Skip to content

fix(deps): update all dependencies#28

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Open

fix(deps): update all dependencies#28
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@biomejs/biome (source) ^2.4.9^2.5.3 age confidence devDependencies minor
@changesets/changelog-github (source) ^0.6.0^0.7.0 age confidence devDependencies minor
@changesets/cli (source) ^2.30.0^2.31.0 age confidence devDependencies minor
@effect/cli (source) ^0.75.0^0.75.2 age confidence dependencies patch
@effect/cluster (source) ^0.58.0^0.59.0 age confidence dependencies minor
@effect/platform (source) ^0.96.0^0.96.2 age confidence dependencies patch
@effect/platform-node (source) ^0.106.0^0.107.0 age confidence dependencies minor
@effect/rpc (source) ^0.75.0^0.75.1 age confidence dependencies patch
@effect/sql (source) ^0.51.0^0.51.1 age confidence dependencies patch
@effect/workflow (source) ^0.18.0^0.18.2 age confidence dependencies patch
@eslint-community/eslint-plugin-eslint-comments ^4.7.1^4.7.2 age confidence devDependencies patch
@eslint/compat (source) 2.0.32.1.0 age confidence devDependencies minor
@eslint/eslintrc 3.3.53.3.6 age confidence devDependencies patch
@types/node (source) ^25.5.0^25.9.5 age confidence devDependencies minor
@typescript-eslint/eslint-plugin (source) ^8.57.2^8.63.0 age confidence devDependencies minor
@typescript-eslint/parser (source) ^8.57.2^8.63.0 age confidence devDependencies minor
@typescript-eslint/rule-tester (source) 8.57.28.63.0 age confidence devDependencies minor
@typescript-eslint/utils (source) 8.57.28.63.0 age confidence dependencies minor
@vitest/coverage-v8 (source) ^4.1.2^4.1.10 age confidence devDependencies patch
@vitest/eslint-plugin ^1.6.13^1.6.23 age confidence devDependencies patch
actions/checkout v6v7 age confidence action major
biome (source) ^2.4.9^2.5.3 age confidence devDependencies minor
effect (source) ^3.21.0^3.21.4 age confidence dependencies patch
eslint (source) ^10.1.0^10.7.0 age confidence devDependencies minor
eslint-doc-generator ^3.3.2^3.6.0 age confidence devDependencies minor
eslint-import-resolver-typescript ^4.4.4^4.4.5 age confidence devDependencies patch
eslint-plugin-eslint-plugin ^7.3.2^7.4.1 age confidence devDependencies minor
eslint-plugin-simple-import-sort ^12.1.1^13.0.0 age confidence devDependencies major
eslint-plugin-sonarjs (source) ^4.0.2^4.1.0 age confidence devDependencies minor
eslint-plugin-unicorn ^63.0.0^71.1.0 age confidence devDependencies major
globals ^17.4.0^17.7.0 age confidence devDependencies minor
jscpd (source) ^4.0.8^5.0.12 age confidence devDependencies major
node 24.14.124.18.0 age confidence uses-with minor
npm (source) ^11.12.1^12.0.1 age confidence devDependencies major
pnpm (source) 10.33.011.12.0 age confidence packageManager major
pnpm/action-setup v5v6 age confidence action major
ts-morph ^27.0.2^28.0.0 age confidence devDependencies major
typescript (source) >=4.8.4 <7.0.0>=4.8.4 <8.0.0 age confidence peerDependencies major
typescript (source) ^6.0.2^7.0.2 age confidence devDependencies major
typescript-eslint (source) ^8.57.2^8.63.0 age confidence devDependencies minor
vite (source) ^8.0.3^8.1.4 age confidence devDependencies minor
vitest (source) ^4.1.2^4.1.10 age confidence devDependencies patch

cc @skulidropek


Release Notes

biomejs/biome (@​biomejs/biome)

v2.5.3

Compare Source

Patch Changes
  • #​10815 86613d5 Thanks @​WaterWhisperer! - Fixed a parser panic reported in #​10708: Biome now recovers when unsupported CSS Modules @value rules or scoped @keyframes names end at EOF.

  • #​10534 da9b403 Thanks @​Mokto! - Fixed noUnusedVariables false positives in Svelte files: Svelte store subscriptions ($store references in templates now keep the underlying store binding from being flagged), and $bindable() props that are only written to in the script block (write-only is intentional for bindable props) are no longer reported as unused.

  • #​10827 098ba41 Thanks @​Aqu1bp! - Fixed #​10698: The noUnsafeOptionalChaining rule now reports unsafe optional chains wrapped in TypeScript as, satisfies, type assertion, and instantiation expressions, such as new (value?.constructor as Constructor)().

  • #​10773 3c6513d Thanks @​otkrickey! - Fixed #​10772: useVueValidVOn no longer reports a missing handler for v-on directives using a verb modifier (.stop / .prevent) without an expression, e.g. <div @&#8203;click.stop></div>. The rule also accepts the arg-less object syntax <div v-on="$listeners"></div> instead of reporting a missing event name.

  • #​10721 d83c66b Thanks @​minseong0324! - Improved type-aware lint rule inference for built-in globals and indexed function calls. Biome now resolves Error(...), new Error(...), optional Error#stack, and calls through indexed function values such as handlers[0]() more accurately.

  • #​10865 6450276 Thanks @​ematipico! - Fixed #​10845. Biome Language Server no longer goes in deadlock when the scanner is enabled.

  • #​10853 93d8e53 Thanks @​Netail! - Fixed #​10840: Astro shorthand attribute syntax is now correctly being parsed from embedded nodes.

  • #​10820 bba3092 Thanks @​JamBalaya56562! - Fixed #​10619: noProcessEnv now also reports computed (bracket) member access. Previously only dot access was checked, so process["env"] and env["NODE_ENV"] (where env is imported from node:process) were missed. Both static and computed accesses are now reported.

  • #​10835 3447b2f Thanks @​dyc3! - Fixed #​10824: useDomQuerySelector now supports an ignore option for receiver identifiers that should not be reported.

  • #​10875 b12e486 Thanks @​dyc3! - Fixed #​10795: --profile-rules now reports timings for each plugin separately as plugin/<pluginName>, matching the naming used by plugin suppressions, instead of aggregating all plugins under a single plugin/plugin entry.

  • #​10877 d6bc447 Thanks @​ematipico! - Fixed biome-zed#164: Biome no longer inserts stray whitespace when format-on-type runs after closing delimiters such as ), ], and }.

  • #​10867 a21463e Thanks @​dyc3! - Fixed #​10864: Biome no longer crashes when checking or linting HTML files with unquoted attribute values such as <textarea rows=4></textarea>.

v2.5.2

Compare Source

Patch Changes
  • #​10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #​10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #​10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #​10752 f62fb8b Thanks @​ematipico! - Fixed #​10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #​10796 f1b3ab2 Thanks @​ematipico! - Fixed #​10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #​10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    
    // Now also reported, like `as const` (returns `false`):
    function isReady(): boolean {
      return false as false;
    }
  • #​10678 8f073a7 Thanks @​PranavAchar01! - Fixed #​7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #​10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }
  • #​10757 6232fcd Thanks @​PranavAchar01! - Fixed #​8269: the CSS parser now accepts Tailwind @variant and @utility names that start with a digit, such as the 2xl breakpoint.

    @&#8203;utility container {
      @&#8203;variant 2xl {
        max-width: 1400px;
      }
    }
  • #​10777 575ced6 Thanks @​WaterWhisperer! - Fixed an issue reported in #​10708: the GitLab reporter now handles --verbose diagnostics filtering correctly.

  • #​10281 0efe244 Thanks @​Zelys-DFKH! - Fixed a bug where GritQL patterns rejected positional (unkeyed) arguments.

  • #​10758 e36fd8a Thanks @​henrybrewer00-dotcom! - Fixed #​10697: The formatter no longer removes the parentheses around an await or yield expression used as the target of a TypeScript instantiation expression. For example, (await makeFactory)<Value> is no longer reformatted to await makeFactory<Value>, which would change the meaning of the code.

  • #​10586 3617094 Thanks @​IxxyDev! - Fixed #​9568: noFloatingPromises no longer reports a false positive when calling an overloaded function and the selected overload does not return a promise.

    function bestEffort(cb: () => Promise<number>): Promise<number>;
    function bestEffort(cb: () => number): number;
    function bestEffort(
      cb: () => number | Promise<number>,
    ): Promise<number> | number {
      return cb() as Promise<number> | number;
    }
    
    // This resolves to the second overload, which returns `number`, so it is no
    // longer flagged as a floating promise.
    bestEffort(() => 42);
  • #​10766 7aff4c1 Thanks @​JamBalaya56562! - Fixed #​2862: noInteractiveElementToNoninteractiveRole no longer reports custom elements (a tag name containing a dash, e.g. <my-button role="img" />). Per the W3C HTML-ARIA specification, a custom element may be given any role or none.

  • #​10680 771daa4 Thanks @​WaterWhisperer! - Fixed #​10635: Biome now recognizes chained
    table tests such as test.concurrent.each() and it.concurrent.each() as test calls, fixing
    noMisplacedAssertion false positives and improving formatting for those test declarations.

  • #​10759 34570b5 Thanks @​henrybrewer00-dotcom! - Fixed #​10636: noStaticElementInteractions no longer reports a false positive for event handlers on Svelte special elements such as <svelte:window>, <svelte:document>, and <svelte:body>. These are not real DOM elements, so they are now ignored by the rule.

  • #​10741 bd2364e Thanks @​JamBalaya56562! - Fixed #​6686: the rage command now respects the --config-path option and the BIOME_CONFIG_PATH environment variable when loading the Biome configuration. Previously it always used the default configuration resolution and reported the configuration as Not set when no biome.json existed in the working directory.

  • #​10763 2c3e82d Thanks @​Aqu1bp! - Fixed #​10742: noSolidDestructuredProps now reports destructured props in Solid function components and JSX children.

  • #​10606 a4cc4ab Thanks @​Mokto! - Fixed false positives in noUnusedImports, noUnusedVariables, and useImportType for Svelte components that use both a <script module> and a <script> block. The two blocks compile to a single module and share a top-level scope, so a binding (import, function, or variable) declared in one block and used only in the other is no longer reported as unused.

  • #​10767 36d5aa7 Thanks @​otkrickey! - Fixed #​10754: useVueValidVBind no longer reports the Vue 3.4+ same-name shorthand as missing a value. :foo and v-bind:foo are now accepted as equivalent to :foo="foo", while v-bind, v-bind:[dynamicArg], and :[dynamicArg] without a value continue to be reported.

  • #​10775 a918af0 Thanks @​WaterWhisperer! - Fixed an issue reported in #​10708: biome rage didn't detect running Biome daemon pipes on Windows.

  • #​10730 5a2e65b Thanks @​dinocosta! - Fixed an issue where Biome was resolving the well-known Zed settings file from the wrong location on macOS and Windows.

  • #​10807 d97fffe Thanks @​ematipico! - Fixed an issue where .scss files were incorrectly analyzed when running biome check.

  • #​10672 53c6efc Thanks @​ematipico! - Fixed a bug where Biome incorrectly formatted snippets that have parsing errors.

  • #​10719 aa649b5 Thanks @​minseong0324! - Fixed useAwaitThenable false positive when awaiting a custom thenable that is not the global Promise. A value with a callable then member is now recognized as awaitable.

    interface Thenable<T> {
      then(onfulfilled: (value: T) => void): void;
    }
    declare const t: Thenable<number>;
    async function f() {
      await t;
    }
  • #​10734 4396496 Thanks @​BangDori! - Fixed #​10708: biome migrate now preserves trivia when migrating the deprecated recommended option to preset.

  • #​10683 ae31a00 Thanks @​Netail! - Fixed #​10657 #​10671 #​10661 #​10637 #​10718: HTML rules now correctly handle dynamic attributes.

  • #​10746 54e8239 Thanks @​ematipico! - Fixed an issue where noUndeclaredClasses didn't correctly detect styles defined inside the Astro directive is:global.

  • #​10770 dd1429c Thanks @​ematipico! - Improved the Biome Language Server DX by orchestrating certain operations, so that they won't block the editor during typing. This improvement is more visible in large documents.

  • #​10473 d9b5133 Thanks @​Mokto! - Improved noUnusedImports, noUnusedVariables, noUnusedFunctionParameters, and useImportType for Svelte, Vue, and Astro files (with html.experimentalFullSupportEnabled). Bindings used only in the template — including component tags, attribute interpolations, directives, bind: shorthand, and snippet parameters — are no longer reported as unused, while genuinely unused ones still are.

  • #​10796 f1b3ab2 Thanks @​ematipico! - Fixed an issue where the Biome Language Server didn't enable project or type-aware lint rules, even when they were explicitly enabled.

  • #​10746 54e8239 Thanks @​ematipico! - Fixed an issue where noUndeclaredClasses didn't detect styles declared inside HTML documents.

  • #​10774 bde945b Thanks @​pattrickrice! - Fixed #​10268 where a race condition resulted in internal errors such as: The file biome.json does not exist in the workspace.

v2.5.1

Compare Source

Patch Changes

v2.5.0

Compare Source

Minor Changes
  • #​9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
    ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
    × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
    × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
    
  • #​9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
    <div onclick="handleClick()">Click me</div>
    
    <!-- Valid: has keyboard handler -->
    <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
    
    <!-- Valid: inherently keyboard-accessible -->
    <button onclick="handleClick()">Submit</button>
  • #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
    <html>
      <head>
        <style>
          .button {
            color: blue;
          }
        </style>
      </head>
      <body>
        <div class="button typo"></div>
      </body>
    </html>
  • #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

    /* styles.css — .ghost is never used in any importing file */
    .button {
      color: blue;
    }
    .ghost {
      color: red;
    }
    /* App.jsx */
    import "./styles.css";
    export default () => <div className="button" />;
  • #​9546 6567efa Thanks @​nhedger! - Added a biome upgrade command for standalone installations. It upgrades Homebrew installs with brew upgrade biome, updates manually installed binaries from the latest GitHub release, and tells npm users to upgrade with their package manager instead.

  • #​9716 [701767a](https://redire

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from skulidropek March 27, 2026 21:46
@renovate renovate Bot changed the title chore(deps): update dependency eslint-plugin-unicorn to v64 fix(deps): update all dependencies Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/all branch 9 times, most recently from e5e89f4 to 96d426f Compare April 7, 2026 16:34
@renovate renovate Bot force-pushed the renovate/all branch 12 times, most recently from 651f6b4 to 573619b Compare April 13, 2026 17:43
@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from 4059187 to e18b80b Compare April 17, 2026 22:09
@renovate renovate Bot force-pushed the renovate/all branch 15 times, most recently from ed8aaaf to 195b515 Compare May 11, 2026 18:02
@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from 0af92ca to 5784ad7 Compare May 14, 2026 12:27
@coderabbitai

coderabbitai Bot commented May 14, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Upgrade CI and workspace toolchain: pnpm/action-setup → v6, Node runtime bumped in dependency workflow, workspace packageManager → pnpm@11.1.2, and multiple runtime/dev dependency version bumps across app and template packages.

Changes

Dependency and Toolchain Upgrade

Layer / File(s) Summary
GitHub Actions versions
.github/actions/setup/action.yml, .github/workflows/checking-dependencies.yml
Updated pnpm/action-setup from @v5 to @v6 and bumped Node.js runtime to 24.15.0 in the dependency check workflow.
Workspace pnpm version alignment
package.json, packages/app/package.json
Updated packageManager from pnpm@10.33.0 to pnpm@11.1.2 across root and packages/app; root devDependencies also bumped.
Application package dependencies
packages/app/package.json
Bumped Effect ecosystem (@effect/*, effect) and numerous devDependencies (Biome, ESLint, @typescript-eslint, Vitest, Vite, tooling).
Template package dependencies
packages/eslint-template/package.json
Updated runtime (@effect/platform, @typescript-eslint/utils, effect) and broad devDependencies (Biome, Changesets, @typescript-eslint, Vitest, ESLint plugins, ts-morph, TypeScript, Vite).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

Poem

🐰 I hopped through package trees tonight,

nudged pnpm and actions to shine bright,
lint and tests got spruced and primed,
CI woke up on bumped Node time,
carrot-toast for every updated line.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title accurately summarizes the broad dependency updates across packages, workflows, and package managers.
Description check ✅ Passed The description is clearly about the same dependency and tooling updates shown in the changeset.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/all

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
package.json (1)

51-53: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Remove or update the patch version in patchedDependencies to match the installed version.

The patchedDependencies entry references @typescript-eslint/eslint-plugin@8.57.2, but the installed version is 8.59.3 (as shown in the lockfile and package.json). This version mismatch prevents the patch from being applied. Since 8.59.3 was released after the patch was created and the underlying optional chaining fix was already included in an earlier release, the patch is likely obsolete. Either update the key to @typescript-eslint/eslint-plugin@8.59.3 if the patch is still needed, or remove it if the issue is already resolved in 8.59.3.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 51 - 53, The patchedDependencies entry for
"@typescript-eslint/eslint-plugin@8.57.2" in package.json doesn't match the
installed version (8.59.3) so the patch won't apply; open package.json, locate
the "patchedDependencies" object and either (a) update the key to
"@typescript-eslint/eslint-plugin@8.59.3" if the patch is still required and
ensure the corresponding patch file exists, or (b) remove the
"@typescript-eslint/eslint-plugin@..." entry entirely if the upstream release
already contains the fix (preferred if the optional chaining issue is resolved).
♻️ Duplicate comments (1)
packages/app/package.json (1)

55-86: ⚠️ Potential issue | 🟠 Major

Same major version bumps as eslint-template package.

This package includes the same major version bumps flagged in packages/eslint-template/package.json:

  • ts-morph 27 → 28 (line 80)
  • eslint-plugin-simple-import-sort 12 → 13 (line 73)
  • eslint-plugin-unicorn 63 → 64 (line 76)

Please ensure the verification for those breaking changes applies to this package as well.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/app/package.json` around lines 55 - 86, The same major-version
upgrades flagged for the eslint-template package also affect this package:
update verification for the dependencies ts-morph,
eslint-plugin-simple-import-sort, and eslint-plugin-unicorn in packages/app by
running the identical compatibility checks you ran for eslint-template (exercise
unit tests, linting, build, and any dedicated migration/compat scripts) and
address any API or config changes uncovered; ensure package lock/lockfile is
updated and any fixes or code changes required for the ts-morph 27→28,
eslint-plugin-simple-import-sort 12→13, and eslint-plugin-unicorn 63→64 upgrades
are applied here as well.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 6: The package.json currently pins "packageManager": "pnpm@11.1.2" but
the repo must be migrated to pnpm v11 config changes: run the pnpm v10→v11
codemod to move settings from the "pnpm" field in package.json and any .npmrc
entries into a new pnpm-workspace.yaml (use camelCase keys), replace any
npm_config_* env usages with pnpm_config_*, stop using pnpm link --global (use
pnpm add -g), convert build-related settings (neverBuiltDependencies,
ignoreDepScripts, etc.) into the allowBuilds map, verify Node engine
compatibility (v18–v21 removed, ensure pure ESM readiness), and confirm global
install path expectations (pnpmHomeDir/global/v11/{hash}); update packageManager
value only after these migrations and verify CI/environment variables and
workspace config are correct.

In `@packages/eslint-template/package.json`:
- Line 33: The package.json now pins "eslint-plugin-simple-import-sort" to
^13.0.0 which enforces deterministic ordering when the same module is imported
multiple times with different styles; search the codebase for modules imported
more than once using different styles (namespace imports like import * as X,
default imports like import X, and named imports like import {a}) and
consolidate them into a single consistent import per source (e.g., combine
default and named into one line or convert namespace to named/default as
appropriate) so autofix no longer changes ordering unexpectedly; update any
files referencing the same source in multiple import statements (look for
occurrences of the module names flagged by the linter) to use a single unified
import form.

---

Outside diff comments:
In `@package.json`:
- Around line 51-53: The patchedDependencies entry for
"@typescript-eslint/eslint-plugin@8.57.2" in package.json doesn't match the
installed version (8.59.3) so the patch won't apply; open package.json, locate
the "patchedDependencies" object and either (a) update the key to
"@typescript-eslint/eslint-plugin@8.59.3" if the patch is still required and
ensure the corresponding patch file exists, or (b) remove the
"@typescript-eslint/eslint-plugin@..." entry entirely if the upstream release
already contains the fix (preferred if the optional chaining issue is resolved).

---

Duplicate comments:
In `@packages/app/package.json`:
- Around line 55-86: The same major-version upgrades flagged for the
eslint-template package also affect this package: update verification for the
dependencies ts-morph, eslint-plugin-simple-import-sort, and
eslint-plugin-unicorn in packages/app by running the identical compatibility
checks you ran for eslint-template (exercise unit tests, linting, build, and any
dedicated migration/compat scripts) and address any API or config changes
uncovered; ensure package lock/lockfile is updated and any fixes or code changes
required for the ts-morph 27→28, eslint-plugin-simple-import-sort 12→13, and
eslint-plugin-unicorn 63→64 upgrades are applied here as well.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: db3c2e88-f3f6-4ca6-8964-0ab35e5ab234

📥 Commits

Reviewing files that changed from the base of the PR and between e03feb6 and 5784ad7.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (5)
  • .github/actions/setup/action.yml
  • .github/workflows/checking-dependencies.yml
  • package.json
  • packages/app/package.json
  • packages/eslint-template/package.json

Comment thread package.json Outdated
"private": true,
"description": "Monorepo workspace for effect-template",
"packageManager": "pnpm@10.33.0",
"packageManager": "pnpm@11.1.2",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

What are the breaking changes in pnpm 11 compared to pnpm 10?

💡 Result:

The breaking changes in pnpm 11 compared to pnpm 10, as detailed in the official migration guide and release notes, are primarily around configuration handling, command behaviors, and removed features. Here's a complete list: Configuration changes [1][2][3]: - pnpm no longer reads settings from the pnpm field in package.json; move them to pnpm-workspace.yaml [1][2][3]. - .npmrc now only reads auth and registry settings; all other settings (e.g., hoist-pattern, node-linker, save-exact) must be moved to pnpm-workspace.yaml using camelCase keys [1][2][3]. - npm_config_* environment variables are no longer read; use pnpm_config_* instead [1][2][3]. - pnpm no longer reads npm's global config at $PREFIX/etc/npmrc [3]. - Package manager strictness settings (managePackageManagerVersions, packageManagerStrict, packageManagerStrictVersion) collapsed into pmOnFail: download | ignore | warn | error [1]. - allowNonAppliedPatches renamed to allowUnusedPatches; auditConfig.ignoreCves to auditConfig.ignoreGhsas (requires manual CVE to GHSA conversion) [1][2]. Command and behavior changes [1][2][3]: - pnpm link no longer resolves from global store; use relative/absolute paths (e.g., pnpm link ./foo). Removed --global flag (use pnpm add -g .) and pnpm link with no args [1][3]. - pnpm install -g (no args) unsupported; use pnpm add -g <pkg> [1]. - pnpm server command removed [1][2]. - Script names like clean, setup, deploy, rebuild now shadow built-in commands; use pnpm pm <command> to force built-ins [1]. - Removed npm CLI fallback: commands like access, bugs, docs, edit, home, issues, owner, ping, prefix, profile, pkg, search, set-script, team, token, unstar, whoami, xmas (and aliases) now throw errors; many reimplemented natively [2][3]. - Global installs (pnpm add -g) now use isolated directories in {pnpmHomeDir}/global/v11/{hash}/ to prevent interference [3]. - Globally installed binaries now in bin/ subdirectory of PNPM_HOME [3]. Removed/deprecated features [2][3]: - Deprecated build dependency settings removed: onlyBuiltDependencies, onlyBuiltDependenciesFile, neverBuiltDependencies, ignoredBuiltDependencies, ignoreDepScripts. Use allowBuilds map instead [2][3]. - Removed support for useNodeVersion, Env.nodeVersion, pnpmfile [2]. Other [1][2][3]: - Bumps packageManager in package.json to pnpm v11 version [1]. - Default changes: optimisticRepeatInstall: true, verifyDepsBeforeRun: install, minimumReleaseAge: 1440 (1 day), minimumReleaseAgeStrict: false [2]. - Drops Node.js 18-21 support; now pure ESM; standalone exe requires glibc 2.27+ [3]. A codemod is available to automate many config migrations [4]. pnpm prints a pointer to the migration guide on pnpm self-update from v10 [1].

Citations:


Review pnpm 11 migration guide and update configuration accordingly.

pnpm 11 introduces breaking changes requiring configuration updates:

  • Settings in the pnpm field in package.json and .npmrc must migrate to pnpm-workspace.yaml with camelCase keys
  • npm_config_* environment variables replaced with pnpm_config_*
  • pnpm link --global removed; use pnpm add -g <pkg> instead
  • Build dependency settings (neverBuiltDependencies, ignoreDepScripts, etc.) replaced with allowBuilds map
  • Node.js 18-21 support dropped; now pure ESM
  • Global installs now use isolated directories at {pnpmHomeDir}/global/v11/{hash}/

Use the pnpm codemod to automate most config migrations, then verify all settings are correctly moved to pnpm-workspace.yaml.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 6, The package.json currently pins "packageManager":
"pnpm@11.1.2" but the repo must be migrated to pnpm v11 config changes: run the
pnpm v10→v11 codemod to move settings from the "pnpm" field in package.json and
any .npmrc entries into a new pnpm-workspace.yaml (use camelCase keys), replace
any npm_config_* env usages with pnpm_config_*, stop using pnpm link --global
(use pnpm add -g), convert build-related settings (neverBuiltDependencies,
ignoreDepScripts, etc.) into the allowBuilds map, verify Node engine
compatibility (v18–v21 removed, ensure pure ESM readiness), and confirm global
install path expectations (pnpmHomeDir/global/v11/{hash}); update packageManager
value only after these migrations and verify CI/environment variables and
workspace config are correct.

Comment thread packages/eslint-template/package.json
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 2a1dd99 to 845acb7 Compare May 16, 2026 05:28

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
package.json (1)

6-6: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

pnpm v11 bump needs config migration validation before merge.

Line 6 upgrades to pnpm@11.1.2, but this file still contains legacy pnpm config keys (Lines 42 and 46) that may no longer behave as intended under v11. Please validate and migrate config to the v11-supported shape before releasing.

#!/bin/bash
set -euo pipefail

echo "1) Locate workspace-level pnpm config files"
fd -HI '^pnpm-workspace\.yaml$' .
fd -HI '^\.npmrc$' .

echo
echo "2) Find deprecated/legacy pnpm keys and any new allowBuilds usage"
rg -n --hidden --glob '!.git' '"(ignoredBuiltDependencies|onlyBuiltDependencies|neverBuiltDependencies|ignoreDepScripts|allowBuilds)"'

echo
echo "3) Find packageManager pin and pnpm config blocks"
rg -n --hidden --glob '!.git' '"packageManager"\s*:|^\s*"pnpm"\s*:'

echo
echo "4) Check env var usage needing pnpm v11 migration"
rg -n --hidden --glob '!.git' '\bnpm_config_[A-Za-z0-9_]+\b|\bpnpm_config_[A-Za-z0-9_]+\b'

echo
echo "5) Check for removed global-link patterns"
rg -n --hidden --glob '!.git' 'pnpm\s+link(\s+--global|\s+-g|\s*$)'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 6, The packageManager bump to "pnpm@11.1.2" requires
validating and migrating legacy pnpm config keys (e.g.,
ignoredBuiltDependencies, onlyBuiltDependencies, neverBuiltDependencies,
ignoreDepScripts, allowBuilds) before merge; inspect and update workspace-level
pnpm config (pnpm-workspace.yaml) and project .npmrc entries to the
v11-supported shape, replace/deprecate old env var usages
(npm_config_*/pnpm_config_*), remove any deprecated global link patterns (pnpm
link --global/-g), and ensure the packageManager pin remains correct; run the
provided shell checks (search for pnpm-workspace.yaml, .npmrc, the legacy keys,
packageManager/pnpm blocks, and env var patterns) and apply migrations so the
repo config matches pnpm v11 expectations.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Line 6: The packageManager bump to "pnpm@11.1.2" requires validating and
migrating legacy pnpm config keys (e.g., ignoredBuiltDependencies,
onlyBuiltDependencies, neverBuiltDependencies, ignoreDepScripts, allowBuilds)
before merge; inspect and update workspace-level pnpm config
(pnpm-workspace.yaml) and project .npmrc entries to the v11-supported shape,
replace/deprecate old env var usages (npm_config_*/pnpm_config_*), remove any
deprecated global link patterns (pnpm link --global/-g), and ensure the
packageManager pin remains correct; run the provided shell checks (search for
pnpm-workspace.yaml, .npmrc, the legacy keys, packageManager/pnpm blocks, and
env var patterns) and apply migrations so the repo config matches pnpm v11
expectations.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e766f135-c608-4b3a-b538-99c7494d15cb

📥 Commits

Reviewing files that changed from the base of the PR and between 2a1dd99 and 845acb7.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (5)
  • .github/actions/setup/action.yml
  • .github/workflows/checking-dependencies.yml
  • package.json
  • packages/app/package.json
  • packages/eslint-template/package.json
✅ Files skipped from review due to trivial changes (3)
  • .github/workflows/checking-dependencies.yml
  • .github/actions/setup/action.yml
  • packages/eslint-template/package.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/app/package.json

@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 980a33b to bed89b0 Compare May 20, 2026 05:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant