build(deps): bump multiple dependencies in the npm_and_yarn group

[romantech]

PR Type

Enhancement

---

Description

• Bump 28 npm dependencies to latest versions

• Update core packages: React Query, Jotai, React Hook Form

• Update dev tools: TypeScript, Vite, ESLint plugins

• Update styling and analytics packages

---

Diagram Walkthrough

flowchart LR
  A["package.json"] -- "Update 28 dependencies" --> B["Core Dependencies"]
  A -- "Update 20 dev dependencies" --> C["Dev Dependencies"]
  B -- "includes" --> D["React Query, Jotai, Axios"]
  C -- "includes" --> E["TypeScript, Vite, ESLint"]
  F["pnpm-lock.yaml"] -- "Lock file sync" --> G["Dependency Resolution"]

Loading

File Walkthrough

Relevant files

Dependencies

package.json Update 28 npm package versions                                                      package.json Bumped @emotion/styled from ^11.14.0 to ^11.14.1 Upgraded @tanstack/react-query from ^5.80.7 to ^5.90.17 Updated jotai from ^2.12.5 to ^2.16.2 Bumped react-hook-form from ^7.57.0 to ^7.71.1 Updated sass from ^1.89.2 to ^1.97.2 Upgraded TypeScript from ^5.8.3 to ^5.9.3 Updated 22 additional dependencies across dependencies and devDependencies +24/-24  pnpm-lock.yaml Sync lock file with dependency updates                                      pnpm-lock.yaml Regenerated lock file to reflect all dependency version updates Updated dependency resolution tree for 28 packages Ensured consistency with package.json changes +1613/-1675

---

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
syntax-analyzer	Ready	Preview, Comment	Jan 14, 2026 2:09pm

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Dependency behavior changes: Dependency upgrades may change or disable existing audit logging behavior, but the diff contains no application code to verify that critical actions are still logged with required context. Referred Code "dependencies": { "@chakra-ui/react": "^2.10.9", "@emotion/react": "^11.14.0", "@emotion/styled": "^11.14.1", "@fingerprintjs/fingerprintjs": "3.4.2", "@formkit/auto-animate": "^0.8.4", "@hookform/resolvers": "^3.10.0", "@lottiefiles/react-lottie-player": "^3.6.0", "@tanstack/react-query": "^5.90.17", "@tsparticles/engine": "^3.9.1", "@tsparticles/preset-links": "^3.2.0", "@tsparticles/react": "^3.0.0", "@vercel/analytics": "^1.6.1", "@vercel/speed-insights": "^1.3.1", "axios": "^1.13.2", "clsx": "^2.1.1", "date-fns": "^3.6.0", "framer-motion": "^11.18.2", "jotai": "^2.16.2", "nanoid": "^5.1.6", "qs": "^6.14.1", ... (clipped 37 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Runtime error semantics: Upgraded runtime libraries (e.g., axios, @tanstack/react-query, react-hook-form) can alter error shapes and edge-case handling, but no relevant code changes are shown to confirm robust handling remains intact. Referred Code "dependencies": { "@chakra-ui/react": "^2.10.9", "@emotion/react": "^11.14.0", "@emotion/styled": "^11.14.1", "@fingerprintjs/fingerprintjs": "3.4.2", "@formkit/auto-animate": "^0.8.4", "@hookform/resolvers": "^3.10.0", "@lottiefiles/react-lottie-player": "^3.6.0", "@tanstack/react-query": "^5.90.17", "@tsparticles/engine": "^3.9.1", "@tsparticles/preset-links": "^3.2.0", "@tsparticles/react": "^3.0.0", "@vercel/analytics": "^1.6.1", "@vercel/speed-insights": "^1.3.1", "axios": "^1.13.2", "clsx": "^2.1.1", "date-fns": "^3.6.0", "framer-motion": "^11.18.2", "jotai": "^2.16.2", "nanoid": "^5.1.6", "qs": "^6.14.1", ... (clipped 9 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Error exposure risk: Dependency upgrades may change default error messages/stack handling (including devtools packages), but the diff provides no application-layer validation that user-facing errors remain generic. Referred Code "dependencies": { "@chakra-ui/react": "^2.10.9", "@emotion/react": "^11.14.0", "@emotion/styled": "^11.14.1", "@fingerprintjs/fingerprintjs": "3.4.2", "@formkit/auto-animate": "^0.8.4", "@hookform/resolvers": "^3.10.0", "@lottiefiles/react-lottie-player": "^3.6.0", "@tanstack/react-query": "^5.90.17", "@tsparticles/engine": "^3.9.1", "@tsparticles/preset-links": "^3.2.0", "@tsparticles/react": "^3.0.0", "@vercel/analytics": "^1.6.1", "@vercel/speed-insights": "^1.3.1", "axios": "^1.13.2", "clsx": "^2.1.1", "date-fns": "^3.6.0", "framer-motion": "^11.18.2", "jotai": "^2.16.2", "nanoid": "^5.1.6", "qs": "^6.14.1", ... (clipped 14 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Telemetry/devtools changes: New/updated packages such as @vercel/analytics, @vercel/speed-insights, and @tanstack/react-query-devtools could affect telemetry/logging outputs, but no configuration or logging code is shown to confirm sensitive data is not emitted. Referred Code "@vercel/analytics": "^1.6.1", "@vercel/speed-insights": "^1.3.1", "axios": "^1.13.2", "clsx": "^2.1.1", "date-fns": "^3.6.0", "framer-motion": "^11.18.2", "jotai": "^2.16.2", "nanoid": "^5.1.6", "qs": "^6.14.1", "react": "^18.3.1", "react-dom": "^18.3.1", "react-error-boundary": "^4.1.2", "react-hook-form": "^7.71.1", "react-icons": "^5.5.0", "react-router-dom": "^6.30.3", "sass": "^1.97.2", "yup": "^1.7.1" }, "devDependencies": { "@hookform/devtools": "^4.4.0", "@tanstack/eslint-plugin-query": "^5.91.2", ... (clipped 2 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Input/data handling shifts: Upgrading client/network and validation-related dependencies (e.g., axios, yup) may change defaults affecting input validation/data handling, but the diff contains no usage changes to verify continued secure validation and sanitization. Referred Code "axios": "^1.13.2", "clsx": "^2.1.1", "date-fns": "^3.6.0", "framer-motion": "^11.18.2", "jotai": "^2.16.2", "nanoid": "^5.1.6", "qs": "^6.14.1", "react": "^18.3.1", "react-dom": "^18.3.1", "react-error-boundary": "^4.1.2", "react-hook-form": "^7.71.1", "react-icons": "^5.5.0", "react-router-dom": "^6.30.3", "sass": "^1.97.2", "yup": "^1.7.1" }, Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

No code suggestions found for the PR.