perf: update dependencies 20260327

[weaponsforge]

Summary

• Maintenance: update dependencies to latest non-breaking versions.
• Maintenance: defer updating (eslint, typesript, zod) dependencies with breaking changes from major versions after they can be properly synced. Run npm run audit for now to fix critical vulnerabilities while ensuring the following still works:
  • App builds successfully
  • All unit tests pass
• Docs: update wordings and text

Type of Change

• Documentation
• Other (please describe):

Checklist

• I have read the CONTRIBUTING.md
• I have tested my changes locally

Library Updates

Library	Old	New
ejs	4.0.1	5.0.1
nodemailer	8.0.1	8.0.4
sanitize-html	2.17.1	2.17.2
@types/node	25.3.0	25.5.0
@types/sanitize-html	2.16.0	2.16.1
esbuild	0.27.3	0.27.4
globals	17.3.0	17.4.0
@vitest/coverage-v8	4.0.18	(defer update)
@vitest/ui	4.0.18	(defer update)
eslint	10.0.2	(defer update)
typescript	5.9.3	(defer update)
typescript-eslint	8.56.1	(defer update)
vitest	4.0.18	(defer update)
zod	3.24.2	(defer update)

Summary by CodeRabbit

• Documentation

  • Updated npm recommendation to 11.6.1 and clarified install/config steps (including cd into app and .env requirement)
  • Expanded CLI help text and clarified WYSIWYG notes to mention inline CSS support
  • Added contributor guidance for feature requests and bug report expectations
  • Minor edits to coding style and README wording

• Bug Fixes

  • Improved sender fallback behavior for outgoing emails when primary value is unset

• Chores

  • Bumped package version and updated dependency ranges

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation, templates, and CLI metadata were updated; package versions were bumped; the email sender fallback from address was changed to use GOOGLE_USER_EMAIL instead of USER_EMAIL; minor issue-template formatting and contributing guidance were added.

Changes

Cohort / File(s)	Summary
Documentation & Templates README.md, CONTRIBUTING.md, docs/CODING_STYLE.md, docs/README_NPM.md, .github/ISSUE_TEMPLATE/bug_report.yml	Updated npm recommendation (10.9.2 → 11.6.1), added cd app to quickstart, clarified Docker/tsx wording, refined CLI help text descriptions, added contributing presubmission NOTE, adjusted repo path references, added .env requirement, and removed backticks in bug report "To Reproduce" placeholder.
Dependencies app/package.json	Bumped package version (1.2.4 → 1.2.5) and updated dependency ranges: ejs → ^5.0.1, nodemailer → ^8.0.4, sanitize-html → ^2.17.2, and dev tooling (@types/node, @types/sanitize-html, esbuild, globals).
Email Sender Logic app/src/lib/email/sender.ts	Changed Nodemailer from fallback to process.env.GOOGLE_USER_EMAIL instead of process.env.USER_EMAIL.
CLI Metadata app/src/scripts/cli/lib/meta.ts	Adjusted CONTENT_HTML description (removed an extra word) and expanded CONTENT_WYSIWYG description to note support for inline CSS styles.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: send a styled HTML email #35: Also modifies app/src/lib/email/sender.ts — related changes to the sender implementation and payload handling.
• feat: add community health files #51: Edits .github/ISSUE_TEMPLATE/bug_report.yml — overlaps with the template formatting change.
• feat: npm script for sending email message from cli #32: Touches both CLI metadata (app/src/scripts/cli/lib/meta.ts) and app/src/lib/email/sender.ts, overlapping with this PR's edits.

Poem

🐰
Hop, hop — I tidy the traces,
bump the versions and tidy the places.
From USER to GOOGLE the header will flow,
docs polished and CLI now shows.
Tiny hops, big clarity — onward we go! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title mentions 'update dependencies and node version' but the PR doesn't actually update the Node version—only npm version was updated from 10.9.2 to 11.6.1. The title is partially related but somewhat misleading about the primary scope.	Clarify the title to accurately reflect the changes: consider 'perf: update dependencies and npm version' or 'perf: update dependencies' if Node version wasn't updated. The date suffix '20260327' adds noise without meaningful context.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch perf/update-dependencies-20260327

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

README.md (1)

52-60: ⚠️ Potential issue | 🟡 Minor

Documentation version mismatch with package.json.

Same issue as in docs/README_NPM.md — the documented library versions don't match the updated app/package.json:

• nodemailer: documented as v8.0.1, actual is ^8.0.4
• sanitize-html: documented as v2.17.1, actual is ^2.17.2
• ejs: documented as v4.0.1, actual is ^5.0.1

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 52 - 60, Update the documented dependency versions in
README.md to match app/package.json: change the nodemailer entry from v8.0.1 to
^8.0.4, sanitize-html from v2.17.1 to ^2.17.2, and ejs from v4.0.1 to ^5.0.1 so
the list in README.md stays in sync with the actual dependencies.

docs/README_NPM.md (1)

44-49: ⚠️ Potential issue | 🟡 Minor

Documentation version mismatch with package.json.

The documented library versions are outdated compared to app/package.json:

• nodemailer: documented as v8.0.1, actual is ^8.0.4
• sanitize-html: documented as v2.17.1, actual is ^2.17.2
• ejs: documented as v4.0.1, actual is ^5.0.1

Consider updating these to match the current versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/README_NPM.md` around lines 44 - 49, Update the documented dependency
versions in README_NPM.md so they match the actual versions in app/package.json:
change the entry for nodemailer to ^8.0.4, sanitize-html to ^2.17.2, and ejs to
^5.0.1 (update the list items referencing nodemailer, sanitize-html, and ejs to
reflect these exact version strings).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CONTRIBUTING.md`:
- Around line 5-16: The blockquote line starting with the marker "[!NOTE]" has
extra spaces after the '>' (MD027); edit that Markdown blockquote so there is
only a single space after the '>' (e.g., collapse any double spaces to one) for
the line containing "[!NOTE]" and ensure other blockquote lines in that same
section follow the same single-space formatting.

---

Outside diff comments:
In `@docs/README_NPM.md`:
- Around line 44-49: Update the documented dependency versions in README_NPM.md
so they match the actual versions in app/package.json: change the entry for
nodemailer to ^8.0.4, sanitize-html to ^2.17.2, and ejs to ^5.0.1 (update the
list items referencing nodemailer, sanitize-html, and ejs to reflect these exact
version strings).

In `@README.md`:
- Around line 52-60: Update the documented dependency versions in README.md to
match app/package.json: change the nodemailer entry from v8.0.1 to ^8.0.4,
sanitize-html from v2.17.1 to ^2.17.2, and ejs from v4.0.1 to ^5.0.1 so the list
in README.md stays in sync with the actual dependencies.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 100d0bce-f8ce-45fd-ab3c-e5753cd229eb

📥 Commits

Reviewing files that changed from the base of the PR and between c5724a2 and 1419b29.

⛔ Files ignored due to path filters (1)

• app/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (8)

• .github/ISSUE_TEMPLATE/bug_report.yml
• CONTRIBUTING.md
• README.md
• app/package.json
• app/src/lib/email/sender.ts
• app/src/scripts/cli/lib/meta.ts
• docs/CODING_STYLE.md
• docs/README_NPM.md

[github-actions]

Test Results

29 tests  ±0   29 ✅ ±0   30s ⏱️ -1s
 6 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit 57df306. ± Comparison against base commit c5724a2.