Bump dependencies

[RobinMalfait]

This PR bumps some of our dependencies, common dependencies were moved to pnpm's catalog feature.

Closes #20092
Closes #20085
Closes #20075
Closes #20066
Closes #20062

Test plan

• All tests still pass
• Each dependency was published some time ago. Webpack has an even newer version that was published <15min ago. Will update that one later.

[ci-all]

[greptile-apps]

Confidence Score: 5/5

This is a routine dependency-bump PR with no logic changes to production code; all modifications are in package manifests, lockfile, and test infrastructure.

Every change is either a version number update, a catalog refactor that preserves the resolved version (verified in the lockfile), or a targeted test-infrastructure fix with a clear explanation. The Playwright workaround is well-commented and scoped only to Windows CI. No production paths were modified.

No files require special attention.

_{Reviews (2): Last reviewed commit: "update playwright config" | Re-trigger Greptile}

[coderabbitai]

Walkthrough

This PR centralizes dependency version management by introducing a pnpm workspace catalog in pnpm-workspace.yaml with exact pinned versions for common tools, then updates individual packages across the workspace to reference these catalog versions via catalog: syntax instead of explicit semver ranges. It also bumps several tooling and playground dependency versions (Playwright, Turbo, Vitest, React/react-dom, Bun, @types/react) and updates Playwright configs and a test teardown to close the server after tests complete.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title "Bump dependencies" clearly and concisely summarizes the main change—updating various project dependencies across package files.
Description check	✅ Passed	The description directly relates to the changeset, explaining that dependencies were bumped and moved to pnpm's catalog feature, with references to closed issues and a test plan.
Linked Issues check	✅ Passed	The PR successfully addresses all five linked issues: @types/bun and bun bumped to 1.3.14 [#20092,#20085], semver bumped to 7.8.0 [#20062], turbo security update to 2.9.14 [#20066], @playwright/test bumped to 1.60.0 [#20075], with corresponding playwright config updates for compatibility.
Out of Scope Changes check	✅ Passed	All changes are directly related to the stated objective of bumping dependencies and moving common ones to pnpm catalog; playwright config updates are necessary compatibility changes for the Playwright 1.60.0 minor version update.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

package.json (1)

51-51: 💤 Low value

Consider adding dev tooling to the catalog.

The dependencies @playwright/test, turbo, and vitest are updated directly rather than via the catalog. If these tools are used across multiple packages in the workspace, centralizing their versions in the catalog would improve consistency and simplify future updates.

Also applies to: 59-59, 61-61

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 51, The package.json currently pins dev tools directly
(e.g., "`@playwright/test`", "turbo", "vitest") rather than referencing the
workspace catalog; move these tool versions into the centralized catalog entries
and replace the direct version pins in this package.json with the catalog
references (so all packages consume the catalog-managed versions). Locate the
occurrences of "`@playwright/test`", "turbo", and "vitest" in the current
dependency/devDependency lists, remove or replace their hardcoded versions with
the catalog keys, and add/update the corresponding entries in the catalog so
future updates are applied consistently across the workspace.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@package.json`:
- Line 51: The package.json currently pins dev tools directly (e.g.,
"`@playwright/test`", "turbo", "vitest") rather than referencing the workspace
catalog; move these tool versions into the centralized catalog entries and
replace the direct version pins in this package.json with the catalog references
(so all packages consume the catalog-managed versions). Locate the occurrences
of "`@playwright/test`", "turbo", and "vitest" in the current
dependency/devDependency lists, remove or replace their hardcoded versions with
the catalog keys, and add/update the corresponding entries in the catalog so
future updates are applied consistently across the workspace.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 08d5547d-3058-4589-a03b-016c617bad6c

📥 Commits

Reviewing files that changed from the base of the PR and between 161569a and f59e0ec.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (12)

• integrations/package.json
• package.json
• packages/@tailwindcss-cli/package.json
• packages/@tailwindcss-node/package.json
• packages/@tailwindcss-postcss/package.json
• packages/@tailwindcss-standalone/package.json
• packages/@tailwindcss-upgrade/package.json
• packages/tailwindcss/package.json
• playgrounds/nextjs/package.json
• playgrounds/v3/package.json
• playgrounds/vite/package.json
• pnpm-workspace.yaml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/`@tailwindcss-browser/tests/ui.spec.ts:
- Around line 12-14: The afterAll hook unconditionally calls server.close(),
which will throw if the server failed to be created; update test.afterAll to
defensively check that the server exists and has a close method before awaiting
it (e.g., guard using a null/undefined check or typeof/instance check) so
test.afterAll only calls server.close() when server is initialized and closable;
reference the test.afterAll hook and server.close invocation when making the
change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 66abbf02-6d19-4dfd-af8e-54f1619e8cc9

📥 Commits

Reviewing files that changed from the base of the PR and between f59e0ec and 0901afa.

📒 Files selected for processing (3)

• packages/@tailwindcss-browser/playwright.config.ts
• packages/@tailwindcss-browser/tests/ui.spec.ts
• packages/tailwindcss/playwright.config.ts

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add defensive check for server cleanup.

If beforeAll fails to create the server, afterAll will still execute and attempt to call server.close() on an undefined value, causing a runtime error. Add a guard to handle this case.

🛡️ Proposed fix to add defensive check

 test.afterAll(async () => {
-  await server.close()
+  if (server) {
+    await server.close()
+  }
 })

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	test.afterAll(async () => {
	await server.close()
	})
	test.afterAll(async () => {
	if (server) {
	await server.close()
	}
	})

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/`@tailwindcss-browser/tests/ui.spec.ts around lines 12 - 14, The
afterAll hook unconditionally calls server.close(), which will throw if the
server failed to be created; update test.afterAll to defensively check that the
server exists and has a close method before awaiting it (e.g., guard using a
null/undefined check or typeof/instance check) so test.afterAll only calls
server.close() when server is initialized and closable; reference the
test.afterAll hook and server.close invocation when making the change.