chore(deps): bump 50 patch-level deps across monorepo

[ggazzo]

Summary

• Bumps 50 deps within their current major.minor (no breaking changes), produced via npm-check-updates --target patch across the workspace.
• Most-impacted runtime deps: eslint, @types/react, react-virtuoso, webpack, dompurify, hono, katex, @swc/core, vite, ts-jest, esbuild, bson, twilio, zustand, qs, re-resizable, overlayscrollbars, adm-zip, cron, codemirror, turbo, typedoc, uuid, tinybench, sass-loader, ts-loader, @msgpack/msgpack, @noble/ed25519, @octokit/core, @opentelemetry/api, @react-aria/toolbar, @react-spectrum/test-utils, @codemirror/lang-javascript, @xmldom/xmldom, meteor-node-stubs, jsrsasign, sanitize-html, @changesets/cli, plus several eslint-plugin-* and @types/*.
• 70 package.json files + yarn.lock updated.

Notes

• @react-pdf/renderer was held back at ^4.3.2. The 4.3.3 release transitively pulls @react-pdf/image@3.1.0, which references the unpublished package @react-pdf/svg^1.1.0 — yarn install fails. Worth revisiting once upstream republishes a working @react-pdf/image.
• @msgpack/msgpack 3.0.0-beta2 → 3.0.1 crosses the prerelease→stable boundary (still within 3.0.x).
• katex ~0.16.28 → ~0.16.45 (17 patches behind) and @swc/core 1.15.11 → 1.15.26 (15 patches) are the largest jumps within their patch ranges.

Test plan

• yarn install succeeds (peer-deps warnings are pre-existing on develop).
• yarn turbo run typecheck passes for 39 workspaces. Pre-existing failures on develop were excluded: core-services, media-calls, federation-matrix, ui-voip, meteor (verified by stashing this PR's changes and reproducing the same failures on develop).
• yarn turbo run testunit passes on a representative sample (random, api-client, i18n, tools, log-format, sha256, jwt, ui-kit, message-parser, http-router, gazzodown, web-ui-registration, ui-avatar, ui-composer, tracing). ui-client shows the same 4 pre-existing failures as develop.
• CI run on this PR.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated runtime libraries and developer tooling to newer patch/minor releases across the project (UI rendering, math rendering, virtual lists, and build/test/lint tooling).
  • No functional changes to behavior or public APIs; stability, security, and build/test tooling improved.

Task: ARCH-2109

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is targeting the wrong base branch. It should target 8.5.0, but it targets 8.4.0

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: db3ce6f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This PR updates version ranges across many package.json files in the monorepo—primarily bumping ESLint (~9.39.3 → ~9.39.4) and applying various patch/minor dependency upgrades. No source code, runtime logic, or public API declarations were changed.

Changes

Cohort / File(s)	Summary
Root & Config package.json, packages/eslint-config/package.json	Bumped root dev tools (@changesets/cli, turbo) and upgraded ESLint/core ESLint plugins to new patch releases.
Apps (meteor & playground) apps/meteor/package.json, apps/uikit-playground/package.json	Broad runtime and devDependency bumps in apps/meteor (many libs like katex, adm-zip, bson, react-virtuoso, etc.); smaller bumps in apps/uikit-playground.
Enterprise apps ee/apps/.../*.package.json	Multiple EE app manifests updated—mostly ESLint patch bumps; ddp-streamer also bumps uuid; some update @types/react.
Enterprise packages ee/packages/.../*.package.json	Mostly ESLint bumps; select packages update types or runtime deps (sanitize-html, @types/ws, etc.).
Core packages (ESLint-only) packages/* (many files, e.g., packages/account-utils/package.json, packages/logger/package.json, packages/models/package.json, ...)	Large set of packages updated only to bump ESLint devDependency from ~9.39.3 → ~9.39.4.
Core packages (multi-dep updates) packages/apps-engine/package.json, packages/agenda/package.json, packages/http-router/package.json, packages/message-parser/package.json, packages/jest-presets/package.json, packages/tracing/package.json, packages/server-fetch/package.json, packages/release-action/package.json	ESLint plus targeted runtime/devtool bumps (e.g., @msgpack/msgpack, esbuild, hono, qs, @swc/core, ts-jest, tinybench, webpack, etc.).
UI & Frontend packages/ui-*, packages/fuselage-ui-kit/package.json, packages/gazzodown/package.json, packages/livechat/package.json, packages/web-ui-registration/package.json, packages/storybook-config/package.json	Bumped UI-related deps and types (@types/react, react-virtuoso, dompurify, katex, webpack) and ESLint across multiple UI packages; some nightly tags updated for @react-aria/toolbar.
Build / Tooling packages/peggy-loader/package.json, packages/storybook-config/package.json, packages/peggy-loader/package.json	Updated build tool devDeps (webpack, ts-jest, etc.) and storybook-related packages.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• chore(deps): Patch dependencies #38349: Overlapping dependency/version bumps across many package.json files (includes apps/meteor and similar packages).
• chore(deps): Upgrade some dependencies #37508: Similar monorepo-wide dependency upgrades touching apps/meteor and multiple packages.
• chore(deps): Upgrade some dependencies #36905: Related chore updating dependency versions across package manifests.

Suggested reviewers

• d-gubert

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and concisely summarizes the main change: bumping 50 patch-level dependencies across the monorepo.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

1 issue found across 71 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/apps-engine/package.json">

<violation number="1" location="packages/apps-engine/package.json:80">
P2: Keep the msgpack version in sync across the Apps Engine and Deno runtime manifests; otherwise the two codecs will run against different library versions.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.79%. Comparing base (987728a) to head (db3ce6f).
⚠️ Report is 5 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #40172      +/-   ##
===========================================
- Coverage    69.87%   69.79%   -0.09%     
===========================================
  Files         3296     3296              
  Lines       119166   119166              
  Branches     21482    21435      -47     
===========================================
- Hits         83270    83169     -101     
- Misses       32611    32689      +78     
- Partials      3285     3308      +23     

Flag	Coverage Δ
e2e	59.68% <ø> (-0.17%)	⬇️
e2e-api	46.23% <ø> (-0.06%)	⬇️
unit	70.55% <ø> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ggazzo]

/jira ARCH-2083

[dionisio-bot]

⚠️ Dionisio (Jira)

The milestone "8.5.0" does not exist on the Jira board; the task was created without Fix version.