chore: upgrade toolchain and deps

[hanabi1224]

Summary of changes

Changes introduced in this pull request:

• fix https://github.com/ChainSafe/forest-explorer/security/dependabot/52
• fix CI by upgrading pnpm in mise to 11
• upgrade Rust toolchain
• bump npm deps
• bump Rust deps

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code
  adheres to the team's
  documentation standards,
• I have added tests that prove my fix is effective or that my feature works
  (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes
  should be reflected in this document.

Summary by CodeRabbit

• Chores
  • Updated toolchains and build tools (Rust, Node, pnpm) for newer platform compatibility.
  • Bumped core library and dev-tool versions (including runtime and bundling tools) to minor/patch releases.
  • Added workspace build allowances for certain native build tools.
  • Increased compilation recursion limit to support deeper builds.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b369dcd8-3c71-460f-bee9-037a41aa012a

📥 Commits

Reviewing files that changed from the base of the PR and between 3f5e81e and f1bb4ae.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• Cargo.toml
• mise.toml
• package.json
• pnpm-workspace.yaml
• rust-toolchain.toml
• src/lib.rs

🚧 Files skipped from review as they are similar to previous changes (3)

• rust-toolchain.toml
• pnpm-workspace.yaml
• mise.toml

---

📝 Walkthrough

Walkthrough

Updates project tooling and dependency versions: Rust toolchain to 1.95.0, Cargo dependency bumps (frc42_dispatch, fvm_shared), JavaScript tooling bumps (node/pnpm engines, pnpm, wrangler, tailwindcss), pnpm workspace allowBuilds added, and crate attribute #![recursion_limit = "1024"] added.

Changes

Dependency & Tooling Updates

Layer / File(s)	Summary
Toolchain rust-toolchain.toml	Rust channel changed from "1.92.0" to "1.95.0".
Tool versions mise.toml	pnpm changed from "10.29.3" to "11"; cargo-binstall changed from "1.17.7" to "1.19.0".
Cargo dependencies Cargo.toml	frc42_dispatch bumped "10" → "11"; fvm_shared bumped "~4.7" → "~4.8"; fvm_ipld_encoding unchanged at "0.5".
JavaScript package manifest package.json	engines.node changed ">=20" → ">=22"; engines.pnpm ">=10" → ">=11"; devDeps: tailwindcss ^3.4.17 → ^3.4.19, wrangler ^4.83.0 → ^4.86.0.
Workspace build permissions pnpm-workspace.yaml	Added allowBuilds block enabling builds for esbuild, sharp, and workerd.
Compiler attribute src/lib.rs	Added crate-level attribute #![recursion_limit = "1024"].

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• ChainSafe/forest-explorer#290: Bumps wrangler in package.json devDependencies.
• ChainSafe/forest-explorer#352: Updates rust-toolchain.toml (Rust version bump).
• ChainSafe/forest-explorer#436: Modifies mise/tooling configuration (mise.toml and related tooling).

Suggested labels

dependencies, rust, javascript

Suggested reviewers

• sudo-shashank
• LesnyRumcajs

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: upgrade toolchain and deps' accurately summarizes the main changes, which involve upgrading Rust toolchain, npm dependencies, and Rust dependencies across multiple configuration files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch hm/bump-toolchains

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 39.32%. Comparing base (78be6cb) to head (f1bb4ae).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #447   +/-   ##
=======================================
  Coverage   39.31%   39.32%           
=======================================
  Files          42       42           
  Lines        2935     2919   -16     
=======================================
- Hits         1154     1148    -6     
+ Misses       1781     1771   -10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@mise.toml`:
- Around line 3-4: mise.toml declares node = "22" and pnpm = "11" but
package.json still allows lower versions; update the package.json "engines"
field so that "node" is ">=22" and "pnpm" is ">=11" (i.e., change engines.node
and engines.pnpm to match mise.toml) to prevent mismatched runtime/tooling;
ensure any engine-related checks (e.g., engineStrict or CI scripts referencing
node/pnpm versions) remain consistent with these updated values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 10c7a1a6-a33c-4e9e-8576-7d7ac795cb45

📥 Commits

Reviewing files that changed from the base of the PR and between 78be6cb and 3f5e81e.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• Cargo.toml
• mise.toml
• package.json
• pnpm-workspace.yaml
• rust-toolchain.toml
• src/lib.rs