6 which installs pnpm 11.1.1 by default, but the project specifies packageManager: pnpm@11.1.2 in package.json. Since pnpm 11.1.2 does not yet exist, the pnpm install --frozen-lockfile step (line 21) will fail due to version mismatch. Either update package.json to use pnpm 11.1.1, or configure the action with with.version: 11.1.2 once that version is released. Alternatively, the action can auto-detect the version from package.json if no version input is specified (allowing proper error messaging when unavailable).

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/checking-dependencies.yml at line 15, The workflow uses
pnpm/action-setup@v6 but package.json declares packageManager: pnpm@11.1.2,
causing a mismatch; either align the workflow or package.json: update
package.json's packageManager to "pnpm@11.1.1" to match the action's default, or
explicitly configure the action in .github/workflows/checking-dependencies.yml
(pnpm/action-setup) with a compatible with.version value (e.g., 11.1.1) until
11.1.2 is released, or remove the explicit version so the action auto-detects
from package.json and surfaces the proper error if the version is unavailable.

Comment thread package.json Outdated
"private": true,
"description": "Monorepo workspace for effect-template",
"packageManager": "pnpm@10.29.3",
"packageManager": "pnpm@11.1.2",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

pnpm 11 release notes breaking changes from pnpm 10

💡 Result:

pnpm 11 introduces several breaking changes from v10, primarily documented in the official migration guide [1] and v11.0.0 release notes [2][3]. Key breaking changes include: Node.js requirement: Now requires Node.js 22 or newer; support for v18-21 dropped. pnpm is pure ESM, and standalone exe needs glibc 2.27+ [3][2][4]. Configuration changes [1]: - No longer reads config from package.json#pnpm; move to pnpm-workspace.yaml. -.npmrc limited to auth/registry; other settings (hoist-pattern, node-linker, etc.) to pnpm-workspace.yaml (camelCase keys). - npm_config_* env vars ignored; use pnpm_config_*. - Deprecated build settings (onlyBuiltDependencies, etc.) removed; use allowBuilds [3][2]. - Package manager settings consolidated to pmOnFail: 'download'|'ignore'|'warn'|'error'. - Renames: allowNonAppliedPatches -> allowUnusedPatches; auditConfig.ignoreCves -> auditConfig.ignoreGhsas. Store upgraded to v11: SQLite index.db replaces JSON files; incompatible with v10 stores (clear or migrate) [3][2][5]. Global installs: Isolated in {pnpmHomeDir}/global/v11/{hash}/ with own package.json/node_modules/pnpm-lock.yaml. pnpm install -g (no args) removed; use pnpm add -g [3][2]. pnpm link changes: No global store resolution; only relative/absolute paths. --global removed (use pnpm add -g.); no-arg pnpm link removed [1][6]. Removed commands: pnpm server; npm passthrough (publish, login, etc.) now native, some like access, edit removed [3][2]. Lockfile: patchedDependencies simplified to selector -> hash; auto-migrated [5]. Script shadowing: Scripts named clean/setup/deploy/rebuild run script, not built-in; use pnpm pm [1]. Security defaults: minimumReleaseAge=1440 (1 day), blockExoticSubdeps=true, strictDepBuilds=true [3][2]. A codemod assists migration: pnpx codemod run pnpm-v10-to-v11 [1]. Full details: https://pnpm.io/migration [1], https://github.com/pnpm/pnpm/releases/tag/v11.0.0 [2], https://pnpm.io/blog/releases/11.0 [3].

Citations:


🏁 Script executed:

#!/bin/bash
# Check if pnpm-lock.yaml has been updated alongside this change
git diff HEAD -- pnpm-lock.yaml | head -50

Repository: ProverCoderAI/effect-template

Length of output: 55


🏁 Script executed:

#!/bin/bash
# Check if pnpm-lock.yaml exists and what version it specifies
if [ -f "pnpm-lock.yaml" ]; then
  echo "=== pnpm-lock.yaml lockfileVersion ==="
  head -20 pnpm-lock.yaml | rg "lockfileVersion|name|version"
else
  echo "pnpm-lock.yaml not found"
fi

# Check if package.json has pnpm config that needs migration
echo -e "\n=== package.json pnpm config ==="
jq '.pnpm' package.json 2>/dev/null || echo "No pnpm config in package.json"

# Check Node.js version requirement
echo -e "\n=== Node.js engines requirement ==="
jq '.engines' package.json 2>/dev/null || echo "No engines field"

Repository: ProverCoderAI/effect-template

Length of output: 586


🏁 Script executed:

#!/bin/bash
# Check git log to see if pnpm-lock.yaml was modified in this change
echo "=== Recent git changes to pnpm-lock.yaml ==="
git log --oneline -n 10 -- pnpm-lock.yaml 2>/dev/null || echo "No pnpm-lock.yaml history"

# Check if .npmrc or pnpm-workspace.yaml exists
echo -e "\n=== pnpm configuration files ==="
ls -la .npmrc pnpm-workspace.yaml .pnpmfile.cjs 2>/dev/null || echo "Checking config files..."
fd -e "npmrc|pnpmfile|workspace.yaml" .

Repository: ProverCoderAI/effect-template

Length of output: 287


🏁 Script executed:

#!/bin/bash
# Check CI workflows for Node.js version
echo "=== CI/CD Node.js version requirement ==="
find .github -name "*.yml" -o -name "*.yaml" 2>/dev/null | head -5 | xargs grep -l "node-version\|node_version\|setup-node" 2>/dev/null | head -1 | xargs cat 2>/dev/null | grep -A 2 "node-version\|setup-node" || echo "Checking workflows..."

Repository: ProverCoderAI/effect-template

Length of output: 370


Migrate deprecated pnpm configuration to pnpm 11 format.

The pnpm-lock.yaml has been regenerated to v9.0 (pnpm 11 format), but package.json still contains deprecated configuration that is no longer supported in pnpm 11:

  • ignoredBuiltDependencies and onlyBuiltDependencies must be migrated to the new allowBuilds configuration
  • Node.js requirement must be explicitly set to 22+ in the engines field (pnpm 11 no longer supports Node.js v18-21)

These deprecated options will cause failures when running pnpm commands. Use the pnpm v10→v11 migration codemod (pnpx codemod run pnpm-v10-to-v11) to complete the migration.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 6, Update package.json to remove deprecated pnpm v10
fields and adopt pnpm v11 format: replace any ignoredBuiltDependencies and
onlyBuiltDependencies entries with the new allowBuilds configuration (mapping
allowed package patterns or booleans accordingly) and set the engines.node field
to ">=22" (or "22.x" per project policy) so Node.js requirement is explicit for
pnpm 11; also keep packageManager set to "pnpm@11.1.2" and run the pnpm v10→v11
codemod (pnpx codemod run pnpm-v10-to-v11) to ensure any other migration changes
are applied.

Comment thread packages/app/package.json Outdated
"@typescript-eslint/parser": "^8.59.3",
"typescript-eslint": "^8.59.3",
"@vitest/coverage-v8": "^4.1.6",
"eslint": "^10.3.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

ESLint 10.0 release notes breaking changes migration guide

💡 Result:

ESLint 10.0 release notes / breaking changes and the official migration guide are here: 1) Official migration guide (v9.x → v10.x) https://eslint.org/docs/latest/use/migrate-to-10.0.0 [1] 2) Official release notes for v10.0.0 https://eslint.org/blog/2026/02/eslint-v10.0.0-released/ [2] Key breaking changes called out in the migration guide (high-signal items) A) Node.js version support dropped ESLint v10.0.0 no longer supports Node.js versions < v20.19.0 (and also drops v21.x and v23.x); the migration guide says to upgrade to Node.js v20.19.0 or later [1][3]. B) “Old config format” no longer supported; flat config required The v10 migration guide states the legacy config system is removed (i.e., old eslintrc format is no longer supported) and points you to use flat config (eslint.config.) [1]. The migration guide summary also calls out removing the eslintrc format [1][3]. C) New configuration file lookup algorithm In ESLint v9 there was an alternate behavior guarded by a feature flag; in v10.0.0, the behavior is the default. The migration guide describes that config lookup now starts from the directory of each linted file and searches upward to the filesystem root (instead of starting from the current working directory) and that the v10_config_lookup_from_file flag was removed [1]. D) Removed feature for eslintrc config lookup behavior flag Attempting to use v10_config_lookup_from_file now results in an error (because the flag was removed) [1]. E) Rule/behavior & API breaking changes (examples listed in the migration guide) The migration guide lists multiple other breaking/API changes, including (among others) removal of the nodeType property in LintMessage objects [1], JSX references now being tracked [1], and changes around fixer APIs requiring string text arguments [1]. How to migrate (practical steps to follow) - Upgrade Node.js to a supported version (>= v20.19.0) before running ESLint 10 [1]. - Ensure you are using flat config (eslint.config.) and remove any legacy eslintrc configuration usage [1]. - If you previously relied on the v9 config lookup behavior / feature flag, update to the new lookup algorithm (start from each linted file’s directory) [1]. - Then run the official migration guide’s checklist/sections to address any remaining listed breaking changes in your specific setup [1].

Citations:


🏁 Script executed:

#!/bin/bash
# Check ESLint configuration files for compatibility
fd eslint.config -e js -e mjs -e cjs --exec cat {}

Repository: ProverCoderAI/effect-template

Length of output: 55


🏁 Script executed:

#!/bin/bash
# Check for ESLint configuration files
echo "=== Searching for ESLint config files ==="
fd -e json -e js -e cjs -e mjs '(eslintrc|eslint\.config)' --base-directory .

# Check package.json for Node.js version and ESLint config location
echo -e "\n=== Checking packages/app/package.json ==="
head -80 packages/app/package.json | tail -20

# Check root package.json for Node.js engines
echo -e "\n=== Checking root package.json for engines ==="
rg '"engines"' -A 5 package.json

Repository: ProverCoderAI/effect-template

Length of output: 1013


🏁 Script executed:

#!/bin/bash
# More comprehensive search for all ESLint-related configs
echo "=== Searching for all ESLint configs ==="
find . -type f \( -name ".eslintrc*" -o -name "eslint.config.*" \) 2>/dev/null

# Check for ESLint in workspace packages
echo -e "\n=== Checking eslint references in all package.json files ==="
find . -name "package.json" -type f -exec grep -l "eslint" {} \; 2>/dev/null

Repository: ProverCoderAI/effect-template

Length of output: 252


🏁 Script executed:

#!/bin/bash
# Check the ESLint flat config file
echo "=== Content of eslint.config.mts ==="
cat packages/app/eslint.config.mts

# Search for Node.js version constraints
echo -e "\n=== Searching for Node.js version constraints ==="
find . -type f \( -name ".nvmrc" -o -name ".tool-versions" -o -name "nvmrc" \) 2>/dev/null | head -10

# Check GitHub workflows for Node.js version
echo -e "\n=== Checking for Node.js version in CI/workflows ==="
fd "\.ya?ml$" .github/workflows 2>/dev/null | xargs grep -h "node-version" 2>/dev/null | head -10

Repository: ProverCoderAI/effect-template

Length of output: 10380


🏁 Script executed:

#!/bin/bash
# Check if engines field exists in root and app package.json
echo "=== Checking engines field in package.json files ==="
rg '"engines"' -B 1 -A 3 . --type json

# Check for `@eslint/compat` usage in eslint.config.mts
echo -e "\n=== Checking `@eslint/compat` usage ==="
grep -n "@eslint/compat\|compat" packages/app/eslint.config.mts || echo "No `@eslint/compat` found in config"

Repository: ProverCoderAI/effect-template

Length of output: 219


Add engines field to enforce Node.js >= v20.19.0 for ESLint 10.3.0 compatibility.

The repository has already properly migrated to ESLint's flat config format (eslint.config.mts) and uses @eslint/compat correctly for plugin compatibility. However, ESLint 10.3.0 requires Node.js >= v20.19.0, and this constraint should be explicitly documented in package.json via an engines field. Without it, developers using older Node.js versions may encounter runtime errors. Add to packages/app/package.json:

"engines": {
  "node": ">=20.19.0"
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/app/package.json` at line 71, Add an "engines" entry to
packages/app/package.json to require Node.js >=20.19.0 so ESLint 10.3.0 runs
correctly; locate the existing "eslint": "^10.3.0" dependency in package.json
and add an "engines" object with "node": ">=20.19.0" to enforce the minimum Node
version for contributors and CI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant