chore(deps): consolidate green Dependabot updates

[seonghobae]

Summary

• consolidate the currently green Dependabot updates into a repo-owned branch so the required CodeRabbit gate can attach
• include CI action refreshes, CodeQL action refresh, artifact action refresh, and the green frontend tooling updates
• preserve the same dependency changes while reducing open PR noise and lockfile churn

Supersedes

• chore(deps): bump actions/setup-node from 4.4.0 to 6.3.0 #4
• chore(deps): bump astral-sh/setup-uv from e58605a9b6da7c637471fab8847a5e5a6b8df081 to d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 #6
• chore(deps): bump actions/checkout from 4.3.1 to 6.0.2 #8
• chore(deps): bump actions/setup-python from 5.6.0 to 6.2.0 #10
• chore(deps): bump actions/download-artifact from 4.3.0 to 8.0.0 #11
• chore(deps): bump github/codeql-action from 3.32.6 to 4.32.6 #13
• chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.0 #15
• chore(deps-dev): bump @vitejs/plugin-react from 4.7.0 to 5.1.4 #16
• chore(deps-dev): bump jsdom from 26.1.0 to 28.1.0 #17
• chore(deps-dev): bump @types/node from 22.19.15 to 25.4.0 #19
• chore(deps-dev): bump vite from 6.4.1 to 7.3.1 #20

Verification

• ./scripts/harness/quickcheck.sh

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• 체리스(Chores)
  • GitHub Actions 워크플로우의 여러 도구를 최신 버전으로 업데이트했습니다.
  • 개발 의존성(Node 타입 정의, 빌드 도구 등)을 최신 릴리스로 업그레이드했습니다.

개요

여러 GitHub 워크플로우 파일과 패키지 의존성에서 외부 액션 및 라이브러리의 버전을 업데이트했습니다. actions/checkout, setup-node, setup-python, setup-uv, upload-artifact, download-artifact, codeql-action 등의 GitHub Actions가 최신 버전으로 변경되었으며, 데스크톱 앱 및 공유 타입 패키지의 devDependency도 업그레이드되었습니다.

변경 사항

코호트 / 파일	요약
GitHub 워크플로우 - 액션 버전 업데이트 .github/workflows/build-baseline.yml, .github/workflows/ci.yml, .github/workflows/codeql.yml, .github/workflows/dependency-review.yml, .github/workflows/release.yml, .github/workflows/sbom.yml, .github/workflows/secret-scan-gate.yml, .github/workflows/security-audit.yml	GitHub Actions의 여러 버전을 업그레이드했습니다. actions/checkout (v4 → v6.0.2), actions/setup-node (v4 → v6.3.0), actions/setup-python (v5 → v6.2.0), astral-sh/setup-uv (v5 유지하며 해시 업데이트), actions/upload-artifact (v4 → v7.0.0), actions/download-artifact (v4 → v8.0.0), github/codeql-action (v3 → v4.32.6). 제어 흐름이나 조건부 로직 변화 없음.
패키지 의존성 업그레이드 apps/desktop/package.json, packages/shared-types/package.json	devDependency 버전 업데이트: @types/node (^22.13.10 → ^25.4.0), @vitejs/plugin-react (^4.3.4 → ^5.1.4), jsdom (^26.0.0 → ^28.1.0), vite (^6.2.1 → ^7.3.1). 의존성 구조 변화 없음.

예상 코드 리뷰 노력

🎯 1 (단순) | ⏱️ ~8분

시

🐰 버전 번호들이 춤을 추네,
액션들과 라이브러리 새단장!
최신 도구로 더 빠르게,
워크플로우는 윤기나고,
의존성들도 한껏 업그레이드! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	제목이 변경 사항의 주요 내용과 완전히 일치합니다. 여러 Dependabot 업데이트를 통합하는 것이 핵심 변경이며, 제목이 이를 명확하게 설명합니다.
Description check	✅ Passed	설명이 변경 사항과 명확하게 관련되어 있습니다. Dependabot 업데이트 통합, CI/CodeQL/아티팩트 액션 갱신, 프론트엔드 도구링 업데이트를 설명하고 있습니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch deps/consolidated-green

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[seonghobae]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-baseline.yml:
- Around line 111-114: The
actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 invocation
should explicitly set the digest-mismatch behavior to avoid future workflow
failures; update the download step that references uses:
actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 (the step
that sets name: bandscope-windows-${{ github.sha }} and path: artifacts) to
include the digest-mismatch input (e.g., digest-mismatch: warn) so hash
mismatches produce a warning instead of failing the run.

In `@apps/desktop/package.json`:
- Around line 21-30: Update the Node engine baseline and downgrade `@types/node`:
change the root package.json "engines.node" value to ">=22.12.0 <23" to meet
vite/jsdom minimums, and replace the `@types/node` entries in the apps/desktop
package.json and packages/shared-types package.json with a Node-22-compatible
version (e.g., "^22.13.0") so type checks target the actual runtime Node
version.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e4cb8c0f-ff62-4e56-b01f-0e20674420dd

📥 Commits

Reviewing files that changed from the base of the PR and between d77d678 and e007768.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (10)

• .github/workflows/build-baseline.yml
• .github/workflows/ci.yml
• .github/workflows/codeql.yml
• .github/workflows/dependency-review.yml
• .github/workflows/release.yml
• .github/workflows/sbom.yml
• .github/workflows/secret-scan-gate.yml
• .github/workflows/security-audit.yml
• apps/desktop/package.json
• packages/shared-types/package.json

[seonghobae]

@coderabbitai pause

[seonghobae]

@coderabbitai resume

[coderabbitai]

✅ Actions performed

Reviews paused.

[coderabbitai]

✅ Actions performed

Reviews resumed.

[seonghobae]

@coderabbitai resolve

[coderabbitai]

✅ Actions performed

Comments resolved and changes approved.

[seonghobae]

@coderabbitai pause

[seonghobae]

@coderabbitai resume

[coderabbitai]

✅ Actions performed

Reviews paused.

[coderabbitai]

✅ Actions performed

Reviews resumed.