Skip to content

chore(deps): batch dependency updates#1098

Open
beeman wants to merge 1 commit into
mainfrom
beeman/combined-dependency-updates
Open

chore(deps): batch dependency updates#1098
beeman wants to merge 1 commit into
mainfrom
beeman/combined-dependency-updates

Conversation

@beeman

@beeman beeman commented May 24, 2026

Copy link
Copy Markdown
Member

Update root catalog and direct dependency versions across the workspace.

Refresh bun.lock and align turbo.json schema URL with turbo 2.9.14.


Open in Devin Review

Summary by CodeRabbit

  • Chores
    • Updated build tooling and core dependencies across the project (frameworks, frontend toolchain, testing, and developer utilities) to newer stable versions.
    • Upgraded site and web tooling, localization libraries, date handling, and extension messaging packages.
    • Bumped monorepo schema for improved compatibility and tooling support.

Review Change Stack

@coderabbitai

coderabbitai Bot commented May 24, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: cdca0f97-fb69-46ce-819d-12637e4b94bf

📥 Commits

Reviewing files that changed from the base of the PR and between 39485cd and 498e2a3.

⛔ Files ignored due to path filters (1)
  • bun.lock is excluded by !**/*.lock
📒 Files selected for processing (7)
  • apps/site/package.json
  • apps/web/package.json
  • package.json
  • packages/background/package.json
  • packages/i18n/package.json
  • packages/ui/package.json
  • turbo.json
✅ Files skipped from review due to trivial changes (3)
  • packages/background/package.json
  • turbo.json
  • packages/ui/package.json

📝 Walkthrough

Walkthrough

This PR updates dependency versions across the monorepo: app-level packages (Astro, Cloudflare Vite plugin), the root catalog and devDependencies, internal package deps (background, i18n, ui), and the Turborepo schema reference.

Changes

Monorepo Dependency and Tooling Updates

Layer / File(s) Summary
Root and internal package dependency updates
package.json, packages/background/package.json, packages/i18n/package.json, packages/ui/package.json
Root catalog and devDependencies bumped (React ecosystem, tooling, TanStack Query persistence, TypeScript, Vitest, Vite, etc.). Internal packages: @webext-core/messaging 2.3.0→3.0.1, i18next suite bumped, date-fns 4.1.0→4.2.1.
App-level dependency updates
apps/site/package.json, apps/web/package.json
astro 6.3.1→6.3.5 in apps/site; @cloudflare/vite-plugin 1.36.3→1.37.2 in apps/web.
Turborepo schema
turbo.json
$schema reference updated from v2-9-12 to v2-9-14.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

Suggested labels

dependencies, javascript

Poem

🐰 I hopped through manifests, tidy and spry,
Bumped versions politely, gave old pins a try.
Catalogs aligned, the schema refreshed—
A gentle update, neatly enmeshed.
🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description explains the changes but does not follow the template structure with required sections like linked issue, screenshots, and completion checklist. Add a linked issue reference (Closes #), include the standard checklist items, and follow the template structure more closely for consistency.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: batch dependency updates across the workspace with appropriate chore scope.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch beeman/combined-dependency-updates

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security

socket-security Bot commented May 24, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​types/​bun@​1.3.13 ⏵ 1.3.141001004993 +1100
Updated@​commitlint/​types@​21.0.0 ⏵ 21.0.1100 +110067 +193100
Updated@​tanstack/​react-query-persist-client@​5.100.9 ⏵ 5.100.111001006899100
Updated@​tanstack/​query-async-storage-persister@​5.100.9 ⏵ 5.100.111001006999100
Updatedpkg-pr-new@​0.0.71 ⏵ 0.0.75100 +11007097100
Updated@​commitlint/​cli@​21.0.0 ⏵ 21.0.11001007396 -1100
Updatedvitest@​4.1.5 ⏵ 4.1.696 +110079 +199100
Updatedreact-router@​7.14.2 ⏵ 7.15.180 +110079 +196100
Updatedlucide-react@​1.14.0 ⏵ 1.16.0100 +110098 +19580
Updatedplaywright@​1.59.1 ⏵ 1.60.0100 +11001009980 -19
Added@​types/​node@​25.9.01001008196100
Updated@​webext-core/​messaging@​2.3.0 ⏵ 3.0.198 +210084 +189 +9100
Updatedtailwindcss@​4.2.4 ⏵ 4.3.01001008498100
Updatedreact@​19.2.5 ⏵ 19.2.61001008496100
Updatedturbo@​2.9.12 ⏵ 2.9.14100 +1100 +38597100
Updated@​turbo/​gen@​2.9.12 ⏵ 2.9.14100 +110085 +196100
Updatedtailwind-merge@​3.5.0 ⏵ 3.6.0100 +110086 +195100
Updated@​cloudflare/​vite-plugin@​1.36.3 ⏵ 1.37.2100 +110087 +1100100
Updated@​tanstack/​react-query@​5.100.9 ⏵ 5.100.11991008899100
Updatedastro@​6.3.1 ⏵ 6.3.58810088 +198 +1100
Updated@​solana/​react@​6.8.0 ⏵ 6.9.08810010096100
Updateddate-fns@​4.1.0 ⏵ 4.2.188 -910092 +190 +2100
Updated@​base-ui/​react@​1.4.1 ⏵ 1.5.090 +1610089 +195100
Updated@​tailwindcss/​vite@​4.2.4 ⏵ 4.3.0100 +110090 +198100
Updated@​wxt-dev/​browser@​0.1.40 ⏵ 0.1.42100 +110090 +194 +3100
Addedtypescript@​6.0.3100100909690
Updatedwrangler@​4.90.0 ⏵ 4.93.099 +110092 +196100
Addedi18next@​26.2.0991009296100
Updatedreact-dom@​19.2.5 ⏵ 19.2.61001009296100
Updatedwxt@​0.20.25 ⏵ 0.20.2697 +110093 +195 +2100
Updatedi18next-cli@​1.56.12 ⏵ 1.58.09410010098100
Updatedlefthook@​2.1.6 ⏵ 2.1.899 +810010094100
Updated@​commitlint/​config-conventional@​21.0.0 ⏵ 21.0.110010010095 -1100
See 8 more rows in the dashboard

View full report

@socket-security

socket-security Bot commented May 24, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm astro is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: apps/site/package.jsonnpm/astro@6.3.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/astro@6.3.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm date-fns is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/ui/package.jsonnpm/date-fns@4.2.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/date-fns@4.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

View 3 additional findings in Devin Review.

Open in Devin Review

Comment thread package.json Outdated
"@types/react": "19.2.14",
"@types/react-dom": "19.2.3",
"@vitejs/plugin-react": "5.2.0",
"@vitejs/plugin-react": "6.0.2",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 babel option passed to @vitejs/plugin-react v6 which no longer bundles Babel

The catalog bumps @vitejs/plugin-react from 5.2.0 to 6.0.2 (a major version). The lockfile confirms v6 dropped @babel/core as a dependency — it now only depends on @rolldown/pluginutils, with @rolldown/plugin-babel as an optional peer for Babel support. However, the existing configs at packages/config-vite/src/index.ts:11-14 and examples/basic/vite.config.ts:9-12 pass { babel: { plugins: ['babel-plugin-react-compiler'] } } to the react() function — an option that was specific to v5's bundled Babel pipeline. In v6, this option is likely either silently ignored (causing React Compiler to not be applied, a silent functionality regression) or causes a runtime error during build. The babel-plugin-react-compiler is now an optional peer dependency of v6 and may need a different integration mechanism (e.g., auto-detection or @rolldown/plugin-babel).

Prompt for agents
The @vitejs/plugin-react was bumped from v5 to v6, which is a major version change. The lockfile shows v6 no longer depends on @babel/core (v5 did), and instead has @rolldown/plugin-babel as an optional peer dependency. The codebase passes a babel config option to the react() plugin in packages/config-vite/src/index.ts and examples/basic/vite.config.ts, which was a v5-specific API.

To fix this:
1. Check the @vitejs/plugin-react v6 migration guide / changelog for how to configure React Compiler.
2. In v6, babel-plugin-react-compiler is an optional peer dependency - it may be auto-detected when installed, or may require @rolldown/plugin-babel to be installed and configured differently.
3. Update packages/config-vite/src/index.ts, examples/basic/vite.config.ts, and apps/extension/wxt.config.ts (though the extension uses wxt-dev/module-react which pins its own v5.1.1 of plugin-react, so it may not be affected).
4. Verify React Compiler is actually being applied after the migration by checking build output or bundle size.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented May 24, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
samui-wallet-web 498e2a3 Commit Preview URL

Branch Preview URL
May 24 2026, 05:04 PM

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 586c07c6b2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread package.json
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented May 24, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
samui-wallet-api 498e2a3 Commit Preview URL

Branch Preview URL
May 24 2026, 05:03 PM

@beeman beeman force-pushed the beeman/combined-dependency-updates branch from 586c07c to 39485cd Compare May 24, 2026 16:49
@bundlemon

bundlemon Bot commented May 24, 2026

Copy link
Copy Markdown

BundleMon

Files added (3)
Status Path Size Limits
apps/extension/.output/chrome-mv3/chunks/deri
ve-(hash).js
+34.24KB -
apps/extension/.output/chrome-mv3/chunks/sepa
rator-(hash).js
+775B -
apps/extension/.output/chrome-mv3/chunks/dist
-(hash).js
+183B -
Files removed (3)
Status Path Size Limits
apps/extension/.output/chrome-mv3/chunks/inde
x.browser-(hash).js
-4.65KB -
apps/extension/.output/chrome-mv3/chunks/useQ
uery-(hash).js
-3.12KB -
apps/extension/.output/chrome-mv3/chunks/inde
x-(hash).js
-173B -
Files updated (31)
Status Path Size Limits
apps/extension/.output/chrome-mv3/chunks/clie
nt-(hash).js
281.08KB (+5.22KB +1.89%) -
apps/web/dist/assets/index.browser-(hash).js
4.65KB (+3.83KB +469.82%) -
apps/extension/.output/chrome-mv3/chunks/cons
tants-(hash).js
3.99KB (+391B +10.6%) -
apps/web/dist/assets/index-(hash).js
300.79KB (+222B +0.07%) -
apps/web/dist/assets/form-(hash).js
13.37KB (+212B +1.57%) -
apps/extension/.output/chrome-mv3/chunks/expl
orer-(hash).js
1.57KB (+55B +3.54%) -
apps/extension/.output/chrome-mv3/chunks/butt
on-(hash).js
614B (+38B +6.6%) -
apps/extension/.output/chrome-mv3/chunks/drop
down-(hash).js
2.19KB (+36B +1.63%) -
apps/extension/.output/chrome-mv3/chunks/requ
est-(hash).js
2.89KB (+26B +0.89%) -
apps/extension/.output/chrome-mv3/chunks/popu
p-(hash).js
223B (+23B +11.5%) -
apps/extension/.output/chrome-mv3/chunks/side
panel-(hash).js
225B (+22B +10.84%) -
apps/extension/.output/chrome-mv3/chunks/ui-(
hash).js
546B (+20B +3.8%) -
apps/extension/.output/chrome-mv3/chunks/tabl
e-(hash).js
613B (+18B +3.03%) -
apps/extension/.output/chrome-mv3/chunks/text
area-(hash).js
513B (+16B +3.22%) -
apps/extension/.output/chrome-mv3/chunks/dev-
(hash).js
289B (+13B +4.71%) -
apps/extension/.output/chrome-mv3/chunks/use-
(hash).js
237B (+11B +4.87%) -
apps/extension/.output/chrome-mv3/chunks/sol-
(hash).js
134B (-14B -9.46%) -
apps/extension/.output/chrome-mv3/chunks/stan
dard-(hash).js
633B (-18B -2.76%) -
apps/extension/.output/chrome-mv3/chunks/onbo
arding-(hash).js
5.82KB (-19B -0.32%) -
apps/extension/.output/chrome-mv3/chunks/book
mark-(hash).js
526B (-28B -5.05%) -
apps/extension/.output/chrome-mv3/chunks/port
folio-(hash).js
2.65KB (-41B -1.49%) -
apps/extension/.output/chrome-mv3/chunks/sett
ings-(hash).js
26.04KB (-51B -0.19%) -
apps/extension/.output/chrome-mv3/chunks/tool
s-(hash).js
1.78KB (-67B -3.54%) -
apps/extension/.output/chrome-mv3/assets/vani
ty-(hash).js
2.72KB (-73B -2.56%) -
apps/web/dist/assets/combobox-(hash).js
45.6KB (-146B -0.31%) -
apps/extension/.output/chrome-mv3/chunks/sele
ct-(hash).js
8.3KB (-248B -2.83%) -
apps/extension/.output/chrome-mv3/chunks/form
-(hash).js
12.84KB (-333B -2.47%) -
apps/extension/.output/chrome-mv3/chunks/send
-(hash).js
2.1KB (-361B -14.35%) -
apps/extension/.output/chrome-mv3/chunks/comb
obox-(hash).js
44.17KB (-1.57KB -3.42%) -
apps/extension/.output/chrome-mv3/chunks/crea
te-(hash).js
226B (-4.34KB -95.16%) -
apps/extension/.output/chrome-mv3/chunks/togg
le-(hash).js
2.73KB (-24.86KB -90.11%) -
Unchanged files (41)
Status Path Size Limits
apps/web/dist/assets/toggle-(hash).js
27.61KB -
apps/web/dist/assets/settings-(hash).js
26.08KB -
apps/web/dist/assets/select-(hash).js
8.55KB -
apps/web/dist/assets/onboarding-(hash).js
5.83KB -
apps/web/dist/assets/create-(hash).js
4.55KB -
apps/web/dist/assets/constants-(hash).js
3.6KB -
apps/web/dist/assets/useQuery-(hash).js
3.12KB -
apps/web/dist/assets/request-(hash).js
2.85KB -
apps/web/dist/assets/vanity-(hash).js
2.79KB -
apps/web/dist/assets/portfolio-(hash).js
2.69KB -
apps/web/dist/assets/send-(hash).js
2.45KB -
apps/web/dist/assets/dropdown-(hash).js
2.16KB -
apps/extension/.output/chrome-mv3/chunks/chec
kbox-(hash).js
1.89KB -
apps/web/dist/assets/checkbox-(hash).js
1.89KB -
apps/web/dist/assets/tools-(hash).js
1.84KB -
apps/web/dist/assets/explorer-(hash).js
1.52KB -
apps/extension/.output/chrome-mv3/chunks/badg
e-(hash).js
778B -
apps/extension/.output/chrome-mv3/chunks/zod-
(hash).js
773B -
apps/web/dist/assets/badge-(hash).js
766B -
apps/web/dist/assets/zod-(hash).js
765B -
apps/web/dist/assets/standard-(hash).js
656B -
apps/web/dist/assets/table-(hash).js
592B -
apps/web/dist/assets/button-(hash).js
577B -
apps/web/dist/assets/bookmark-(hash).js
551B -
apps/web/dist/assets/ui-(hash).js
525B -
apps/web/dist/assets/textarea-(hash).js
495B -
apps/web/dist/assets/dev-(hash).js
276B -
apps/web/dist/assets/use-(hash).js
226B -
apps/web/dist/assets/format-(hash).js
166B -
apps/extension/.output/chrome-mv3/chunks/form
at-(hash).js
161B -
apps/web/dist/assets/sol-(hash).js
150B -
apps/web/dist/assets/ellipsify-(hash).js
145B -
apps/web/dist/assets/chevron-(hash).js
140B -
apps/web/dist/assets/stringify-(hash).js
140B -
apps/extension/.output/chrome-mv3/chunks/elli
psify-(hash).js
138B -
apps/extension/.output/chrome-mv3/chunks/stri
ngify-(hash).js
137B -
apps/web/dist/assets/toast-(hash).js
137B -
apps/extension/.output/chrome-mv3/chunks/chev
ron-(hash).js
133B -
apps/extension/.output/chrome-mv3/chunks/toas
t-(hash).js
132B -
apps/web/dist/assets/network-(hash).js
121B -
apps/extension/.output/chrome-mv3/chunks/netw
ork-(hash).js
118B -

Total files change +5.2KB +0.57%

Groups updated (2)
Status Path Size Limits
apps/web/dist/**/*-.js
584.61KB (+219B +0.04%) -
apps/extension/.output/chrome-mv3/**/*-
.js
546.59KB (-12.49KB -2.23%) -

Final result: ✅

View report in BundleMon website ➡️


Current branch size history | Target branch size history

Update root catalog and direct dependency versions across the workspace.

Refresh bun.lock and align turbo.json schema URL with turbo 2.9.14.
@beeman beeman force-pushed the beeman/combined-dependency-updates branch from 39485cd to 498e2a3 Compare May 24, 2026 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant