chore: dependabot batch 2 — web deps safe + major bumps#2178
Conversation
…, scalar 0.10 - sonner 1.7.4 → ^2.0.7 (landing/guides/admin/web-ui) — #2132, #2137 - cmdk 1.0.4 → 1.1.1 (landing/guides/web-ui) — #2136, #2142 - postcss-import 15.1.0 → ^16.1.1 (landing/guides/admin) — #2138 - @scalar/hono-api-reference 0.8.0 → ^0.10.7 (api) — #2146 tsc + biome clean with no code changes needed.
#2141 tsc clean — chart.tsx uses React.ComponentProps<typeof X> generics instead of named type imports, so v3's type renames don't affect us.
Major bump. tsc clean — icon imports in our code (Trash2, Pencil, Search, Package, Users, Moon/Sun, Backpack, Layout Dashboard, etc.) all preserved in v1. Auto-reexports work without changes.
Major bump. tsc + biome clean — resizable.tsx uses root named exports (PanelGroup, Panel, PanelResizeHandle) which v4 kept.
Major bump. tsc + biome clean. DayPicker's classNames type is permissive so v8-era keys (caption_label, day_selected, nav_button etc.) don't error at compile but will no-op at runtime — v9 renamed many keys (day_selected → selected, day_today → today, etc.). calendar.tsx components prop also changed: v8 used IconLeft/IconRight, v9 uses Chevron. Leaving as-is for now; visual fidelity of the calendar UI needs a follow-up touch-up but doesn't block the bump.
github-actions
Bot
added
documentation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Coverage Report for Expo Unit Tests Coverage (./apps/expo)
File CoverageNo changed files found. |
Coverage Report for API Unit Tests Coverage (./packages/api)
File CoverageNo changed files found. |
Deploying packrat-landing with
|
| Latest commit: |
362d8da
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://900636f9.packrat-landing.pages.dev |
| Branch Preview URL: | https://chore-dependabot-batch-2.packrat-landing.pages.dev |
Deploying packrat-guides with
|
| Latest commit: |
362d8da
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://9086a8b1.packrat-guides-6gq.pages.dev |
| Branch Preview URL: | https://chore-dependabot-batch-2.packrat-guides-6gq.pages.dev |
There was a problem hiding this comment.
Pull request overview
This PR batches a second set of Dependabot dependency bumps across the web apps/shared web UI and the API, plus an updated lockfile and a small docs plan tweak.
Changes:
- Bump multiple shared web dependencies (cmdk, lucide-react, react-day-picker, react-resizable-panels, recharts, sonner, postcss-import) across
apps/*andpackages/web-ui. - Bump
@scalar/hono-api-referenceinpackages/api. - Regenerate
bun.lockand adjust a docs plan command snippet.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/web-ui/package.json | Updates shared web-ui dependency versions (incl. react-day-picker v9 bump). |
| packages/api/package.json | Updates Scalar OpenAPI UI dependency for the API. |
| apps/landing/package.json | Aligns landing app deps with the new web dependency versions. |
| apps/guides/package.json | Aligns guides app deps with the new web dependency versions. |
| apps/admin/package.json | Aligns admin app deps with the new web dependency versions. |
| bun.lock | Lockfile refresh reflecting new dependency graph (incl. new transitive deps). |
| docs/plans/2026-04-14-chore-narrow-pr-2170-spike-scope-plan.md | Updates push instructions in the spike scope plan. |
| "lucide-react": "^1.8.0", | ||
| "next-themes": "^0.4.6", | ||
| "react-day-picker": "8.10.1", | ||
| "react-day-picker": "9.14.0", |
There was a problem hiding this comment.
react-day-picker is being bumped to v9 here, but packages/web-ui/src/components/calendar.tsx still uses v8 classNames keys (e.g. day_selected, day_today, caption_label) and v8 component slots (IconLeft/IconRight). In v9 these keys/slots were renamed, so the exported Calendar component will silently lose its intended styling/behavior at runtime. Either migrate the Calendar component to v9’s new classNames/slot API in this PR, or keep react-day-picker pinned to v8 until the migration lands.
| "react-day-picker": "9.14.0", | |
| "react-day-picker": "8.10.1", |
| "@neondatabase/serverless": "^1.0.0", | ||
| "@packrat/guards": "workspace:*", | ||
| "@scalar/hono-api-reference": "^0.8.0", | ||
| "@scalar/hono-api-reference": "^0.10.7", |
There was a problem hiding this comment.
@scalar/hono-api-reference@0.10.7 has a peer dependency on hono ^4.12.5 (see bun.lock entry), but this package still depends on hono ^4.7.5. This peer mismatch may become a hard install/runtime problem depending on tooling. Recommended: bump hono to ^4.12.5+ (and validate /scalar), or keep Scalar on 0.8.x until hono is upgraded.
|
Superseded by #2179 (batch-2-v2) which preserves dependabot commits as authored for clean history. |
Second batch of Dependabot bumps, per-group commits for clear history.
Applied
Safe web bumps (no code changes)
Web major bumps (tsc + biome clean)
Caveat
react-day-picker v9 renamed classNames keys and component slots:
`packages/web-ui/src/components/calendar.tsx` still uses v8 keys. DayPicker's classNames type is permissive so tsc doesn't error, but at runtime v8 keys no-op. Calendar visual fidelity may degrade until a follow-up touch-up PR restyles against v9's slot names.
Deferred (own PRs — blocked or requires migration)
Test plan