chore: update dependencies to latest versions#183
Merged
Conversation
Update all dependencies across the monorepo. TypeScript stays at 5.9.3 as tsup and react-router do not yet support TypeScript 6. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub. 2 Skipped Deployments
|
Contributor
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 18 minutes and 42 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (84)
📝 WalkthroughWalkthrough複数の例とパッケージで依存関係とビルド基盤のバージョンを一括更新しました。Biome Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer
participant Docker as Docker Build
participant PNPM as pnpm (root workspace)
participant Builder as Build Artifacts
participant Image as Final Image
participant Runtime as react-router-serve
Dev->>Docker: docker build (monorepo root)
Docker->>PNPM: pnpm install --frozen-lockfile
PNPM->>PNPM: pnpm --filter ... build (workspace packages + example)
PNPM->>Builder: produce /deployed and example build outputs
Docker->>Image: copy /deployed and example build into image
Image->>Runtime: run react-router-serve ./build/server/index.js
Runtime->>Builder: serve runtime artifacts
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
- CI: Node.js 22 → 24, PostgreSQL 16-alpine → 17-alpine - Dockerfile: node:20-alpine → node:24-alpine - Docs workflow: Node.js 22 → 24 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
examples/fullstack-react-router/Dockerfile (1)
17-22:⚠️ Potential issue | 🟠 Major本番ステージを非 root ユーザーで実行してください。
Line 17-22 は
USER未指定のため root 実行になります。コンテナ侵害時の影響範囲を広げるので、最終ステージで非特権ユーザーへ切り替えるべきです。🔧 修正案(final stage)
FROM node:24-alpine -COPY ./package.json package-lock.json /app/ -COPY --from=production-dependencies-env /app/node_modules /app/node_modules -COPY --from=build-env /app/build /app/build WORKDIR /app +COPY --chown=node:node ./package.json package-lock.json /app/ +COPY --from=production-dependencies-env --chown=node:node /app/node_modules /app/node_modules +COPY --from=build-env --chown=node:node /app/build /app/build +USER node CMD ["npm", "run", "start"]🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/fullstack-react-router/Dockerfile` around lines 17 - 22, The final Dockerfile stage runs as root because no USER is set; update the final stage (the stage that starts FROM node:24-alpine, sets WORKDIR /app and CMD ["npm","run","start"]) to switch to a non‑root user: create or use a nonprivileged user (e.g., node), ensure /app ownership is set (chown /app to that user or create the directory with correct owner), and add a USER <nonroot> directive before CMD so the container runs with reduced privileges.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In `@examples/fullstack-react-router/Dockerfile`:
- Around line 17-22: The final Dockerfile stage runs as root because no USER is
set; update the final stage (the stage that starts FROM node:24-alpine, sets
WORKDIR /app and CMD ["npm","run","start"]) to switch to a non‑root user: create
or use a nonprivileged user (e.g., node), ensure /app ownership is set (chown
/app to that user or create the directory with correct owner), and add a USER
<nonroot> directive before CMD so the container runs with reduced privileges.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 596332a1-b330-4d4e-998b-6d476d52a909
📒 Files selected for processing (3)
.github/workflows/ci.yml.github/workflows/docs.ymlexamples/fullstack-react-router/Dockerfile
✅ Files skipped from review due to trivial changes (1)
- .github/workflows/docs.yml
Use the built-in `node` user from node:24-alpine and set file ownership with --chown so the container runs with reduced privileges. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The previous Dockerfile used npm and referenced package-lock.json which doesn't exist in this pnpm workspace. Rewrite to use pnpm deploy for standalone deployment: - Build from monorepo root with pnpm workspace resolution - Use `pnpm deploy --legacy --prod` to create isolated standalone package - Copy build output separately (pnpm deploy copies source, not build artifacts) - Run as non-root `node` user - Add Dockerfile.dockerignore for build context Usage: docker build -f examples/fullstack-react-router/Dockerfile -t durably-fullstack . Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add .npmrc with inject-workspace-packages=true so pnpm deploy works without the --legacy flag. This is the recommended pnpm configuration for monorepos using pnpm deploy. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Corepack is removed from Node.js 25+. Use npm install -g pnpm instead for forward compatibility. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rewrite the example Dockerfile to work as a standalone template that users can copy to their own projects. Replace the monorepo-aware multi-stage build with a simple deps → build → production pattern. Users just need to replace workspace:* with the published version (e.g. ^0.15.0) in package.json to use this outside the monorepo. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add README.md to server-node, server-node-postgres, and spa-vite-react examples. Update fullstack-react-router README to be durably-specific instead of the default React Router template. Each README includes standalone usage instructions explaining how to replace workspace:* with published package versions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use <latest version> placeholder instead of specific version numbers to avoid stale docs on every release. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Simpler standalone instructions — just run pnpm add instead of manually editing package.json with version numbers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rename examples to follow a consistent naming convention aligned with the documentation's mode names (Server/Fullstack/SPA): - server-node → server-libsql - server-node-postgres → server-postgres - fullstack-react-router → fullstack - spa-vite-react → spa-vite Update all references in website docs, skills, vercelignore, and add stale-name checks to find-stale.sh. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Vercel warns that TURSO_DATABASE_URL and TURSO_AUTH_TOKEN are set but not declared in turbo.json, making them unavailable during builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
biome migrate --writeto update biome schema versions (2.4.7 → 2.4.9)pnpm deploy.npmrcwithinject-workspace-packages=trueNotable dependency updates
@biomejs/biomebetter-sqlite3kyselyvitestviteturboreact-routertailwindcss@libsql/client@types/pgsatoriInfrastructure updates
Example directory renames
fullstack-react-routerfullstackserver-nodeserver-libsqlserver-node-postgresserver-postgresspa-vite-reactspa-viteUpdated all references in website docs, skills,
.vercelignore, and stale-name detection.Dockerfile improvements
nodeusernpm install -g pnpminstead of corepack (removed in Node.js 25+)Test plan
pnpm validatepasses locally (format, lint, typecheck, 244 tests)🤖 Generated with Claude Code