chore(deps): update non-major dependencies by renovate[bot] · Pull Request #328 · deepnote/deepnote

renovate · 2026-03-02T01:35:48Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
@ai-sdk/mcp (source)	`1.0.25` → `1.0.42`	dependencies	patch
@ai-sdk/openai (source)	`3.0.41` → `3.0.64`	dependencies	patch
@biomejs/biome (source)	`2.2.7` → `2.4.15`	devDependencies	minor
@inquirer/prompts (source)	`8.2.1` → `8.4.3`	dependencies	minor
@inquirer/testing (source)	`3.1.1` → `3.3.6`	devDependencies	minor
@jupyterlab/nbformat	`4.5.2` → `4.5.7`	dependencies	patch
@jupyterlab/services	`7.5.2` → `7.5.7`	dependencies	patch
@modelcontextprotocol/sdk (source)	`1.26.0` → `1.29.0`	dependencies	minor
@toon-format/toon (source)	`2.1.0` → `2.2.0`	dependencies	minor
@types/node (source)	`22.18.12` → `22.19.19`	devDependencies	minor
@vitest/coverage-v8 (source)	`4.0.5` → `4.1.6`	devDependencies	minor
ai (source)	`6.0.116` → `6.0.184`	dependencies	patch
cleye	`2.0.0` → `2.6.0`	dependencies	minor
commander	`14.0.2` → `14.0.3`	dependencies	patch
cspell (source)	`9.2.2` → `9.8.0`	devDependencies	minor
diff	`8.0.3` → `8.0.4`	dependencies	patch
dotenv	`17.2.3` → `17.4.2`	dependencies	minor
lint-staged	`16.2.5` → `16.4.0`	devDependencies	minor
node (source)	`22.21.0` → `22.22.3`		minor
ora	`9.0.0` → `9.4.0`	dependencies	minor
pnpm (source)	`10.19.0` → `10.33.4`	packageManager	minor
prettier (source)	`3.6.2` → `3.8.3`	devDependencies	minor
sort-package-json	`3.4.0` → `3.6.1`	devDependencies	minor
tsdown (source)	`0.15.9` → `0.22.0`	devDependencies	minor
tsx (source)	`4.20.6` → `4.22.1`	devDependencies	minor
vite-tsconfig-paths	`6.0.3` → `6.1.1`	devDependencies	minor
vitest (source)	`4.0.5` → `4.1.6`	devDependencies	minor
ws	`8.19.0` → `8.20.1`	dependencies	minor
yaml (source)	`2.8.3` → `2.9.0`	dependencies	minor
zod-to-json-schema	`3.25.1` → `3.25.2`	devDependencies	patch

Release Notes

vercel/ai (@ai-sdk/mcp)

`v1.0.42`

Compare Source

Patch Changes

725f2ed: feat(mcp): expose server instructions to be accessible through client
7281592: fix(mcp): use negotiated protocol version in transport request headers

`v1.0.41`

Compare Source

Patch Changes

f591416: feat(ai): add toolMetadata for tool specific metdata
Updated dependencies [f591416]
- @ai-sdk/provider-utils@4.0.27

`v1.0.40`

Compare Source

Patch Changes

221a984: Add resource_link content type to CallToolResultSchema and PromptMessageSchema per MCP spec. Fixes hard rejection when MCP servers return resource_link content parts with zod ≥ 4.4.x.
0084974: feat(mcp): deprecate name and use clientName for MCPClient

`v1.0.39`

Compare Source

Patch Changes

7beadf0: feat(mcp): propagate the server name through dynamic tool parts
Updated dependencies [7beadf0]
- @ai-sdk/provider-utils@4.0.26

`v1.0.38`

Compare Source

Patch Changes

a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles
5fee301: fix(mcp): prevent prototype pollution by using secureJsonParse
Updated dependencies [a727da4]
- @ai-sdk/provider-utils@4.0.25
- @ai-sdk/provider@3.0.10

`v1.0.37`

Compare Source

Patch Changes

a7f3c72: trigger release for all packages after provenance setup
Updated dependencies [a7f3c72]
- @ai-sdk/provider@3.0.9
- @ai-sdk/provider-utils@4.0.24

`v1.0.36`

Compare Source

Patch Changes

9a8d276: feat(mcp): surface 'serverInfo' exposed from the MCP server

`v1.0.35`

Compare Source

Patch Changes

941ebf2: fix(mcp): bypass outputSchema validation when tool returns isError

`v1.0.34`

Compare Source

Patch Changes

1141b93: feat(mcp): allow custom fetch for HTTP and SSE transports

`v1.0.33`

Compare Source

Patch Changes

Updated dependencies [6247886]
- @ai-sdk/provider-utils@4.0.23

`v1.0.32`

Compare Source

Patch Changes

47c6af0: fix(mcp): strip trailing slash from OAuth resource parameter

`v1.0.31`

Compare Source

Patch Changes

Updated dependencies [0469aed]
- @ai-sdk/provider-utils@4.0.22

`v1.0.30`

Compare Source

Patch Changes

055cd68: fix: publish v6 to latest npm dist tag
Updated dependencies [055cd68]
- @ai-sdk/provider-utils@4.0.21

`v1.0.29`

Compare Source

Patch Changes

cc8b506: feat(mcp): add redirect option to MCPTransportConfig for controlling HTTP redirect behavior

`v1.0.28`

Compare Source

Patch Changes

0c86a13: fix(mcp): validate state param in oauth flow

`v1.0.27`

Compare Source

Patch Changes

1920b22: fix(mcp): add MCP protocol version 2025-11-25 to supported versions

`v1.0.26`

Compare Source

Patch Changes

Updated dependencies [64ac0fd]
- @ai-sdk/provider-utils@4.0.20

biomejs/biome (@biomejs/biome)

`v2.4.15`

Compare Source

Patch Changes

#9394 ba3480e Thanks @dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.
#10254 e0a54cc Thanks @dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

For example, the following snippet triggers the rule:
```
import { nextTick } from "vue";

nextTick(() => {
  updateDom();
});
```
#10219 64aee45 Thanks @dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

For example, the following snippet triggers the rule:
```
<input @&#8203;keyup.13="submit" />
```
#10195 7b8d4e1 Thanks @dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.
#10238 1110256 Thanks @dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.
#10201 1a08f89 Thanks @realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.
#9574 3bd2b6a Thanks @Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.
#10205 a704a6c Thanks @Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.
```
{
  "assist": {
    "actions": {
      "source": {
        "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
      }
    }
  }
}
```
#10052 b565bed Thanks @minseong0324! - Improved noMisleadingReturnType: it now flags union annotations whose extra variants are never returned, and suggests the narrower type (e.g. string | null → string).

These functions are now reported because null and number are included in the return annotations but never returned:
```
function getUser(): string | null {
  return "hello";
} // null is never returned
function getCode(): string | number {
  return "hello";
} // number is never returned
```
#10213 ac30057 Thanks @dyc3! - Fixed #9450: HTML and Vue element formatting now preserves child line breaks when an element contains another element child on its own line, instead of collapsing the child element onto the same line.
#10275 9ee6c03 Thanks @solithcy! - Fixed #10274: Svelte templates with missing expressions no longer parsed as HtmlBogusElement
#10143 56798a7 Thanks @minseong0324! - noMisleadingReturnType now detects misleading return type annotations when object literal properties are initialized with as const.

This function is now reported because the return annotation widens a property initialized with as const:
```
function f(): { value: string } {
  return { value: "text" as const };
}
```
#10143 56798a7 Thanks @minseong0324! - noUselessTypeConversion now detects redundant conversions on object literal properties initialized with as const.

This conversion is now reported because message.value is inferred as a string literal:
```
const message = { value: "text" as const };
String(message.value);
```
#9807 0ae5840 Thanks @dyc3! - Added the new nursery rule useThisInClassMethods, based on ESLint's class-methods-use-this.

The rule now reports instance methods, getters, setters, and function-valued instance fields that do not use this, and biome migrate eslint preserves the supported ignoreMethods, ignoreOverrideMethods, and ignoreClassesWithImplements options.

Invalid:
```
class Foo {
  bar() {
    // does not use `this`, invalid
    console.log("Hello Biome");
  }
}
```
#10258 e7b18f7 Thanks @ematipico! - Improved linter performance by narrowing the query nodes for several lint rules, reducing how often they are evaluated.
#10273 04e22a1 Thanks @dyc3! - Fixed #10271: The HTML parser now correctly parses of as text content when in text contexts.
#9838 83f7385 Thanks @dyc3! - Added the nursery rule noBaseToString, which reports stringification sites that fall back to Object's default "[object Object]" formatting. The rule also supports the ignoredTypeNames option.
#10143 56798a7 Thanks @minseong0324! - useExhaustiveSwitchCases now checks switch statements over object literal properties initialized with as const.

This switch is now reported because status.kind is inferred as the string literal "ready" but no case handles it:
```
const status = { kind: "ready" as const };
switch (status.kind) {
}
```
#10143 56798a7 Thanks @minseong0324! - useStringStartsEndsWith now detects string index comparisons on object literal properties initialized with as const.

This comparison is now reported because message.value is inferred as a string literal:
```
const message = { value: "hello" as const };
message.value[0] === "h";
```

`v2.4.14`

Compare Source

Patch Changes

#9393 491b171 Thanks @dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.
#10157 eefc5ab Thanks @dyc3! - Fixed #7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.
#10054 0e9f569 Thanks @minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

A function annotated : object returning an object literal:
```
function f(): object {
  return { retry: true };
}
```
#10116 53269eb Thanks @jiwon79! - Fixed #6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.
#10092 33d8543 Thanks @Conaclos! - Fixed #9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

Given the following organizeImports options:
```
{
  "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
}
```
The following code...
```
// Comment
import "package";
import "./file.js";
```
...was organized as:
```
+
  // Comment
  import "package";
+
  import "./file.js";
```
A blank line was added even though the group ':NODE:' doesn't match any imports here.
:BLANK_LINE: between never-matched groups and matched groups are now ignored.
The code is now organized as:
```
  // Comment
  import "package";
+
  import "./file.js";
```
#10138 a10b6c1 Thanks @dyc3! - Fixed Vue v-for handling for noUndeclaredVariables and noUnusedVariables. Biome now recognizes variables declared by v-for directives and references to iterated values in Vue templates.
#10115 d428d76 Thanks @minseong0324! - noMisleadingReturnType no longer reports false positives when a union return type's boolean variant is covered by both true and false returns.
#9922 7acf1e0 Thanks @dyc3! - Added the new nursery rule noReactStringRefs, which disallows legacy React string refs such as ref="hello" and this.refs.hello.

Biome also reports template-literal refs such as ref={`hello`}, so React code can consistently migrate to callback refs, createRef(), or useRef().
#10010 f3e76ab Thanks @dyc3! - Fixed a bug in the LSP file watcher registration so Biome now watches .biome.json and .biome.jsonc configuration files and reloads workspace settings when they change.
#10176 8a40ef8 Thanks @dyc3! - Fixed #10011: The noThisInStatic rule no longer reports this when it is used as the constructor target in new this(...), which is required for inherited static factory methods.
#10163 6867e96 Thanks @jiwon79! - Fixed #9884: The useSortedAttributes auto-fix no longer corrupts source code when both an outer JSX element and a nested JSX-valued attribute have unsorted attributes in the same pass. Multiple unsorted groups separated by spread or shorthand attributes within the same JSX element are now reported as a single diagnostic.
#10079 d29dd19 Thanks @Damix48! - Fixed false positive in noAssignInExpressions for Svelte {@const} blocks. Assignments in {@const name = value} are now correctly recognized as declarations rather than accidental assignments in expressions.
#10080 5d8fdac Thanks @Damix48! - Fixed parsing of closing parentheses in Svelte {#each} block key expressions. Biome now correctly parses method calls and other parenthesised expressions used as keys.

For example, the following snippets are now parsed correctly:
```
{#each numbers as number, index (number.toString())}
  <p>{number}</p>
{/each}

{#each numbers as number (key(number))}
  <p>{number}</p>
{/each}
```
#10140 e7024b9 Thanks @solithcy! - Fixed #10135: Biome no longer crashes on missing Svelte template expressions.

The following code snippet longer panics:
```
{#if }
 <p>^ this would previously crash</p>
{/if}
{@&#8203;const }
<p>    ^ this would also crash</p>
```
#10111 7818009 Thanks @jiwon79! - Fixed #9997: noDuplicateSelectors no longer reports false positives for selectors inside @scope queries. Biome now treats @scope as a separate at-rule context, like @media, @supports, @container, and @starting-style.

The following snippet is no longer flagged as a duplicate:
```
.Example {
  padding: 0;
}

@&#8203;scope (.theme-dark) {
  .Example {
    color: white;
  }
}
```
#9926 d62b331 Thanks @dyc3! - Added the nursery lint rule useMathMinMax, which prefers Math.min() and Math.max() over equivalent ternary comparisons.

For example, this code:
```
const min = a < b ? a : b;
```
is much more readable when rewritten as:
```
const min = Math.min(a, b);
```
#10115 d428d76 Thanks @minseong0324! - useExhaustiveSwitchCases now flags missing true/false cases for boolean discriminants, including when boolean is a union variant.
#10125 a55a0b6 Thanks @bmish! - Fixed a resolver bug where packages that define a typed entry point through package.json's main field but omit types were ignored during type-aware resolution. Type-aware rules such as noFloatingPromises can now inspect imports from those packages.
#10117 895e809 Thanks @denizdogan! - Added support for the corner-shape family of CSS properties and the superellipse()/squircle() value functions, so noUnknownProperty and noUnknownFunction no longer flag them as unknown.

New known properties: corner-shape, corner-block-end-shape, corner-block-start-shape, corner-bottom-left-shape, corner-bottom-right-shape, corner-bottom-shape, corner-end-end-shape, corner-end-start-shape, corner-inline-end-shape, corner-inline-start-shape, corner-left-shape, corner-right-shape, corner-start-end-shape, corner-start-start-shape, corner-top-left-shape, corner-top-right-shape, corner-top-shape.

New known value functions: superellipse(), squircle().
#8620 8df8f73 Thanks @dyc3! - Fixed #8062: Added support for parsing Vue v-for directives more accurately.
#10191 aa055cd Thanks @guney! - Now the rule noStaticElementInteractions doesn't trigger custom elements.
#9757 2c62594 Thanks @dyc3! - Fixed #9099: the HTML formatter collapsing non-text children (inline elements, Svelte expressions, comments) onto a single line when the source had them on separate lines. Biome now preserves the user's intended line breaks for exclusively non-text children.

For example, the following Svelte snippet is now preserved instead of being collapsed to <div>{name}</div>:
```
<div>
  {name}
</div>
```
Similarly, HTML elements like <span> inside a <div> are now preserved when written on their own line:
```
<div>
  <span>text</span>
</div>
```
#10105 e7c1a6d Thanks @jiwon79! - Fixed #10039: useReadonlyClassProperties now detects unreassigned private members in class expressions and export default classes, not only in class declarations.

The following patterns are now correctly flagged:
```
const AnonClass = class {
  #prop = 123;
  constructor() {
    console.log(this.#prop);
  }
};

export default class {
  #prop = 123;
  constructor() {
    console.log(this.#prop);
  }
}
```
#10141 46a77d0 Thanks @minseong0324! - Improved noUnnecessaryConditions to detect conditions that are always truthy because they check built-in global class instances such as Date, Map, Set, WeakMap, and Error.
#10178 7b05a89 Thanks @dyc3! - Fixed #10177: The HTML parser no longer reports lowercase html or doctype text as invalid after void elements such as <br>.
#10155 0d4595d Thanks @jiwon79! - Fixed #10045: the CSS formatter no longer compounds indentation inside nested functional pseudo-classes such as :not(:where(...)), :is(:where(...)), and similar combinations. The same fix also removes one level of unnecessary indentation that was added inside any pseudo-class function whose argument list wrapped onto multiple lines, including :nth-child(... of ...), ::part(...), and :active-view-transition-type(...).
The following snippet is now correctly formatted, matching Prettier.
```
input:not(
  :where(
    [type="submit"],
    [type="checkbox"],
    [type="radio"],
    [type="button"],
    [type="reset"]
  )
) {
  inline-size: 100%;
}
```
#10112 6f0251e Thanks @dyc3! - Fixed #10110: Biome's parser now accepts surrogate code points in JavaScript string \u{...} escapes.
#10141 46a77d0 Thanks @minseong0324! - Improved noMisleadingReturnType to detect object return annotations that hide built-in global class instances such as Date, Map, Set, WeakMap, and Error.
#10083 4a664c1 Thanks @ematipico! - Added two new options to noShadow, both defaulting to true to match typescript-eslint's behavior.

Fixed #9482: Added ignoreFunctionTypeParameterNameValueShadow option. When enabled, parameter names inside function type annotations (e.g. (options: unknown) => void) are not flagged as shadowing outer variables.

Fixed #7812: Added ignoreTypeValueShadow option. When enabled, a value binding that shares its name with a type-only declaration (type alias or interface) is not flagged, since types and values occupy separate namespaces in TypeScript.
#9286 52695cf Thanks @Hugo-Polloli! - Fixed #6316: Biome now resolves Svelte $store references to the underlying store binding in semantic analysis, preventing false noUndeclaredVariables diagnostics when the store is declared.
#10188 ae659dd Thanks @dyc3! - Added a new nursery rule noExcessiveNestedCallbacks, which disallows callbacks nested deeper than the configured maximum.
#9757 2c62594 Thanks @dyc3! - Fixed #9450: the HTML formatter now correctly preserves multiline formatting for nested <template> elements (e.g. <template #body>) when the source has children on separate lines. Previously, the children were collapsed onto a single line.
```
 <template>
   <UModal>
-    <template #body> <p>content</p> </template>
+    <template #body>
+      <p>content</p>
+    </template>
   </UModal>
 </template>
```
#10118 c6edcb4 Thanks @Netail! - Fixed #10024: biome migrate eslint correctly migrates eslint rules that belong to multiple Biome rules.

`v2.4.13`

Compare Source

Patch Changes

#9969 c5eb92b Thanks @officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

For example, the following code triggers the rule:
```
const a = `${"hello"}`; // can be 'hello'
const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
const c = `${"a"}${"b"}`; // can be 'ab'
```

#10037 f785e8c Thanks @minseong0324! - Fixed #9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.

class Store {
  get status(): string {
    if (Math.random() > 0.5) return "loading";
    return "idle";
  }
  set status(v: string) {}
}

#10084 5e2f90c Thanks @jiwon79! - Fixed #10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

The following pattern is now considered valid:
```
/[a-z\&]/v;
```
#10063 c9ffa16 Thanks @Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.
#10035 946b50e Thanks @Netail! - Fixed #10032: useIframeSandbox now flags if there's no initializer value.
#9865 68fb8d4 Thanks @dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

For example, the following snippet triggers the rule:
```
const foo = node.innerText;
```
#10023 bd1e74f Thanks @ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

For example, the following code triggers the rule:
```
import View from "react-native/Libraries/Components/View/View";
```
#9885 3dce737 Thanks @dyc3! - Added a new nursery rule useDomQuerySelector that prefers querySelector() and querySelectorAll() over older DOM query methods such as getElementById() and getElementsByClassName().
#9995 4da9caf Thanks @siketyan! - Fixed #9994: Biome now parses nested CSS rules correctly wh

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (in timezone UTC)

Branch creation
- "before 9am on Monday"
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2026-03-02T01:35:51Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 8 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 54, reused 0, downloaded 0, added 0
Progress: resolved 252, reused 0, downloaded 0, added 0
Progress: resolved 607, reused 0, downloaded 0, added 0
 ERR_PNPM_UNUSED_PATCH  The following patches were not used: @inquirer/testing@3.1.1

Either remove them from "patchedDependencies" or update them to match packages in your dependencies.
Progress: resolved 655, reused 0, downloaded 0, added 0

coderabbitai · 2026-03-02T01:35:57Z

📝 Walkthrough

Walkthrough

Updated .nvmrc Node pin from 22.21.0 to 22.22.3. Bumped package.json packageManager to pnpm@10.33.4 and updated several devDependencies (Biome, @types/node, vitest-related tooling, cspell, lint-staged, prettier, sort-package-json, tsdown). No runtime application code, scripts, engines, or exported/public API signatures changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: a dependency update PR for non-major versions across multiple packages and the Node runtime.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Updates Docs	✅ Passed	PR contains only dependency version updates (Node, pnpm, dev tools). No feature implementation, therefore documentation updates not required per custom check criteria.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 43-58: The package manifest (package.json) was updated
(devDependencies entries like "@biomejs/biome", "@types/node", "vitest", and the
"packageManager" field set to "pnpm@10.30.3") but the pnpm lockfile is out of
sync; regenerate and commit an updated pnpm-lock.yaml by running pnpm install
--frozen-lockfile=false using pnpm 10.30.3 so the lockfile reflects the changed
devDependencies and packageManager, then add the updated pnpm-lock.yaml to the
commit.

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4f5b20f and 27488c8.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile must match manifest bumps before merge.

Line 43-Line 58 updates manifest versions and packageManager; ensure pnpm-lock.yaml is regenerated with pnpm 10.30.3 and committed. This is the same blocker previously reported.

#!/bin/bash
set -euo pipefail

test -f package.json
test -f pnpm-lock.yaml

python - <<'PY' > /tmp/expected_specs.txt
import json
deps = [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]
pkg = json.load(open("package.json"))
for d in deps:
  print(f"{d}@{pkg['devDependencies'][d]}")
print(f"packageManager={pkg['packageManager']}")
PY

while IFS= read -r spec; do
  if rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null; then
    echo "OK   $spec"
  else
    echo "MISS $spec"
  fi
done < /tmp/expected_specs.txt

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The package manifest was updated
(devDependencies like "@biomejs/biome", "@types/node", "@vitest/coverage-v8",
"cspell", "lint-staged", "prettier", "sort-package-json", "tsdown", "vitest" and
packageManager) but pnpm-lock.yaml was not regenerated; run pnpm using the
declared packageManager version (pnpm@10.30.3) to regenerate the lockfile (e.g.,
pnpm install or pnpm -w install if workspace), ensure pnpm-lock.yaml now
contains entries matching the new devDependency versions and
packageManager=pnpm@10.30.3, and commit the updated pnpm-lock.yaml alongside the
package.json change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The package manifest was updated (devDependencies like
"@biomejs/biome", "@types/node", "@vitest/coverage-v8", "cspell", "lint-staged",
"prettier", "sort-package-json", "tsdown", "vitest" and packageManager) but
pnpm-lock.yaml was not regenerated; run pnpm using the declared packageManager
version (pnpm@10.30.3) to regenerate the lockfile (e.g., pnpm install or pnpm -w
install if workspace), ensure pnpm-lock.yaml now contains entries matching the
new devDependency versions and packageManager=pnpm@10.30.3, and commit the
updated pnpm-lock.yaml alongside the package.json change.

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 27488c8 and 54ca4b2.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile is out of sync with updated deps (merge blocker).

CI already reports mismatches for these updated entries. Regenerate and commit pnpm-lock.yaml using pnpm@10.30.3 so Lines 43-58 are reflected.

#!/bin/bash
set -euo pipefail

test -f package.json
test -f pnpm-lock.yaml

python - <<'PY'
import json
with open("package.json") as f:
    pkg=json.load(f)
targets=[
  "@biomejs/biome","@types/node","@vitest/coverage-v8",
  "cspell","lint-staged","prettier","sort-package-json","tsdown","vitest"
]
for t in targets:
    print(f"{t}@{pkg['devDependencies'][t]}")
print("packageManager="+pkg["packageManager"])
PY

echo "--- lockfile hits ---"
python - <<'PY' | while read -r spec; do
import json
with open("package.json") as f:
    pkg=json.load(f)
targets=[
  "@biomejs/biome","@types/node","@vitest/coverage-v8",
  "cspell","lint-staged","prettier","sort-package-json","tsdown","vitest"
]
for t in targets:
    print(f"{t}@{pkg['devDependencies'][t]}")
PY
  rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null && echo "✓ $spec" || echo "✗ $spec"
done

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The pnpm lockfile is out of sync with the
devDependencies (entries like `@biomejs/biome`, `@types/node`, `@vitest/coverage-v8`,
cspell, lint-staged, prettier, sort-package-json, tsdown, vitest) and the
packageManager field; regenerate pnpm-lock.yaml using pnpm@10.30.3 so the lock
reflects package.json, verify the lock contains those exact spec strings, and
commit the updated pnpm-lock.yaml and any lockfile metadata changes (ensuring
packageManager remains pnpm@10.30.3).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The pnpm lockfile is out of sync with the devDependencies
(entries like `@biomejs/biome`, `@types/node`, `@vitest/coverage-v8`, cspell,
lint-staged, prettier, sort-package-json, tsdown, vitest) and the packageManager
field; regenerate pnpm-lock.yaml using pnpm@10.30.3 so the lock reflects
package.json, verify the lock contains those exact spec strings, and commit the
updated pnpm-lock.yaml and any lockfile metadata changes (ensuring
packageManager remains pnpm@10.30.3).

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1d7003f and 49f2c26.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 43-56: The package.json pins packageManager to "pnpm@10.30.3" but
engines.pnpm is currently ">=10.17.1", creating a mismatch; update the
engines.pnpm range to ">=10.30.3" so it aligns with the packageManager pin
(refer to the packageManager and engines.pnpm fields) while keeping tsdown at
root as-is for workspace hoisting.
- Around line 58-61: Update the engines.pnpm floor to match the pinned
packageManager version: change the value referenced by "engines": {"pnpm":
">=10.17.1"} to require at least the same version as "packageManager":
"pnpm@10.30.3" (e.g., "pnpm": ">=10.30.3") so engines.pnpm and packageManager
are aligned; modify the JSON entry for engines.pnpm accordingly.

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 01943f5 and 5481be7.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai · 2026-03-03T11:28:09Z

+    "@biomejs/biome": "2.4.4",
+    "@types/node": "22.19.13",
+    "@vitest/coverage-v8": "4.0.18",
    "@xterm/headless": "^5.5.0",
-    "cspell": "9.2.2",
+    "cspell": "9.7.0",
    "husky": "9.1.7",
    "license-checker-rseidelsohn": "4.4.2",
-    "lint-staged": "16.2.5",
-    "prettier": "3.6.2",
-    "sort-package-json": "3.4.0",
-    "tsdown": "0.15.9",
+    "lint-staged": "16.3.1",
+    "prettier": "3.8.1",
+    "sort-package-json": "3.6.1",
+    "tsdown": "0.20.3",
    "typescript": "5.9.3",
    "vite-tsconfig-paths": "^6.0.0",
-    "vitest": "4.0.5"
+    "vitest": "4.0.18"


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail echo "=== Searching for tsdown declarations in all package.json files ===" rg -n '"tsdown"\s*:' -g '**/package.json' 2>/dev/null || echo "No tsdown declarations found" echo "" echo "=== Checking package.json structure around packageManager and engines.pnpm ===" fd 'package.json$' -t f | head -5 | while read pjson; do if rg -q '"packageManager"|"engines"' "$pjson" 2>/dev/null; then echo "File: $pjson" rg -B 2 -A 2 '"packageManager"|"engines"' "$pjson" | head -20 echo "---" fi done

Repository: deepnote/deepnote

Length of output: 664

Root tsdown placement is correct; align pnpm versions.

tsdown correctly declared only at root for workspace hoisting—good pattern. However, packageManager pins pnpm@10.30.3 while engines.pnpm allows >=10.17.1. Consider updating engines.pnpm to >=10.30.3 to match the enforced version.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@package.json` around lines 43 - 56, The package.json pins packageManager to "pnpm@10.30.3" but engines.pnpm is currently ">=10.17.1", creating a mismatch; update the engines.pnpm range to ">=10.30.3" so it aligns with the packageManager pin (refer to the packageManager and engines.pnpm fields) while keeping tsdown at root as-is for workspace hoisting.

coderabbitai · 2026-03-03T11:28:09Z

+  "packageManager": "pnpm@10.30.3",
  "engines": {
    "node": ">=22.14.0",
    "pnpm": ">=10.17.1"


🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail python - <<'PY' import json d = json.load(open("package.json")) print("packageManager:", d.get("packageManager")) print("engines.pnpm :", d.get("engines", {}).get("pnpm")) PY

Repository: deepnote/deepnote

Length of output: 114

Align engines.pnpm floor with pinned packageManager version.

packageManager is pinned to pnpm@10.30.3, but engines.pnpm still allows >=10.17.1. Matching them reduces local/CI drift.

Proposed diff

"engines": { "node": ">=22.14.0", - "pnpm": ">=10.17.1" + "pnpm": ">=10.30.3" },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"packageManager": "pnpm@10.30.3",

"engines": {

"node": ">=22.14.0",

"pnpm": ">=10.17.1"

"packageManager": "pnpm@10.30.3",

"engines": {

"node": ">=22.14.0",

"pnpm": ">=10.30.3"

},

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@package.json` around lines 58 - 61, Update the engines.pnpm floor to match the pinned packageManager version: change the value referenced by "engines": {"pnpm": ">=10.17.1"} to require at least the same version as "packageManager": "pnpm@10.30.3" (e.g., "pnpm": ">=10.30.3") so engines.pnpm and packageManager are aligned; modify the JSON entry for engines.pnpm accordingly.

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

58-58: 🧹 Nitpick | 🔵 Trivial

Align engines.pnpm with the pinned packageManager version.

Line 58 pins pnpm@10.30.3, but Line 61 still allows >=10.17.1, which permits older clients and version drift.

Proposed diff

   "engines": {
     "node": ">=22.14.0",
-    "pnpm": ">=10.17.1"
+    "pnpm": ">=10.30.3"
   },

#!/bin/bash
set -euo pipefail

python - <<'PY'
import json, re

def parse(v):
    return tuple(int(x) for x in v.split("."))

with open("package.json", "r", encoding="utf-8") as f:
    d = json.load(f)

pm = d.get("packageManager", "")
eng = d.get("engines", {}).get("pnpm", "")

m_pm = re.match(r"^pnpm@(\d+\.\d+\.\d+)$", pm)
m_eng = re.match(r"^>=\s*(\d+\.\d+\.\d+)$", eng)

print("packageManager:", pm)
print("engines.pnpm :", eng)

if not (m_pm and m_eng):
    print("Could not parse one or both fields.")
else:
    pm_v = m_pm.group(1)
    eng_v = m_eng.group(1)
    aligned = parse(eng_v) >= parse(pm_v)
    print("packageManager version:", pm_v)
    print("engines floor        :", eng_v)
    print("aligned              :", aligned)
PY

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 58, package.json currently pins packageManager to
"pnpm@10.30.3" but engines.pnpm still allows ">=10.17.1"; update the
engines.pnpm field to at least ">=10.30.3" (or exactly "10.30.3" if you prefer a
strict pin) so the engines.pnpm floor aligns with the packageManager value,
ensuring the version strings in the packageManager and engines.pnpm fields match
and use the same semver format.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Line 58: package.json currently pins packageManager to "pnpm@10.30.3" but
engines.pnpm still allows ">=10.17.1"; update the engines.pnpm field to at least
">=10.30.3" (or exactly "10.30.3" if you prefer a strict pin) so the
engines.pnpm floor aligns with the packageManager value, ensuring the version
strings in the packageManager and engines.pnpm fields match and use the same
semver format.

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5481be7 and 639b865.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile is still out of sync with updated dependency specifiers.

Lines 43-58 changed multiple devDependencies and packageManager, and CI is already failing pnpm install --frozen-lockfile for specifier mismatch. Please regenerate and commit pnpm-lock.yaml using pnpm 10.30.3 before merge.

#!/bin/bash
set -euo pipefail

python - <<'PY' > /tmp/expected_specs.txt
import json
d = json.load(open("package.json"))
keys = [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]
for k in keys:
  print(f"{k}@{d['devDependencies'][k]}")
print(d["packageManager"])
PY

echo "Checking expected specs in pnpm-lock.yaml..."
while IFS= read -r spec; do
  if rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null; then
    echo "FOUND   $spec"
  else
    echo "MISSING $spec"
  fi
done < /tmp/expected_specs.txt

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The pnpm lockfile is out of sync with the
updated devDependencies and packageManager in package.json: update
pnpm-lock.yaml by running pnpm using the specified packageManager version
(pnpm@10.30.3) so the specifiers for the devDependencies (e.g.,
"@biomejs/biome", "@types/node", "@vitest/coverage-v8", "cspell", "lint-staged",
"prettier", "sort-package-json", "tsdown", "vitest") and the packageManager
entry are reflected in the lockfile, then commit the regenerated pnpm-lock.yaml
so CI no longer fails `pnpm install --frozen-lockfile`.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The pnpm lockfile is out of sync with the updated
devDependencies and packageManager in package.json: update pnpm-lock.yaml by
running pnpm using the specified packageManager version (pnpm@10.30.3) so the
specifiers for the devDependencies (e.g., "@biomejs/biome", "@types/node",
"@vitest/coverage-v8", "cspell", "lint-staged", "prettier", "sort-package-json",
"tsdown", "vitest") and the packageManager entry are reflected in the lockfile,
then commit the regenerated pnpm-lock.yaml so CI no longer fails `pnpm install
--frozen-lockfile`.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9f1fc23c-f774-42ad-bb44-c27f3c88afb0

📥 Commits

Reviewing files that changed from the base of the PR and between 639b865 and be8f580.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (1)

package.json (1)

58-58: ⚠️ Potential issue | 🔴 Critical

Lockfile still out of sync.

Pipeline fails with lockfile mismatch. Run pnpm install and commit pnpm-lock.yaml.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 58, The repository's pnpm lockfile is out of sync with
package.json's packageManager setting; run `pnpm install` locally to
regenerate/update pnpm-lock.yaml, verify the lockfile changes, and commit the
updated pnpm-lock.yaml alongside the package.json change so the pipeline's
lockfile check passes (refer to the "packageManager" field and ensure
pnpm-lock.yaml is included in the commit).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 43: Update the biome.json $schema to match the installed `@biomejs/biome`
version: change the "$schema" value in biome.json from the old 2.2.7 URL to the
2.4.5 schema URL so it corresponds to the dependency "@biomejs/biome": "2.4.5"
declared in package.json; ensure the schema string exactly references version
2.4.5.

---

Duplicate comments:
In `@package.json`:
- Line 58: The repository's pnpm lockfile is out of sync with package.json's
packageManager setting; run `pnpm install` locally to regenerate/update
pnpm-lock.yaml, verify the lockfile changes, and commit the updated
pnpm-lock.yaml alongside the package.json change so the pipeline's lockfile
check passes (refer to the "packageManager" field and ensure pnpm-lock.yaml is
included in the commit).

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 311d6301-6eed-4895-bc60-5809661d936c

📥 Commits

Reviewing files that changed from the base of the PR and between be8f580 and f80cd18.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai · 2026-03-05T20:11:18Z

-    "@biomejs/biome": "2.2.7",
-    "@types/node": "22.18.12",
-    "@vitest/coverage-v8": "4.0.5",
+    "@biomejs/biome": "2.4.5",


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Check biome.json for $schema field echo "=== Checking biome.json schema ===" if [ -f biome.json ]; then cat -n biome.json | head -20 echo "" rg '\$schema' biome.json else echo "biome.json not found" fi

Repository: deepnote/deepnote

Length of output: 952

Update biome.json schema version to match @biomejs/biome 2.4.5.

The $schema field in biome.json is currently pointing to version 2.2.7 but must be updated to 2.4.5:

biome.json schema update

- "$schema": "https://biomejs.dev/schemas/2.2.7/schema.json", + "$schema": "https://biomejs.dev/schemas/2.4.5/schema.json",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@package.json` at line 43, Update the biome.json $schema to match the installed `@biomejs/biome` version: change the "$schema" value in biome.json from the old 2.2.7 URL to the 2.4.5 schema URL so it corresponds to the dependency "@biomejs/biome": "2.4.5" declared in package.json; ensure the schema string exactly references version 2.4.5.

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile is out of sync with manifest changes (CI blocker).

Line 43-58 updates dependency specifiers and packageManager, and CI already reports specifier mismatches. Regenerate and commit pnpm-lock.yaml from this branch before merge.

#!/bin/bash
set -euo pipefail

python - <<'PY' > /tmp/updated-specs.txt
import json
d = json.load(open("package.json"))
for name in [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]:
    print(f"{name}@{d['devDependencies'][name]}")
PY

echo "Checking whether updated specs are present in pnpm-lock.yaml..."
while IFS= read -r spec; do
  if rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null; then
    echo "✓ $spec"
  else
    echo "✗ missing: $spec"
  fi
done < /tmp/updated-specs.txt

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The lockfile is out of sync with the
manifest changes: regenerate pnpm-lock.yaml so the updated devDependency
specifiers (e.g. "@biomejs/biome", "@types/node", "@vitest/coverage-v8",
"cspell", "lint-staged", "prettier", "sort-package-json", "tsdown", "vitest",
and others shown in package.json) and the packageManager value
("packageManager": "pnpm@10.30.3") are reflected in the lockfile; run the
appropriate pnpm command to update the lockfile (e.g. pnpm install or pnpm
install --lockfile-only with pnpm@10.30.3), verify pnpm-lock.yaml contains the
new specifiers, and commit the updated pnpm-lock.yaml to this branch before
merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The lockfile is out of sync with the manifest changes:
regenerate pnpm-lock.yaml so the updated devDependency specifiers (e.g.
"@biomejs/biome", "@types/node", "@vitest/coverage-v8", "cspell", "lint-staged",
"prettier", "sort-package-json", "tsdown", "vitest", and others shown in
package.json) and the packageManager value ("packageManager": "pnpm@10.30.3")
are reflected in the lockfile; run the appropriate pnpm command to update the
lockfile (e.g. pnpm install or pnpm install --lockfile-only with pnpm@10.30.3),
verify pnpm-lock.yaml contains the new specifiers, and commit the updated
pnpm-lock.yaml to this branch before merging.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 70899d20-39ca-4138-8de4-c1c9f93e60ee

📥 Commits

Reviewing files that changed from the base of the PR and between f80cd18 and 126ed1e.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile is out of sync with the updated specs (merge blocker).

CI already reports 9 specifier mismatches after these version bumps. Regenerate pnpm-lock.yaml with pnpm 10.30.3 and commit it with this PR.

#!/bin/bash
set -euo pipefail

python - <<'PY' | while read -r spec; do
import json
data = json.load(open("package.json"))
for p in [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]:
  print(f"{p}@{data['devDependencies'][p]}")
PY
  if rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null 2>&1; then
    echo "OK  $spec"
  else
    echo "MISS $spec"
  fi
done

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The pnpm lockfile is out of sync with the
bumped devDependencies in package.json (see packageManager "pnpm@10.30.3" and
the devDependencies like "@biomejs/biome", "@types/node", "@vitest/coverage-v8",
"cspell", "lint-staged", "prettier", "sort-package-json", "tsdown", "vitest");
regenerate pnpm-lock.yaml using pnpm 10.30.3 (e.g. run pnpm install with that
pnpm binary or use pnpm env to ensure version), verify the nine specifier
mismatches are resolved, and commit the updated pnpm-lock.yaml to the PR so CI
no longer reports missing specs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The pnpm lockfile is out of sync with the bumped
devDependencies in package.json (see packageManager "pnpm@10.30.3" and the
devDependencies like "@biomejs/biome", "@types/node", "@vitest/coverage-v8",
"cspell", "lint-staged", "prettier", "sort-package-json", "tsdown", "vitest");
regenerate pnpm-lock.yaml using pnpm 10.30.3 (e.g. run pnpm install with that
pnpm binary or use pnpm env to ensure version), verify the nine specifier
mismatches are resolved, and commit the updated pnpm-lock.yaml to the PR so CI
no longer reports missing specs.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2f94b670-c5a7-4d11-bfeb-68aae839b4b7

📥 Commits

Reviewing files that changed from the base of the PR and between 126ed1e and 34ae84c.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 43-56: The lockfile is out of sync with the package.json
dependencies (see entries like "@biomejs/biome", "typescript", "vitest", etc.),
causing CI to fail; to fix, run pnpm install using pnpm v10.30.3 to regenerate
pnpm-lock.yaml, verify the 9 mismatched specifiers are resolved, and commit the
updated pnpm-lock.yaml alongside your package.json changes so CI uses the synced
lockfile.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 57b9f566-da68-40fd-84de-fffbde1155d3

📥 Commits

Reviewing files that changed from the base of the PR and between 34ae84c and 56ec06b.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical

Commit the matching pnpm-lock.yaml.

Lines 43-58 change package specifiers and the pinned pnpm version, and CI is already reporting a manifest/lockfile mismatch. Regenerate pnpm-lock.yaml with pnpm 10.31.0 and include it in this PR.

#!/bin/bash
set -euo pipefail

python - <<'PY'
import json
import subprocess
import sys

try:
    import yaml
except ImportError:
    subprocess.check_call([sys.executable, "-m", "pip", "install", "-q", "pyyaml"])
    import yaml

with open("package.json") as f:
    pkg = json.load(f)
with open("pnpm-lock.yaml") as f:
    lock = yaml.safe_load(f)

root = lock.get("importers", {}).get(".", {})
lock_specs = {}
for section in ("dependencies", "devDependencies", "optionalDependencies"):
    for name, meta in root.get(section, {}).items():
        lock_specs[name] = meta.get("specifier") if isinstance(meta, dict) else meta

targets = [
    "@biomejs/biome",
    "@types/node",
    "@vitest/coverage-v8",
    "cspell",
    "lint-staged",
    "prettier",
    "sort-package-json",
    "tsdown",
    "vitest",
]

failed = False
for name in targets:
    manifest_version = pkg["devDependencies"][name]
    lockfile_version = lock_specs.get(name)
    ok = manifest_version == lockfile_version
    print(f'{"OK" if ok else "MISMATCH"} {name}: manifest={manifest_version} lockfile={lockfile_version}')
    failed |= not ok

sys.exit(1 if failed else 0)
PY

Expected result: every line prints OK. If not, the lockfile still needs regeneration.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The package manifest and pinned
packageManager were changed but the pnpm lockfile is out of sync; regenerate
pnpm-lock.yaml using pnpm@10.31.0 (as set in the packageManager field) so the
specifiers for the devDependencies (e.g., "@biomejs/biome", "@types/node",
"@vitest/coverage-v8", "cspell", "lint-staged", "prettier", "sort-package-json",
"tsdown", "vitest") match the lockfile, then add the updated pnpm-lock.yaml to
the PR and re-run CI to verify no manifest/lockfile mismatches.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The package manifest and pinned packageManager were changed
but the pnpm lockfile is out of sync; regenerate pnpm-lock.yaml using
pnpm@10.31.0 (as set in the packageManager field) so the specifiers for the
devDependencies (e.g., "@biomejs/biome", "@types/node", "@vitest/coverage-v8",
"cspell", "lint-staged", "prettier", "sort-package-json", "tsdown", "vitest")
match the lockfile, then add the updated pnpm-lock.yaml to the PR and re-run CI
to verify no manifest/lockfile mismatches.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1c6dbda2-8a41-467e-9e9f-64f77df142ee

📥 Commits

Reviewing files that changed from the base of the PR and between 56ec06b and b016a00.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (1)

package.json (1)

43-43: ⚠️ Potential issue | 🟡 Minor

Update Biome schema URL to match the bumped Biome version.
@biomejs/biome is 2.4.11, but biome.json still references schema 2.2.7 (biome.json:1). This can validate config against the wrong schema.

#!/bin/bash
set -euo pipefail

echo "package.json biome version:"
python - <<'PY'
import json
d=json.load(open("package.json"))
print(d["devDependencies"]["@biomejs/biome"])
PY

echo "biome.json schema:"
rg -n '\$schema' biome.json

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 43, package.json lists `@biomejs/biome` at 2.4.11 but
biome.json's $schema points to the older 2.2.7 schema; update the $schema value
in biome.json to the matching Biome schema for 2.4.11 (use the schemastore URL
for biome v2.4.11) so the config validates against the correct schema and stays
in sync with the `@biomejs/biome` version; ensure the $schema string reflects
"biome-2.4.11" (or the exact schemastore identifier) to match the devDependency
entry.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 43-58: The lockfile is out of sync with the package.json changes;
run pnpm v10.33.0 to regenerate pnpm-lock.yaml and commit it. Specifically, with
the updated dependencies and the "packageManager": "pnpm@10.33.0" entry present,
run pnpm install (or pnpm i) using pnpm 10.33.0 to produce an updated
pnpm-lock.yaml, verify CI passes (no ERR_PNPM_OUTDATED_LOCKFILE), and include
the regenerated pnpm-lock.yaml in the commit alongside the package.json changes.

---

Duplicate comments:
In `@package.json`:
- Line 43: package.json lists `@biomejs/biome` at 2.4.11 but biome.json's $schema
points to the older 2.2.7 schema; update the $schema value in biome.json to the
matching Biome schema for 2.4.11 (use the schemastore URL for biome v2.4.11) so
the config validates against the correct schema and stays in sync with the
`@biomejs/biome` version; ensure the $schema string reflects "biome-2.4.11" (or
the exact schemastore identifier) to match the devDependency entry.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7f86b28c-bca8-4fdb-ab8d-2ee0bcad80a9

📥 Commits

Reviewing files that changed from the base of the PR and between 89c0732 and 09113d7.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (3)

package.json (3)

43-43: ⚠️ Potential issue | 🟡 Minor

Biome schema likely stale after the bump.
Line 43 updates @biomejs/biome to 2.4.11, but context shows biome.json still references schema 2.2.7. Update the schema URL to match.

#!/bin/bash
set -euo pipefail
echo "package.json biome version:"
python - <<'PY'
import json
d=json.load(open("package.json"))
print(d["devDependencies"]["@biomejs/biome"])
PY

echo "biome.json schema:"
rg -n '\$schema' biome.json

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 43, package.json devDependency "@biomejs/biome" was
bumped to 2.4.11 but biome.json still points to the older schema version; open
biome.json and update the top-level "$schema" URL to the matching Biome schema
for 2.4.11 (replace the 2.2.7 segment with 2.4.11) so the schema version aligns
with the "@biomejs/biome" dependency.

53-53: ⚠️ Potential issue | 🟠 Major

Verify tsdown config migration before merging.
Line 53 jumps tsdown from 0.15.9 to 0.21.8; configs using deprecated keys (e.g. external) should be migrated/verified for v0.21 behavior.

#!/bin/bash
set -euo pipefail
echo "tsdown config files with deprecated keys:"
fd 'tsdown\.config\.(ts|js)$' -t f --exec rg -Hn '\bexternal\s*:|\bnoExternal\s*:' {}

echo ""
echo "potential old debug flag usage:"
rg -n '"--debug(?!-logs)"' package.json packages/*/package.json 2>/dev/null || true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 53, The package.json bump for the tsdown dependency
(the "tsdown" entry) may break configs that use deprecated keys; locate
tsdown.config.ts / tsdown.config.js files and update/verify any use of the
external or noExternal keys to the v0.21 API (rename/remove or convert according
to tsdown v0.21 docs), and search package.json and packages/*/package.json
scripts for deprecated debug flag usage like "--debug" (replace with the new
flag or remove) so the new tsdown version behaves correctly; ensure any config
migrations are applied in functions or modules that read tsdown configs and test
the build scripts after changes.

43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile is still out of sync (merge blocker).
Line 58 bumps toolchain/package manager context, and CI already fails pnpm install --frozen-lockfile with 9 specifier mismatches. Regenerate and commit pnpm-lock.yaml.

#!/bin/bash
set -euo pipefail

echo "== packageManager =="
python - <<'PY'
import json
d=json.load(open("package.json"))
print(d.get("packageManager"))
for p in ["@biomejs/biome","@types/node","@vitest/coverage-v8","cspell","lint-staged","prettier","sort-package-json","tsdown","vitest"]:
    print(f"{p}: {d['devDependencies'].get(p)}")
PY

echo "== lockfile specifier spot-check =="
for spec in \
  "@biomejs/biome@2.4.11" \
  "@types/node@22.19.17" \
  "@vitest/coverage-v8@4.1.4" \
  "cspell@9.8.0" \
  "lint-staged@16.4.0" \
  "prettier@3.8.2" \
  "sort-package-json@3.6.1" \
  "tsdown@0.21.8" \
  "vitest@4.1.4"
do
  rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null && echo "✓ $spec" || echo "✗ $spec"
done

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The lockfile is out of sync with
package.json (packageManager and devDependency versions changed); regenerate and
commit pnpm-lock.yaml to fix the 9 specifier mismatches: run pnpm install (or
pnpm install --lockfile-only) using the declared packageManager (pnpm@10.33.0)
so the lockfile reflects the devDependencies (e.g., `@biomejs/biome`, `@types/node`,
`@vitest/coverage-v8`, cspell, lint-staged, prettier, sort-package-json, tsdown,
vitest), verify the specifiers are present in pnpm-lock.yaml, and then commit
the updated pnpm-lock.yaml so CI passes pnpm install --frozen-lockfile.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Line 43: package.json devDependency "@biomejs/biome" was bumped to 2.4.11 but
biome.json still points to the older schema version; open biome.json and update
the top-level "$schema" URL to the matching Biome schema for 2.4.11 (replace the
2.2.7 segment with 2.4.11) so the schema version aligns with the
"@biomejs/biome" dependency.
- Line 53: The package.json bump for the tsdown dependency (the "tsdown" entry)
may break configs that use deprecated keys; locate tsdown.config.ts /
tsdown.config.js files and update/verify any use of the external or noExternal
keys to the v0.21 API (rename/remove or convert according to tsdown v0.21 docs),
and search package.json and packages/*/package.json scripts for deprecated debug
flag usage like "--debug" (replace with the new flag or remove) so the new
tsdown version behaves correctly; ensure any config migrations are applied in
functions or modules that read tsdown configs and test the build scripts after
changes.
- Around line 43-58: The lockfile is out of sync with package.json
(packageManager and devDependency versions changed); regenerate and commit
pnpm-lock.yaml to fix the 9 specifier mismatches: run pnpm install (or pnpm
install --lockfile-only) using the declared packageManager (pnpm@10.33.0) so the
lockfile reflects the devDependencies (e.g., `@biomejs/biome`, `@types/node`,
`@vitest/coverage-v8`, cspell, lint-staged, prettier, sort-package-json, tsdown,
vitest), verify the specifiers are present in pnpm-lock.yaml, and then commit
the updated pnpm-lock.yaml so CI passes pnpm install --frozen-lockfile.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c1fb4101-7e4b-4148-af5e-5bfc5fa5837a

📥 Commits

Reviewing files that changed from the base of the PR and between 09113d7 and 4f448f2.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical

Regenerate and commit pnpm-lock.yaml before merge.

These manifest/version bumps plus packageManager change are currently failing CI with ERR_PNPM_OUTDATED_LOCKFILE. Please run install with pnpm 10.33.0 and commit the refreshed lockfile.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The CI failure is due to an outdated
lockfile after the dependency and packageManager changes; run pnpm install using
pnpm@10.33.0 (to honor the packageManager field) to regenerate pnpm-lock.yaml,
verify tests/build locally, and commit the updated pnpm-lock.yaml alongside the
package.json changes so CI no longer reports ERR_PNPM_OUTDATED_LOCKFILE.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The CI failure is due to an outdated lockfile after the
dependency and packageManager changes; run pnpm install using pnpm@10.33.0 (to
honor the packageManager field) to regenerate pnpm-lock.yaml, verify tests/build
locally, and commit the updated pnpm-lock.yaml alongside the package.json
changes so CI no longer reports ERR_PNPM_OUTDATED_LOCKFILE.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9501b70e-039b-499d-9f2a-cde75d07c184

📥 Commits

Reviewing files that changed from the base of the PR and between 4f448f2 and c404870.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (4)

package.json (4)

53-53: ⚠️ Potential issue | 🟠 Major

Migrate tsdown configs before merging.

tsdown v0.21.0 deprecated external in favor of deps.neverBundle. Past comments identify two configs needing updates:

packages/convert/tsdown.config.ts
packages/reactivity/tsdown.config.ts

#!/bin/bash
# Locate configs using deprecated syntax
fd 'tsdown\.config\.(ts|js)$' --exec rg -Hn '\bexternal\s*:' {}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 53, Two tsdown configs still use the deprecated
external field; update both packages/convert/tsdown.config.ts and
packages/reactivity/tsdown.config.ts to replace external with deps.neverBundle
and move the array value under deps.neverBundle, preserving existing entries and
semantics; ensure any import/require that referenced external remains unchanged
and run the provided fd/rg check to verify no remaining "external:" occurrences.

58-61: 🧹 Nitpick | 🔵 Trivial

Align engines.pnpm with packageManager pin.

packageManager pins pnpm@10.33.0 but engines.pnpm allows >=10.17.1. Update to >=10.33.0 to match.

📝 Proposed alignment

   "engines": {
     "node": ">=22.14.0",
-    "pnpm": ">=10.17.1"
+    "pnpm": ">=10.33.0"
   },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 58 - 61, Update the engines constraint to match
the pinned packageManager version: change the engines.pnpm entry (currently
">=10.17.1") to ">=10.33.0" so it aligns with the packageManager value
"pnpm@10.33.0" (ensure you update the engines object where engines.pnpm is
defined).

43-56: ⚠️ Potential issue | 🔴 Critical

Critical: Lockfile out of sync, blocking CI.

Pipeline reports frozen-lockfile mismatch. Regenerate pnpm-lock.yaml using pnpm 10.33.0 and commit.

#!/bin/bash
# Verify lockfile sync
pnpm install --frozen-lockfile || echo "Lockfile mismatch detected"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 56, Regenerate the project's lockfile with
pnpm 10.33.0 to resolve the frozen-lockfile mismatch: run pnpm install using
pnpm@10.33.0 so pnpm-lock.yaml is updated to match package.json (dependencies
like `@biomejs/biome`, typescript, vitest, etc.), commit the updated
pnpm-lock.yaml, and re-run the provided verification command (pnpm install
--frozen-lockfile) to ensure CI will pass.

43-43: ⚠️ Potential issue | 🟡 Minor

Update biome.json schema to match dependency version.

Package uses @biomejs/biome 2.4.12 but biome.json likely references an older schema version.

#!/bin/bash
# Check biome.json schema version
rg '\$schema' biome.json

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 43, biome.json's $schema is out of sync with the
installed `@biomejs/biome` (2.4.12); open biome.json and update the "$schema"
value to the Biome v2 schema that matches the installed version (use the
official Biome/SchemaStore biome.json URL for the same major/minor release),
then re-run the check (e.g., rg '\$schema' biome.json) and validate that
linting/IDE schema resolution no longer reports mismatches; reference the
package.json dependency "@biomejs/biome" and the "biome.json" file when making
the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.nvmrc:
- Line 1: Update the Node version in .nvmrc (currently "22.22.2") to a Node 24
LTS release (replace the "22.22.2" value with the desired 24.x LTS version),
then update any CI/workflow variables or Dockerfiles that reference NODE_VERSION
or "22.22.2" so they use the same 24.x value and regenerate lockfiles/build
artifacts as needed to ensure compatibility.

---

Duplicate comments:
In `@package.json`:
- Line 53: Two tsdown configs still use the deprecated external field; update
both packages/convert/tsdown.config.ts and packages/reactivity/tsdown.config.ts
to replace external with deps.neverBundle and move the array value under
deps.neverBundle, preserving existing entries and semantics; ensure any
import/require that referenced external remains unchanged and run the provided
fd/rg check to verify no remaining "external:" occurrences.
- Around line 58-61: Update the engines constraint to match the pinned
packageManager version: change the engines.pnpm entry (currently ">=10.17.1") to
">=10.33.0" so it aligns with the packageManager value "pnpm@10.33.0" (ensure
you update the engines object where engines.pnpm is defined).
- Around line 43-56: Regenerate the project's lockfile with pnpm 10.33.0 to
resolve the frozen-lockfile mismatch: run pnpm install using pnpm@10.33.0 so
pnpm-lock.yaml is updated to match package.json (dependencies like
`@biomejs/biome`, typescript, vitest, etc.), commit the updated pnpm-lock.yaml,
and re-run the provided verification command (pnpm install --frozen-lockfile) to
ensure CI will pass.
- Line 43: biome.json's $schema is out of sync with the installed `@biomejs/biome`
(2.4.12); open biome.json and update the "$schema" value to the Biome v2 schema
that matches the installed version (use the official Biome/SchemaStore
biome.json URL for the same major/minor release), then re-run the check (e.g.,
rg '\$schema' biome.json) and validate that linting/IDE schema resolution no
longer reports mismatches; reference the package.json dependency
"@biomejs/biome" and the "biome.json" file when making the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: cb1db0ed-a344-48a1-a6fa-64ae9dc0982e

📥 Commits

Reviewing files that changed from the base of the PR and between c404870 and 6955db2.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai · 2026-04-17T13:34:55Z

@@ -1 +1 @@
-22.21.0
+22.22.2


🧹 Nitpick | 🔵 Trivial

Consider Node.js 24 LTS for extended active support.

Node.js 22 is in Maintenance LTS with support until April 2027, while Node.js 24 LTS has active support through April 2028. Version 22.22.2 is a security release that patches high-severity vulnerabilities, so the update is safe. Upgrading to 24 before April 2026 would provide npm v11 (65% faster installs) and a longer support window.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.nvmrc at line 1, Update the Node version in .nvmrc (currently "22.22.2") to a Node 24 LTS release (replace the "22.22.2" value with the desired 24.x LTS version), then update any CI/workflow variables or Dockerfiles that reference NODE_VERSION or "22.22.2" so they use the same 24.x value and regenerate lockfiles/build artifacts as needed to ensure compatibility.

coderabbitai

♻️ Duplicate comments (4)

package.json (4)
59-61: 🧹 Nitpick | 🔵 Trivial

Align engines.pnpm floor with pinned version.

packageManager pins 10.33.0 but engines.pnpm allows >=10.17.1. Consider updating to >=10.33.0 to match.
Proposed diff
   "engines": {
     "node": ">=22.14.0",
-    "pnpm": ">=10.17.1"
+    "pnpm": ">=10.33.0"
   },
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 59 - 61, Update the engines.pnpm floor to match
the pinned packageManager version: change the "engines.pnpm" constraint to
">=10.33.0" so it aligns with the "packageManager" field; update the JSON value
for the engines object (look for the engines.pnpm entry and the packageManager
entry) to ensure both reflect the same minimum pnpm version.
43-43: ⚠️ Potential issue | 🟠 Major

Update biome.json schema to 2.4.12.

$schema currently references 2.2.7. Update to https://biomejs.dev/schemas/2.4.12/schema.json.

Based on learnings: When biomejs/biome is updated in package.json, the $schema field in biome.json must be updated to match the new version.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 43, The biome schema version in biome.json must match
the installed `@biomejs/biome` version: update the "$schema" value in biome.json
from the old 2.2.7 URL to "https://biomejs.dev/schemas/2.4.12/schema.json" to
align with the `@biomejs/biome`: "2.4.12" entry in package.json; locate the
"$schema" key in biome.json and replace the version number in the URL
accordingly.
53-53: ⚠️ Potential issue | 🟠 Major

Update tsdown configs in packages/reactivity and packages/convert before merging.

tsdown v0.21.0 replaced deprecated external with deps.neverBundle. Both configs still use the old syntax and will fail to build.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 53, Update the tsdown config files in
packages/reactivity and packages/convert to use the new tsdown v0.21+ field
name: replace any "external" entries with "deps.neverBundle" (preserve the array
values and semantics) in the tsdown config objects so the build uses
deps.neverBundle instead of the deprecated external key; verify the top-level
"tsdown" dependency/version remains compatible (0.21.9 is fine) and run a local
build to confirm no remaining references to "external".
43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile out of sync—regenerate with updated versions.

Package.json has newer versions (@biomejs/biome@2.4.12, tsdown@0.21.9, vitest@4.1.4) but pnpm-lock.yaml has older ones (@biomejs/biome@2.2.7, tsdown@0.15.9, vitest@4.0.5). Run pnpm install and commit the updated pnpm-lock.yaml.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The pnpm lockfile is out of sync with
package.json: update pnpm-lock.yaml to match the newer versions listed in
package.json (e.g., `@biomejs/biome`@2.4.12, tsdown@0.21.9, vitest@4.1.4) by
running pnpm install using the declared packageManager (pnpm@10.33.0) so the
lockfile is regenerated, then add and commit the updated pnpm-lock.yaml
alongside your package.json changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 59-61: Update the engines.pnpm floor to match the pinned
packageManager version: change the "engines.pnpm" constraint to ">=10.33.0" so
it aligns with the "packageManager" field; update the JSON value for the engines
object (look for the engines.pnpm entry and the packageManager entry) to ensure
both reflect the same minimum pnpm version.
- Line 43: The biome schema version in biome.json must match the installed
`@biomejs/biome` version: update the "$schema" value in biome.json from the old
2.2.7 URL to "https://biomejs.dev/schemas/2.4.12/schema.json" to align with the
`@biomejs/biome`: "2.4.12" entry in package.json; locate the "$schema" key in
biome.json and replace the version number in the URL accordingly.
- Line 53: Update the tsdown config files in packages/reactivity and
packages/convert to use the new tsdown v0.21+ field name: replace any "external"
entries with "deps.neverBundle" (preserve the array values and semantics) in the
tsdown config objects so the build uses deps.neverBundle instead of the
deprecated external key; verify the top-level "tsdown" dependency/version
remains compatible (0.21.9 is fine) and run a local build to confirm no
remaining references to "external".
- Around line 43-58: The pnpm lockfile is out of sync with package.json: update
pnpm-lock.yaml to match the newer versions listed in package.json (e.g.,
`@biomejs/biome`@2.4.12, tsdown@0.21.9, vitest@4.1.4) by running pnpm install
using the declared packageManager (pnpm@10.33.0) so the lockfile is regenerated,
then add and commit the updated pnpm-lock.yaml alongside your package.json
changes.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6216899d-32f5-48f5-8147-7f832f9e4220

📥 Commits

Reviewing files that changed from the base of the PR and between 6955db2 and 85b8a7d.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile is stale and currently blocks merge.

CI already fails with ERR_PNPM_OUTDATED_LOCKFILE for the specifiers updated on Line 43–Line 56 and Line 58. Regenerate pnpm-lock.yaml with pnpm@10.33.0 and commit it with this manifest change.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The package manifest was updated (e.g.,
dependency specifiers like "@biomejs/biome", "@types/node",
"vite-tsconfig-paths", "vitest" and the "packageManager": "pnpm@10.33.0") but
the pnpm lockfile is out of date causing ERR_PNPM_OUTDATED_LOCKFILE; run
pnpm@10.33.0 locally (pnpm install) to regenerate pnpm-lock.yaml, verify no
other changes break CI, and commit the updated pnpm-lock.yaml alongside this
package.json change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The package manifest was updated (e.g., dependency
specifiers like "@biomejs/biome", "@types/node", "vite-tsconfig-paths", "vitest"
and the "packageManager": "pnpm@10.33.0") but the pnpm lockfile is out of date
causing ERR_PNPM_OUTDATED_LOCKFILE; run pnpm@10.33.0 locally (pnpm install) to
regenerate pnpm-lock.yaml, verify no other changes break CI, and commit the
updated pnpm-lock.yaml alongside this package.json change.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 060aa780-1277-4ce3-ac83-f99f1efbb2c2

📥 Commits

Reviewing files that changed from the base of the PR and between 85b8a7d and f89c81a.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical

Lockfile is out of sync with manifest (merge blocker).

CI already fails with ERR_PNPM_OUTDATED_LOCKFILE. The version bumps on Lines 43–56 plus packageManager on Line 58 require a regenerated pnpm-lock.yaml committed in this PR.

#!/bin/bash
set -euo pipefail

echo "Checking current manifest specs for bumped devDependencies..."
python - <<'PY'
import json
deps = [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]
with open("package.json") as f:
    pkg = json.load(f)
for d in deps:
    print(f"{d}@{pkg['devDependencies'][d]}")
PY

echo ""
echo "Checking whether these specifiers are present in pnpm-lock.yaml..."
python - <<'PY' > /tmp/specs.txt
import json
deps = [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]
with open("package.json") as f:
    pkg = json.load(f)
for d in deps:
    print(f"{d}@{pkg['devDependencies'][d]}")
PY

while IFS= read -r spec; do
  if rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null; then
    echo "✓ $spec"
  else
    echo "✗ missing: $spec"
  fi
done < /tmp/specs.txt

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, The lockfile is out of sync with the
bumped devDependencies and packageManager; regenerate and commit an updated
pnpm-lock.yaml so CI no longer errors with ERR_PNPM_OUTDATED_LOCKFILE. Run pnpm
install (or pnpm install --lockfile-only) to refresh the lockfile to match the
new versions for the listed devDependencies (e.g.
"@biomejs/biome","@types/node","@vitest/coverage-v8","cspell","lint-staged","prettier","sort-package-json","tsdown","vitest")
and the packageManager field, then add the updated pnpm-lock.yaml to the PR and
push the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The lockfile is out of sync with the bumped devDependencies
and packageManager; regenerate and commit an updated pnpm-lock.yaml so CI no
longer errors with ERR_PNPM_OUTDATED_LOCKFILE. Run pnpm install (or pnpm install
--lockfile-only) to refresh the lockfile to match the new versions for the
listed devDependencies (e.g.
"@biomejs/biome","@types/node","@vitest/coverage-v8","cspell","lint-staged","prettier","sort-package-json","tsdown","vitest")
and the packageManager field, then add the updated pnpm-lock.yaml to the PR and
push the change.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 62a6a6bd-4e4a-4bdc-ac40-378bbfaf9f97

📥 Commits

Reviewing files that changed from the base of the PR and between f89c81a and b1f9db9.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical

Refresh pnpm-lock.yaml with these manifest changes.

CI already reports a frozen-lockfile mismatch for these version bumps, so this PR is incomplete until the lockfile is regenerated and committed.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, Update the pnpm lockfile to match the
dependency bumps in package.json: run the package manager specified by the
packageManager field (pnpm@10.33.2) to regenerate pnpm-lock.yaml (e.g., pnpm
install) so the frozen-lockfile CI check passes, then add the updated
pnpm-lock.yaml to the commit; ensure the dependency versions listed (e.g.,
"@biomejs/biome", "@types/node", "prettier", "typescript", "vitest", etc.) in
package.json align with the regenerated lockfile.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: Update the pnpm lockfile to match the dependency bumps in
package.json: run the package manager specified by the packageManager field
(pnpm@10.33.2) to regenerate pnpm-lock.yaml (e.g., pnpm install) so the
frozen-lockfile CI check passes, then add the updated pnpm-lock.yaml to the
commit; ensure the dependency versions listed (e.g., "@biomejs/biome",
"@types/node", "prettier", "typescript", "vitest", etc.) in package.json align
with the regenerated lockfile.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 240909cb-bbf7-484c-8298-0a3f9c9e5fe0

📥 Commits

Reviewing files that changed from the base of the PR and between f01b71b and f72bd52.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (3)

package.json (3)

43-43: ⚠️ Potential issue | 🟠 Major

Biome dependency bumped, schema likely stale.

Line 43 updates @biomejs/biome, but biome.json still appears pinned to an older schema URL. Sync them to avoid config drift.

#!/bin/bash
set -euo pipefail

echo "package.json biome version:"
python - <<'PY'
import json
d=json.load(open("package.json"))
print(d["devDependencies"].get("@biomejs/biome"))
PY

echo "biome.json schema:"
rg -n '\$schema' biome.json

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 43, package.json was updated to a newer `@biomejs/biome`
version but biome.json still references an older $schema URL, causing config
drift; update the $schema entry in biome.json to the schema URL that matches the
bumped `@biomejs/biome` version (or regenerate/sync biome.json with the current
Biome CLI), ensuring the $schema field and any deprecated/renamed config keys
are adjusted to match the new version; look for the "@biomejs/biome" entry in
package.json and the "$schema" key in biome.json to locate and verify the
change.

58-58: ⚠️ Potential issue | 🔴 Critical

Lockfile mismatch is a merge blocker.

CI already fails frozen install due to specifier mismatch; commit a regenerated pnpm-lock.yaml matching this manifest/toolchain bump.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 58, The package manifest's packageManager was updated
to "pnpm@10.33.2" but the lockfile is out of sync; regenerate pnpm-lock.yaml
with the matching toolchain and commit it. Switch to pnpm v10.33.2 (or use a
container/CI image with that version), run pnpm install (or pnpm install
--lockfile-only) to produce an updated pnpm-lock.yaml, verify CI passes frozen
install, and add/commit the regenerated pnpm-lock.yaml to the branch so the
lockfile matches the packageManager specifier.

53-53: ⚠️ Potential issue | 🟠 Major

tsdown 0.21.x bump needs config migration check.

Line 53 upgrades tsdown to 0.21.10; configs still using external should be migrated to deps.neverBundle.

#!/bin/bash
set -euo pipefail

echo "tsdown config files using deprecated keys:"
fd 'tsdown\.config\.(ts|js)$' -t f --exec rg -n '\bexternal\s*:|\bnoExternal\s*:' {}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 53, The tsdown upgrade to 0.21.10 requires migrating
deprecated config keys: find any tsdown config files (e.g., tsdown.config.ts /
tsdown.config.js) that use the keys "external" or "noExternal" and replace them
with the new deps.neverBundle structure; update each occurrence of external:
[...] to deps: { neverBundle: [...] } (and migrate noExternal semantics into
deps.neverBundle as well), then run the provided search snippet (or grep/fd) to
verify no remaining external/noExternal usages and ensure tsdown still builds.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Line 43: package.json was updated to a newer `@biomejs/biome` version but
biome.json still references an older $schema URL, causing config drift; update
the $schema entry in biome.json to the schema URL that matches the bumped
`@biomejs/biome` version (or regenerate/sync biome.json with the current Biome
CLI), ensuring the $schema field and any deprecated/renamed config keys are
adjusted to match the new version; look for the "@biomejs/biome" entry in
package.json and the "$schema" key in biome.json to locate and verify the
change.
- Line 58: The package manifest's packageManager was updated to "pnpm@10.33.2"
but the lockfile is out of sync; regenerate pnpm-lock.yaml with the matching
toolchain and commit it. Switch to pnpm v10.33.2 (or use a container/CI image
with that version), run pnpm install (or pnpm install --lockfile-only) to
produce an updated pnpm-lock.yaml, verify CI passes frozen install, and
add/commit the regenerated pnpm-lock.yaml to the branch so the lockfile matches
the packageManager specifier.
- Line 53: The tsdown upgrade to 0.21.10 requires migrating deprecated config
keys: find any tsdown config files (e.g., tsdown.config.ts / tsdown.config.js)
that use the keys "external" or "noExternal" and replace them with the new
deps.neverBundle structure; update each occurrence of external: [...] to deps: {
neverBundle: [...] } (and migrate noExternal semantics into deps.neverBundle as
well), then run the provided search snippet (or grep/fd) to verify no remaining
external/noExternal usages and ensure tsdown still builds.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b886a6e9-b59d-4cb0-86d4-17bedac3c98e

📥 Commits

Reviewing files that changed from the base of the PR and between f72bd52 and 214ac5a.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Regenerate and commit the lockfile.

CI is already failing with ERR_PNPM_OUTDATED_LOCKFILE for these bumped specs. Please refresh pnpm-lock.yaml with pnpm 10.33.2 and include it in this PR.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 43 - 58, CI fails with ERR_PNPM_OUTDATED_LOCKFILE
because the dependency bumps in package.json aren't reflected in the lockfile;
run pnpm (matching packageManager "pnpm@10.33.2") install to regenerate
pnpm-lock.yaml, verify no local changes break the build, and commit the updated
pnpm-lock.yaml alongside your package.json changes so the lockfile and
packageManager stay in sync.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 43-58: CI fails with ERR_PNPM_OUTDATED_LOCKFILE because the
dependency bumps in package.json aren't reflected in the lockfile; run pnpm
(matching packageManager "pnpm@10.33.2") install to regenerate pnpm-lock.yaml,
verify no local changes break the build, and commit the updated pnpm-lock.yaml
alongside your package.json changes so the lockfile and packageManager stay in
sync.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0c40d2e7-e064-484b-90dc-60b27260c48a

📥 Commits

Reviewing files that changed from the base of the PR and between 5dfd3d9 and 8c0f926.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

Actionable comments posted: 3

♻️ Duplicate comments (1)

package.json (1)

58-61: 🧹 Nitpick | 🔵 Trivial | 💤 Low value

Consider aligning engines.pnpm floor with pinned version.

packageManager pins pnpm@10.33.4, but engines.pnpm allows >=10.17.1. Matching them reduces version drift.

Proposed alignment

   "engines": {
     "node": ">=22.14.0",
-    "pnpm": ">=10.17.1"
+    "pnpm": ">=10.33.4"
   },

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 58 - 61, The package.json currently pins
packageManager to "pnpm@10.33.4" but engines.pnpm allows ">=10.17.1", causing
version drift; update the engines.pnpm entry to match the pinned floor (e.g.,
">=10.33.4") so the minimum required pnpm aligns with packageManager; locate the
packageManager and engines.pnpm keys in package.json and change the engines.pnpm
value accordingly, then run your usual lockfile/install check to confirm no
regressions.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Around line 43-58: CI is failing due to an outdated pnpm lockfile for
dependencies listed in package.json; run pnpm install using the declared
packageManager version "pnpm@10.33.4" (ensure your local pnpm matches 10.33.4),
regenerate pnpm-lock.yaml, verify no other package.json changes, and commit the
updated pnpm-lock.yaml so the lockfile and the packageManager in package.json
are in sync.
- Line 53: Replace the deprecated external property in the tsdown config files:
find the tsdown.config.ts files that declare external: ['@deepnote/blocks'] and
change that config to use deps: { neverBundle: ['@deepnote/blocks'] } instead
(i.e., remove external and add deps.neverBundle with the same array); update
both occurrences referencing the external key and the '@deepnote/blocks' entry.
- Line 43: The package.json declares the Biome dependency "@biomejs/biome":
"2.4.14" but biome.json still points its $schema to the older 2.2.7 URL; update
the $schema value in biome.json to
"https://biomejs.dev/schemas/2.4.14/schema.json" so the schema version matches
the declared dependency version.

---

Duplicate comments:
In `@package.json`:
- Around line 58-61: The package.json currently pins packageManager to
"pnpm@10.33.4" but engines.pnpm allows ">=10.17.1", causing version drift;
update the engines.pnpm entry to match the pinned floor (e.g., ">=10.33.4") so
the minimum required pnpm aligns with packageManager; locate the packageManager
and engines.pnpm keys in package.json and change the engines.pnpm value
accordingly, then run your usual lockfile/install check to confirm no
regressions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 76d99820-ae45-4772-a74b-068b1c9f177a

📥 Commits

Reviewing files that changed from the base of the PR and between 85e982e and d608943.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai · 2026-05-07T14:17:56Z

-    "@biomejs/biome": "2.2.7",
-    "@types/node": "22.18.12",
-    "@vitest/coverage-v8": "4.0.5",
+    "@biomejs/biome": "2.4.14",


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Check current biome.json schema version rg '\$schema' biome.json

Repository: deepnote/deepnote

Length of output: 123

Update biome.json schema to 2.4.14.

The $schema field currently references https://biomejs.dev/schemas/2.2.7/schema.json but should match the dependency version 2.4.14. Update to https://biomejs.dev/schemas/2.4.14/schema.json.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` at line 43, The package.json declares the Biome dependency "@biomejs/biome": "2.4.14" but biome.json still points its $schema to the older 2.2.7 URL; update the $schema value in biome.json to "https://biomejs.dev/schemas/2.4.14/schema.json" so the schema version matches the declared dependency version.

coderabbitai · 2026-05-07T14:17:56Z

+    "lint-staged": "16.4.0",
+    "prettier": "3.8.3",
+    "sort-package-json": "3.6.1",
+    "tsdown": "0.21.10",


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Find tsdown configs using deprecated syntax fd 'tsdown\.config\.(ts|js)$' --exec rg -Hn '\bexternal\s*:' {} || echo "✓ No deprecated 'external' found"

Repository: deepnote/deepnote

Length of output: 241

Update tsdown.config.ts files for v0.21.0 breaking change.

The upgrade to v0.21.10 deprecated external in favor of deps.neverBundle. Update:

packages/convert/tsdown.config.ts:7

packages/reactivity/tsdown.config.ts:7

Replace external: ['@deepnote/blocks'] with deps: { neverBundle: ['@deepnote/blocks'] }.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` at line 53, Replace the deprecated external property in the tsdown config files: find the tsdown.config.ts files that declare external: ['@deepnote/blocks'] and change that config to use deps: { neverBundle: ['@deepnote/blocks'] } instead (i.e., remove external and add deps.neverBundle with the same array); update both occurrences referencing the external key and the '@deepnote/blocks' entry.

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Lockfile is still out of sync (merge blocker).

Lines 43-58 update specifiers, but CI is failing with ERR_PNPM_OUTDATED_LOCKFILE for these exact packages. Regenerate pnpm-lock.yaml with pnpm@10.33.4 and commit it with this manifest change.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The lockfile is out of sync with the
updated package specifiers and packageManager change; regenerate the pnpm
lockfile using pnpm@10.33.4 to match the manifest (packages like `@biomejs/biome`,
`@types/node`, vitest, vite-tsconfig-paths, etc. were updated) and commit the
updated pnpm-lock.yaml alongside the package.json change; ensure you run pnpm
with the specified packageManager version so the lockfile and packageManager
field remain consistent in CI.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The lockfile is out of sync with the updated package
specifiers and packageManager change; regenerate the pnpm lockfile using
pnpm@10.33.4 to match the manifest (packages like `@biomejs/biome`, `@types/node`,
vitest, vite-tsconfig-paths, etc. were updated) and commit the updated
pnpm-lock.yaml alongside the package.json change; ensure you run pnpm with the
specified packageManager version so the lockfile and packageManager field remain
consistent in CI.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: afadc309-633e-4a84-ad0a-c8e87363d27a

📥 Commits

Reviewing files that changed from the base of the PR and between d608943 and bb6b091.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (3)

package.json (3)
43-43: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update biome.json schema to 2.4.14.

The $schema field currently references 2.2.7 but must match the dependency version. Update to https://biomejs.dev/schemas/2.4.14/schema.json.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 43, The biome.json $schema needs to match the installed
`@biomejs/biome` version (2.4.14); open biome.json and update the "$schema" value
to "https://biomejs.dev/schemas/2.4.14/schema.json" so it aligns with the
package.json dependency, ensuring the "$schema" field is the only changed value.
43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Lockfile still out of sync—all CI blocked.

All 15 pipeline jobs fail: ERR_PNPM_OUTDATED_LOCKFILE for these 9 dependencies. Despite multiple prior flags marked "Addressed," the lockfile remains unsynced. Run pnpm install using pnpm 10.33.4, commit pnpm-lock.yaml.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The lockfile is out of sync causing
ERR_PNPM_OUTDATED_LOCKFILE; run pnpm install with the declared packageManager
version (pnpm@10.33.4) locally or in CI, ensuring the listed devDependencies
(e.g., "@biomejs/biome", "@types/node", "@vitest/coverage-v8",
"@xterm/headless", "cspell", "husky", "license-checker-rseidelsohn",
"lint-staged", "prettier", "sort-package-json", "tsdown", "typescript",
"vite-tsconfig-paths", "vitest") are resolved into the lockfile, then commit the
updated pnpm-lock.yaml to the repo so CI can proceed.
53-53: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Migrate tsdown configs for v0.21.0 breaking change.

The external option was deprecated in v0.21.0. Update in:

packages/convert/tsdown.config.ts:7

packages/reactivity/tsdown.config.ts:7

Replace external: ['@deepnote/blocks'] with deps: { neverBundle: ['@deepnote/blocks'] }.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 53, Two tsdown config files still use the deprecated
external option; open packages/convert/tsdown.config.ts and
packages/reactivity/tsdown.config.ts and replace the top-level external:
['@deepnote/blocks'] entry with deps: { neverBundle: ['@deepnote/blocks'] }
(i.e., remove the external key and add a deps object containing neverBundle for
'@deepnote/blocks') so the config matches v0.21.0+ expectations.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Line 43: The biome.json $schema needs to match the installed `@biomejs/biome`
version (2.4.14); open biome.json and update the "$schema" value to
"https://biomejs.dev/schemas/2.4.14/schema.json" so it aligns with the
package.json dependency, ensuring the "$schema" field is the only changed value.
- Around line 43-58: The lockfile is out of sync causing
ERR_PNPM_OUTDATED_LOCKFILE; run pnpm install with the declared packageManager
version (pnpm@10.33.4) locally or in CI, ensuring the listed devDependencies
(e.g., "@biomejs/biome", "@types/node", "@vitest/coverage-v8",
"@xterm/headless", "cspell", "husky", "license-checker-rseidelsohn",
"lint-staged", "prettier", "sort-package-json", "tsdown", "typescript",
"vite-tsconfig-paths", "vitest") are resolved into the lockfile, then commit the
updated pnpm-lock.yaml to the repo so CI can proceed.
- Line 53: Two tsdown config files still use the deprecated external option;
open packages/convert/tsdown.config.ts and packages/reactivity/tsdown.config.ts
and replace the top-level external: ['@deepnote/blocks'] entry with deps: {
neverBundle: ['@deepnote/blocks'] } (i.e., remove the external key and add a
deps object containing neverBundle for '@deepnote/blocks') so the config matches
v0.21.0+ expectations.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7cef8b16-eea0-4c89-a431-02de61f48c00

📥 Commits

Reviewing files that changed from the base of the PR and between bb6b091 and 32dc7d3.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Around line 43-58: The lockfile is out of sync with the package.json
dependencies listed (e.g., "@biomejs/biome", "@types/node", "typescript",
"vite-tsconfig-paths", "vitest", etc.) and the packageManager entry
"pnpm@10.33.4"; fix by running pnpm install with pnpm 10.33.4 (ensure your pnpm
CLI matches the "packageManager" value), then commit the updated pnpm-lock.yaml
to the repo so CI no longer fails with ERR_PNPM_OUTDATED_LOCKFILE.
- Line 43: Update the $schema value in biome.json to match the `@biomejs/biome`
dependency version in package.json: change the schema version from "2.2.7" to
"2.4.15" so the "$schema" field aligns with the "@biomejs/biome": "2.4.15"
dependency; locate and edit the "$schema" entry in biome.json to reflect the new
version.
- Line 53: The tsdown v0.21 `external` option is deprecated; update both
packages/reactivity/tsdown.config.ts and packages/convert/tsdown.config.ts by
replacing the top-level external: [...] entry with deps: { neverBundle: [...] }
so the same module list is preserved under deps.neverBundle (ensure the exported
config object uses the new shape compatible with tsdown v0.22.0 referenced in
package.json).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b018a5cd-eb5a-4b1c-b830-298438cd0264

📥 Commits

Reviewing files that changed from the base of the PR and between a299b02 and 2f92f89.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai · 2026-05-10T20:31:26Z

-    "@biomejs/biome": "2.2.7",
-    "@types/node": "22.18.12",
-    "@vitest/coverage-v8": "4.0.5",
+    "@biomejs/biome": "2.4.15",


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Check current biome.json schema version rg '\$schema' biome.json

Repository: deepnote/deepnote

Length of output: 123

Update biome.json schema version from 2.2.7 to 2.4.15.

The $schema field should match the @biomejs/biome dependency version specified in package.json.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` at line 43, Update the $schema value in biome.json to match the `@biomejs/biome` dependency version in package.json: change the schema version from "2.2.7" to "2.4.15" so the "$schema" field aligns with the "@biomejs/biome": "2.4.15" dependency; locate and edit the "$schema" entry in biome.json to reflect the new version.

coderabbitai · 2026-05-10T20:31:26Z

+    "lint-staged": "16.4.0",
+    "prettier": "3.8.3",
+    "sort-package-json": "3.6.1",
+    "tsdown": "0.22.0",


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Check for deprecated 'external' option in tsdown configs fd 'tsdown\.config\.(ts|js)$' --exec rg -Hn '\bexternal\s*:' {} || echo "✓ No deprecated syntax found"

Repository: deepnote/deepnote

Length of output: 237

Migrate tsdown configs from deprecated external to deps.neverBundle syntax for v0.22.

packages/reactivity/tsdown.config.ts:7 and packages/convert/tsdown.config.ts:7 still use the v0.21.0 external option, which is deprecated. Update both to use deps.neverBundle instead.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` at line 53, The tsdown v0.21 `external` option is deprecated; update both packages/reactivity/tsdown.config.ts and packages/convert/tsdown.config.ts by replacing the top-level external: [...] entry with deps: { neverBundle: [...] } so the same module list is preserved under deps.neverBundle (ensure the exported config object uses the new shape compatible with tsdown v0.22.0 referenced in package.json).

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Lockfile is still out of sync with these manifest bumps (merge blocker).

Line 43–58 updates 9 devDependency specifiers and packageManager, and CI is failing across jobs with ERR_PNPM_OUTDATED_LOCKFILE. Regenerate and commit pnpm-lock.yaml using pnpm 10.33.4.

#!/bin/bash
set -euo pipefail

# Read expected specifiers from package.json (read-only)
python - <<'PY' > /tmp/expected_specs.txt
import json
deps = [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]
pkg = json.load(open("package.json"))
for d in deps:
    print(f"{d}: {pkg['devDependencies'][d]}")
PY

echo "Verifying lockfile specifiers:"
missing=0
while IFS= read -r spec; do
  if rg -n --fixed-strings "$spec" pnpm-lock.yaml >/dev/null; then
    echo "OK   $spec"
  else
    echo "MISS $spec"
    missing=1
  fi
done < /tmp/expected_specs.txt

exit $missing

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The pnpm lockfile is out of sync with the
updated devDependency specifiers and packageManager; regenerate the lockfile
with pnpm 10.33.4 and commit it. Run pnpm install (using the packageManager
value "pnpm@10.33.4") to refresh pnpm-lock.yaml so the new versions for the
devDependencies listed (e.g., "@biomejs/biome", "@types/node",
"@vitest/coverage-v8", "cspell", "lint-staged", "prettier", "sort-package-json",
"tsdown", "vitest") are recorded, verify the updated pnpm-lock.yaml contains
those specifiers, and include the updated lockfile in the PR.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The pnpm lockfile is out of sync with the updated
devDependency specifiers and packageManager; regenerate the lockfile with pnpm
10.33.4 and commit it. Run pnpm install (using the packageManager value
"pnpm@10.33.4") to refresh pnpm-lock.yaml so the new versions for the
devDependencies listed (e.g., "@biomejs/biome", "@types/node",
"@vitest/coverage-v8", "cspell", "lint-staged", "prettier", "sort-package-json",
"tsdown", "vitest") are recorded, verify the updated pnpm-lock.yaml contains
those specifiers, and include the updated lockfile in the PR.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 882a6818-1754-48b5-a19d-3fd106898eb4

📥 Commits

Reviewing files that changed from the base of the PR and between 2f92f89 and 029c382.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Lockfile is stale after dependency specifier bumps (CI blocker).

Line 43–58 updates manifest specifiers and packageManager, and CI is failing with ERR_PNPM_OUTDATED_LOCKFILE. Regenerate and commit pnpm-lock.yaml using pnpm 10.33.4.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The package manifest was updated
(dependency specifier bumps and packageManager set to "pnpm@10.33.4") which made
the lockfile stale and triggered ERR_PNPM_OUTDATED_LOCKFILE in CI; fix by
regenerating pnpm-lock.yaml with the exact pnpm version specified: run pnpm
install using pnpm@10.33.4 (or use npx/pnpm wrapper to enforce that version),
verify no changes remain, then commit the updated pnpm-lock.yaml alongside the
package.json changes so CI uses the updated lockfile.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The package manifest was updated (dependency specifier
bumps and packageManager set to "pnpm@10.33.4") which made the lockfile stale
and triggered ERR_PNPM_OUTDATED_LOCKFILE in CI; fix by regenerating
pnpm-lock.yaml with the exact pnpm version specified: run pnpm install using
pnpm@10.33.4 (or use npx/pnpm wrapper to enforce that version), verify no
changes remain, then commit the updated pnpm-lock.yaml alongside the
package.json changes so CI uses the updated lockfile.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a8d744ac-4464-47b2-b474-fc9b04571627

📥 Commits

Reviewing files that changed from the base of the PR and between 029c382 and 5c71703.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)

43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Regenerate and commit pnpm-lock.yaml for these version bumps.

CI is blocked by ERR_PNPM_OUTDATED_LOCKFILE for the exact specifiers changed here, so this PR cannot merge until lockfile and manifest are synced.

#!/bin/bash
set -euo pipefail

python - <<'PY'
import json
from pathlib import Path

pkg = json.loads(Path("package.json").read_text())
lock = Path("pnpm-lock.yaml").read_text()

targets = [
  "@biomejs/biome",
  "@types/node",
  "@vitest/coverage-v8",
  "cspell",
  "lint-staged",
  "prettier",
  "sort-package-json",
  "tsdown",
  "vitest",
]

for name in targets:
  spec = pkg["devDependencies"][name]
  needle = f"{name}@{spec}"
  print(f"{needle}: {'FOUND' if needle in lock else 'MISSING'}")
PY

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The package.json devDependency version
bumps (e.g., "@biomejs/biome", "@types/node", "@vitest/coverage-v8", "cspell",
"lint-staged", "prettier", "sort-package-json", "tsdown", "vitest") are out of
sync with pnpm-lock.yaml causing ERR_PNPM_OUTDATED_LOCKFILE; regenerate the pnpm
lockfile (update pnpm-lock.yaml) so the exact specifiers in package.json are
present, then commit the updated pnpm-lock.yaml alongside the package.json
change and re-run CI to verify the error is resolved (ensure the packageManager
field remains unchanged).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The package.json devDependency version bumps (e.g.,
"@biomejs/biome", "@types/node", "@vitest/coverage-v8", "cspell", "lint-staged",
"prettier", "sort-package-json", "tsdown", "vitest") are out of sync with
pnpm-lock.yaml causing ERR_PNPM_OUTDATED_LOCKFILE; regenerate the pnpm lockfile
(update pnpm-lock.yaml) so the exact specifiers in package.json are present,
then commit the updated pnpm-lock.yaml alongside the package.json change and
re-run CI to verify the error is resolved (ensure the packageManager field
remains unchanged).

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 16927438-da05-488d-8a7d-f80503827f58

📥 Commits

Reviewing files that changed from the base of the PR and between 5c71703 and 4d44f40.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Lockfile is stale; CI is blocked.

Lines 43-58 change dependency specifiers and packageManager, but CI logs show frozen install failing with ERR_PNPM_OUTDATED_LOCKFILE. Regenerate and commit pnpm-lock.yaml with pnpm@10.33.4 to unblock merge.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The package change updated dependency
specifiers and packageManager but the lockfile is stale; regenerate
pnpm-lock.yaml using pnpm@10.33.4 (the version declared in packageManager) on
your machine/CI, verify the install completes without
ERR_PNPM_OUTDATED_LOCKFILE, commit the updated pnpm-lock.yaml alongside the
package.json change, and ensure packageManager remains set to "pnpm@10.33.4" so
installs in CI use the same pnpm version.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The package change updated dependency specifiers and
packageManager but the lockfile is stale; regenerate pnpm-lock.yaml using
pnpm@10.33.4 (the version declared in packageManager) on your machine/CI, verify
the install completes without ERR_PNPM_OUTDATED_LOCKFILE, commit the updated
pnpm-lock.yaml alongside the package.json change, and ensure packageManager
remains set to "pnpm@10.33.4" so installs in CI use the same pnpm version.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: af453506-139c-40d1-b7c8-048b5f7aa4ee

📥 Commits

Reviewing files that changed from the base of the PR and between 4d44f40 and 7855199.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Regenerate pnpm-lock.yaml to match these specifier bumps (merge blocker).

Line 43-Line 58 changed manifest specifiers, but CI shows ERR_PNPM_OUTDATED_LOCKFILE for these exact deps. Regenerate and commit lockfile with the pinned toolchain (pnpm@10.33.4), otherwise install will keep failing under --frozen-lockfile.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The pnpm lockfile is out of sync with the
bumped devDependencies and the packageManager pin; regenerate the lockfile using
the pinned pnpm version and commit it: run pnpm@10.33.4 (e.g., npx pnpm@10.33.4
install or switch to that pnpm and run pnpm install) to produce an updated
pnpm-lock.yaml that reflects the changed specifiers (the dependencies block and
packageManager entry), verify no ERR_PNPM_OUTDATED_LOCKFILE in CI, and commit
the resulting pnpm-lock.yaml alongside the package.json change.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The pnpm lockfile is out of sync with the bumped
devDependencies and the packageManager pin; regenerate the lockfile using the
pinned pnpm version and commit it: run pnpm@10.33.4 (e.g., npx pnpm@10.33.4
install or switch to that pnpm and run pnpm install) to produce an updated
pnpm-lock.yaml that reflects the changed specifiers (the dependencies block and
packageManager entry), verify no ERR_PNPM_OUTDATED_LOCKFILE in CI, and commit
the resulting pnpm-lock.yaml alongside the package.json change.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 835b1964-e64e-4ee4-9dc9-293664f008e1

📥 Commits

Reviewing files that changed from the base of the PR and between 7855199 and 701f482.

📒 Files selected for processing (2)

.nvmrc
package.json

coderabbitai

♻️ Duplicate comments (1)

package.json (1)
43-58: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Lockfile is still out of sync and blocks CI.

Line 43–58 updates specifiers, but CI shows ERR_PNPM_OUTDATED_LOCKFILE for these exact packages. Regenerate and commit pnpm-lock.yaml using the pinned toolchain (pnpm@10.33.4) before merge.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 43 - 58, The lockfile is out of sync with the
updated dependency specifiers in package.json (the dependencies block and the
packageManager field set to pnpm@10.33.4); regenerate pnpm-lock.yaml using the
pinned pnpm toolchain (pnpm@10.33.4) locally (or in CI) and commit the updated
pnpm-lock.yaml so the ERR_PNPM_OUTDATED_LOCKFILE is resolved before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Around line 43-58: The lockfile is out of sync with the updated dependency
specifiers in package.json (the dependencies block and the packageManager field
set to pnpm@10.33.4); regenerate pnpm-lock.yaml using the pinned pnpm toolchain
(pnpm@10.33.4) locally (or in CI) and commit the updated pnpm-lock.yaml so the
ERR_PNPM_OUTDATED_LOCKFILE is resolved before merging.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5e829204-7eb8-4017-b38c-ceed0c157197

📥 Commits

Reviewing files that changed from the base of the PR and between d5fb228 and 52f6680.

📒 Files selected for processing (2)

.nvmrc
package.json

renovate Bot added dependencies renovate labels Mar 2, 2026

coderabbitai Bot requested changes Mar 2, 2026

View reviewed changes

Comment thread package.json Outdated

renovate Bot force-pushed the renovate/non-major branch from 27488c8 to 54ca4b2 Compare March 2, 2026 07:37

coderabbitai Bot reviewed Mar 2, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 54ca4b2 to 1d7003f Compare March 2, 2026 07:53

coderabbitai Bot previously approved these changes Mar 2, 2026

View reviewed changes

renovate Bot dismissed coderabbitai[bot]’s stale review via 49f2c26 March 2, 2026 11:23

renovate Bot force-pushed the renovate/non-major branch from 1d7003f to 49f2c26 Compare March 2, 2026 11:23

coderabbitai Bot reviewed Mar 2, 2026

View reviewed changes

coderabbitai Bot approved these changes Mar 2, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch 2 times, most recently from 01943f5 to 5481be7 Compare March 3, 2026 11:22

coderabbitai Bot requested changes Mar 3, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 5481be7 to 639b865 Compare March 3, 2026 17:05

coderabbitai Bot reviewed Mar 3, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 639b865 to be8f580 Compare March 4, 2026 21:53

coderabbitai Bot reviewed Mar 4, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from be8f580 to f80cd18 Compare March 5, 2026 20:07

coderabbitai Bot requested changes Mar 5, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from f80cd18 to 126ed1e Compare March 6, 2026 13:02

coderabbitai Bot reviewed Mar 6, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 126ed1e to 34ae84c Compare March 6, 2026 17:01

coderabbitai Bot reviewed Mar 6, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 34ae84c to 56ec06b Compare March 7, 2026 02:09

coderabbitai Bot requested changes Mar 7, 2026

View reviewed changes

Comment thread package.json Outdated

renovate Bot force-pushed the renovate/non-major branch from 56ec06b to b016a00 Compare March 9, 2026 01:58

coderabbitai Bot reviewed Mar 9, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 89c0732 to 09113d7 Compare April 11, 2026 05:41

coderabbitai Bot requested changes Apr 11, 2026

View reviewed changes

Comment thread package.json Outdated

renovate Bot force-pushed the renovate/non-major branch from 09113d7 to 4f448f2 Compare April 14, 2026 14:37

coderabbitai Bot reviewed Apr 14, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 4f448f2 to c404870 Compare April 16, 2026 09:26

coderabbitai Bot reviewed Apr 16, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from c404870 to 6955db2 Compare April 17, 2026 13:31

coderabbitai Bot requested changes Apr 17, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 6955db2 to 85b8a7d Compare April 21, 2026 15:19

coderabbitai Bot reviewed Apr 21, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from 85b8a7d to f89c81a Compare April 22, 2026 07:19

coderabbitai Bot reviewed Apr 22, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch from f89c81a to b1f9db9 Compare April 22, 2026 15:56

coderabbitai Bot reviewed Apr 22, 2026

View reviewed changes

renovate Bot force-pushed the renovate/non-major branch 2 times, most recently from 493bc8a to f01b71b Compare April 23, 2026 16:46

coderabbitai Bot reviewed Apr 24, 2026

View reviewed changes

coderabbitai Bot reviewed May 2, 2026

View reviewed changes

coderabbitai Bot requested changes May 7, 2026

View reviewed changes

coderabbitai Bot reviewed May 7, 2026

View reviewed changes

coderabbitai Bot reviewed May 8, 2026

View reviewed changes

coderabbitai Bot requested changes May 10, 2026

View reviewed changes

coderabbitai Bot reviewed May 12, 2026

View reviewed changes

coderabbitai Bot reviewed May 13, 2026

View reviewed changes

coderabbitai Bot reviewed May 14, 2026

View reviewed changes

chore(deps): update non-major dependencies

52f6680

coderabbitai Bot reviewed May 15, 2026

View reviewed changes

Conversation

renovate Bot commented Mar 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Configuration

Uh oh!

renovate Bot commented Mar 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Artifact update problem

File name: pnpm-lock.yaml

Uh oh!

coderabbitai Bot commented Mar 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Estimated code review effort

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

renovate Bot commented Mar 2, 2026 •

edited

Loading

renovate Bot commented Mar 2, 2026 •

edited

Loading

coderabbitai Bot commented Mar 2, 2026 •

edited

Loading