chore: consolidate dependabot batch 3 (PRs #2228–#2255)#2280
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
packrat-admin | cfd26a9 | Commit Preview URL Branch Preview URL |
Apr 24 2026, 03:53 AM |
Deploying packrat-landing with
|
| Latest commit: |
cfd26a9
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://fac56615.packrat-landing.pages.dev |
| Branch Preview URL: | https://chore-dependabot-batch-apr26.packrat-landing.pages.dev |
Coverage Report for API Unit Tests Coverage (./packages/api)
File CoverageNo changed files found. |
github-actions
Bot
added
dependencies
Coverage Report for Expo Unit Tests Coverage (./apps/expo)
File CoverageNo changed files found. |
Deploying packrat-guides with
|
| Latest commit: |
cfd26a9
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://9af005f5.packrat-guides-6gq.pages.dev |
| Branch Preview URL: | https://chore-dependabot-batch-apr26.packrat-guides-6gq.pages.dev |
There was a problem hiding this comment.
Pull request overview
Consolidates a set of April 2026 Dependabot dependency updates across the monorepo (web apps, Expo app, shared web-ui, and API), updating package manifests and the Bun lockfile.
Changes:
- Bump UI/web deps across workspaces (e.g.,
tailwind-merge,embla-carousel-react,@hookform/resolvers,@types/node). - Bump Expo app deps (
nanoid,react-i18next,prettier-plugin-tailwindcss,tailwind-merge). - Bump API OpenAPI-related deps (
hono-openapi,zod-openapi) and refreshbun.lock.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/web-ui/package.json | Bumps embla-carousel-react and tailwind-merge used by shared UI package. |
| packages/api/package.json | Bumps hono-openapi and zod-openapi in the API workspace. |
| apps/landing/package.json | Bumps @hookform/resolvers, embla-carousel-react, tailwind-merge, and @types/node. |
| apps/guides/package.json | Bumps @hookform/resolvers, embla-carousel-react, tailwind-merge, and @types/node. |
| apps/expo/package.json | Bumps nanoid, react-i18next, tailwind-merge, and prettier-plugin-tailwindcss. |
| apps/admin/package.json | Bumps tailwind-merge and @types/node. |
| bun.lock | Lockfile updates reflecting the above dependency changes (including new/updated transitive deps). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "zod": "catalog:", | ||
| "zod-openapi": "^4.2.4" | ||
| "zod-openapi": "^5.4.6" |
There was a problem hiding this comment.
zod-openapi also appears unused (no zod-openapi imports found). If it’s only present due to historical usage or alongside hono-openapi, consider removing it as well to avoid carrying two different OpenAPI schema generators (@asteasolutions/zod-to-openapi via @hono/zod-openapi vs zod-openapi).
| "gray-matter": "^4.0.3", | ||
| "hono": "catalog:", | ||
| "hono-openapi": "^0.4.6", | ||
| "hono-openapi": "^1.3.0", |
There was a problem hiding this comment.
hono-openapi appears to be unused in this repo (no imports/references found in the codebase), but upgrading it to v1.x pulls in additional transitive deps (e.g. @standard-community/*). If it’s not intentionally kept for upcoming work, consider removing it from dependencies to reduce install/lockfile churn and avoid duplicate OpenAPI stacks alongside @hono/zod-openapi.
| "hono-openapi": "^1.3.0", |
Tier 1 (safe patches / devDeps): - embla-carousel-react 8.5.1 → 8.6.0 (guides, landing, web-ui) — PR #2242 - prettier-plugin-tailwindcss ^0.5.11 → ^0.7.2 (expo devDep) — PR #2228 - @types/node ^22.15.33 → ^25.6.0 (landing devDep) — PR #2245 - @hono/zod-openapi already at catalog: ^1.3.0 — PRs #2243/#2234 superseded Tier 2 (web-only majors — tsc + biome clean): - @hookform/resolvers ^3.10.0 → ^5.2.2 (landing, guides) — PRs #2249/#2248 - tailwind-merge ^2.5.5 → ^3.5.0 (guides, landing, expo, admin, web-ui — all workspaces bumped together for manypkg consistency) — PR #2240 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
/packs, /catalog, /settings, /users were top-level stubs using PageHeader (which calls useSidebar via SidebarTrigger) but lacked a SidebarProvider. Real implementations live under app/dashboard/. Deleting stubs fixes the Next.js prerender error on CF Workers build.
Queue.sendBatch() now returns Promise<QueueSendBatchResponse> in the latest @cloudflare/workers-types — Promise<void>[] was too narrow.
andrew-bierman
force-pushed
the
chore/dependabot-batch-apr26
branch
from
fcfee14 to
cfd26a9
Compare
Summary
Consolidates the April 2026 Dependabot backlog against
development. Applies everything that passes tsc + biome + expo-doctor + all 614 tests. Defers migrations that require coordinated upgrades to their own PRs.Applied ✅
catalog: ^1.3.0— supersededDeferred ⏭️
aicatalog v5 → v6 +CustomChatTransporttype updates. Types incompatible with currentai@5.x—UIMessage.providerMetadatadiverges (SharedV3ProviderMetadatavsSharedV2ProviderMetadata). Own PR needed.chore/expo-sdk-55-upgradeuseSearchParamsnullability fixes and Turbopack config auditeslintConfigin package.json)Superseded (will auto-close on merge)
Test plan
bun installcleanbun check(Biome) — 2 pre-existing warnings, no new onesbun check-typescleanbun test:api:unit— 284/284 passedbun test:expo— 330/330 passedbunx expo-doctor— 17/17 checks passed, no new warningsPost-Deploy Monitoring & Validation
No additional operational monitoring required: this is a pure dependency version bump with no runtime behaviour changes. All logic paths are covered by the existing test suite.