feat(deps): bump dependencies within current major ranges#300
Merged
Conversation
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis PR consolidates dependency updates (npm packages, Docker pins), switches the TypeScript build to automatic JSX runtime with import path aliases, refactors landing and header call-to-action elements from MUI Link wrappers to UiButton href usage, normalizes MUI component layout props to sx arrays, updates tests for the new CTA link semantics, and revises the logo-navigation memory-leak test scenario to rely on pathname monitoring. ChangesDependency and code maintenance
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
No issues found across 5 files
Confidence score: 5/5
- Automated review surfaced no issues in the provided summaries.
- No files require special attention.
Architecture diagram
sequenceDiagram
participant Dev as Developer Workflow
participant CI as CI/CD Pipeline
participant Dep as Dependabot
participant Pkg as package.json
participant Lock as pnpm-lock.yaml
participant Build as Build System
participant Test as Test Runner
participant Lint as Linter
participant Type as TypeScript
participant UI as UI Components
participant TestLib as Testing Library
Note over Dev,TestLib: Dependency Update & Verification Flow
Dep->>Dep: Check for updates within current major ranges
alt Minor/Patch updates found
Dep->>Pkg: Update version ranges
Dep->>Lock: Regenerate lockfile
end
Dev->>Pkg: Review updated versions
Dev->>Lock: Verify lockfile consistency
Note over Pkg,Lock: Pinned & Held Versions
alt @playwright/test pinned at 1.57.0
Pkg->>Build: Ensure consistent playwright-core types
end
alt eslint-plugin-react-hooks held at 7.0.1
Pkg->>Lint: Prevent set-state-in-effect error promotion
end
Note over UI,TestLib: Component Adaptations
alt UiInput onInput typing updated
UI->>Type: Resolve InputEventHandler via TextFieldProps['onInput']
Type-->>UI: Satisfied type constraint
end
alt Drawer test updated for MUI exit transition
TestLib->>UI: fireEvent.click(exitButton)
UI->>UI: Start exit animation
TestLib->>TestLib: await waitFor drawer removal
UI-->>TestLib: Drawer unmounted
end
Note over Dev,TestLib: Verification Pipeline
Build->>Pkg: pnpm install --frozen-lockfile
Build-->>Dev: Dependencies installed
Type->>Lock: tsc type checking
Type-->>Dev: All types pass
Lint->>Pkg: eslint with updated plugin versions
Lint-->>Dev: No lint errors
Test->>TestLib: Run 353 client + server unit tests
TestLib->>UI: Component rendering checks
Test-->>Dev: All tests pass
Build->>Build: next build --webpack
Build-->>Dev: Production build succeeds
CI->>Dev: All checks green, PR mergable
Tip: cubic can generate docs of your entire codebase and keep them up to date. Try it here.
Re-trigger cubic
RudoiDmytro
dismissed stale reviews from cubic-dev-ai[bot] and coderabbitai[bot]
via
45426ce
Refresh the minor/patch updates from the pending dependabot feat(deps) PRs in one pass (pnpm update), keeping every package within its current major. The breaking majors (MUI 9, i18next 26, react-i18next 17, TypeScript 6, ESLint 10, uuid 14, dotenv-expand 13) are deferred to dedicated follow-up PRs. Adaptations required by the bumps: - Pin @playwright/test to 1.57.0 to match the exact-pinned playwright package (Playwright.Dockerfile uses v1.57.0). The caret had drifted it to 1.60.0, mixing two incompatible playwright-core type versions. - Hold eslint-plugin-react-hooks at 7.0.1. 7.1 promotes set-state-in-effect to an error, which flags existing code and needs a component refactor (deferred; inline eslint-disable is banned repo-wide). - UiInput: type onInput via TextFieldProps['onInput'] to match the new InputEventHandler typing in @types/react 19.2.15. - Drawer test: await waitFor for drawer removal (MUI 7.3.11 unmounts after the exit transition), matching the sibling close tests. Verified locally: frozen install, tsc, eslint, markdownlint, client + server unit tests (353), and production next build all pass.
Add update-types: [minor, patch] to the all-deps group so major version bumps arrive as individual PRs instead of being bundled into one large breaking grouped PR.
Alpine's 3.21 mirror no longer serves the exact patch versions pinned in the images, so `apk add` fails and breaks the container CI jobs: - Dockerfile: python3 3.12.12-r0 -> 3.12.13-r0 (blocks test, visual, mutation, performance via the prod image build). - MemoryLeak.Dockerfile: ca-certificates 20250911-r0 -> 20260413-r0 (blocks memory-leak-testing). Both corrected pins verified to resolve in the node:23.11.1-alpine3.21 base image.
RudoiDmytro
force-pushed
the
chore/deps-safe-bulk-update
branch
from
45426ce to
824ac89
Compare
Contributor
Author
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
Contributor
Author
|
@cubic-dev-ai review |
@RudoiDmytro I have started the AI code review. It will take a few minutes to complete. |
There was a problem hiding this comment.
No issues found across 7 files
Confidence score: 5/5
- Automated review surfaced no issues in the provided summaries.
- No files require special attention.
Architecture diagram
sequenceDiagram
participant Dev as Developer
participant Dep as Dependabot
participant CI as CI Pipeline
participant TS as TypeScript
participant ESLint
participant Jest
participant Src as Source Code
Note over Dev,Src: NEW: Dependency update pipeline (minor/patch only)
Dep->>Dev: Create PR with minor/patch updates (no breaking majors)
Dev->>CI: Trigger CI (push or PR)
CI->>CI: pnpm install --frozen-lockfile (new lockfile)
CI->>TS: tsc --noEmit
alt @playwright/test version mismatch (1.57.0 vs caret)
TS->>Src: Error: incompatible playwright-core types
Src->>Src: CHANGED: Pin @playwright/test to exact 1.57.0
end
CI->>ESLint: eslint .
alt eslint-plugin-react-hooks 7.1 promotes set-state-in-effect error
ESLint->>Src: Error in TooltipWrapper
Src->>Src: CHANGED: Hold eslint-plugin-react-hooks at 7.0.1
end
CI->>Jest: jest --coverage
alt Drawer test fails (MUI 7.3.11 unmount timing)
Jest->>Src: expect(drawer).not.toBeInDocument() fails
Src->>Src: CHANGED: Use await waitFor for drawer removal
end
CI->>TS: tsc --noEmit
alt UiInput onInput type mismatch (@types/react 19.2.15)
TS->>Src: Error: onInput signature incompatible
Src->>Src: CHANGED: Use TextFieldProps['onInput'] instead of raw handler
end
CI-->>Dev: All tests pass (353) & build OK
Note over Dev,Src: NEW: Dependabot config limits all-deps to minor+patch only
Note over Dev,Src: Dockerfiles updated (python3, ca-certificates) to fix CI builds
Tip: cubic can generate docs of your entire codebase and keep them up to date. Try it here.
Re-trigger cubic
RudoiDmytro
dismissed stale reviews from cubic-dev-ai[bot] and coderabbitai[bot]
via
ef08484
RudoiDmytro
force-pushed
the
chore/deps-safe-bulk-update
branch
from
ef08484 to
821e6a4
Compare
There was a problem hiding this comment.
1 issue found across 52 files (changes from recent commits).
Tip: Review your code locally with the cubic CLI to iterate faster.
Re-trigger cubic
Upgrade the remaining breaking majors (previously deferred) in one pass: - @mui/material + @mui/system 7 -> 9 - typescript 5 -> 6 - i18next 25 -> 26, react-i18next 16 -> 17 - uuid 13 -> 14, dotenv-expand 12 -> 13 - eslint-plugin-react-hooks 7.0 -> 7.1 Code adaptations: - MUI v9 removed direct CSS system props on Stack/Box; moved them into sx (and flexDirection -> direction) across ~16 components. Behavior is preserved (identical resulting CSS). - TypeScript 6: removed the deprecated baseUrl (a hard error in TS7) and made the path mappings relative; inlined paths into tsconfig.json (Next 16 under TS6 doesn't read paths via extends), removed tsconfig.paths.json, and converted the one bare root-relative import in _app.tsx to a relative path. Added *.css/*.scss ambient declarations so side-effect imports type-check without next-env.d.ts. Adopted Next's mandated jsx: react-jsx and dropped 30 now-unused `import React` lines (the automatic runtime is already configured in babel and eslint). - eslint-plugin-react-hooks 7.1: refactored TooltipWrapper off setState-in-effect (state derived during render) for the new rule. ESLint 10 is intentionally not included: eslint-plugin-react and the airbnb configs do not support ESLint 10 yet. Verified locally: frozen install, tsc, eslint, markdownlint, client + server unit tests (353), and production next build all pass.
RudoiDmytro
force-pushed
the
chore/deps-safe-bulk-update
branch
from
821e6a4 to
9123c9e
Compare
Contributor
Author
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
coderabbitai
Bot
added
the
dependencies
There was a problem hiding this comment.
0 issues found across 18 files (changes from recent commits).
Requires human review: Auto-approval blocked by 1 unresolved issue from previous reviews.
Re-trigger cubic
ef4c8a6 regressed the header "try it out" CTA from <UiButton href> to <Link href><UiButton component="span">, which renders <a><span role="button" tabindex="0"></a> — interactive content nested in an anchor: two tab stops for one control, conflicting role/keyboard semantics (Space-activated span that never navigates), axe nested-interactive, WCAG 4.1.2 (Name, Role, Value, Level A). Restore the single-element pattern introduced in f7dbda7: <UiButton href="#signUp"> renders one <a class="MuiButton..." href>, role=link, one tab stop, no nesting. Drop the now-unused Link import and the orphaned `link` style (without migrating its color:'inherit', which would override the contained button's text color). Add a regression test asserting the CTA is a single link with no nested interactive descendant.
Resolve qlty fmt CI check: expand inline maps to block YAML in pnpm-lock.yaml, add trailing newline to dependabot.yml, and collapse multi-line JSX/call expressions in Drawer and the logoNavigation memory-leak test. Formatting only; no dependency, logic, or behavior changes.
Contributor
Author
|
@coderabbitai review |
✅ Action performedReview finished.
|
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (2)
src/components/UiButton/index.tsx (1)
6-18: ⚡ Quick winMAJOR: UiButton still drops standard Button/anchor attributes
UiButtonnow supportshref, but it still blocks pass-through attrs (target,rel,aria-*,id,data-*, etc.) because only a fixed prop subset is forwarded. This becomes limiting for link semantics and a11y/security hardening.Minimal patch
function UiButton({ variant, size, disabled, fullWidth, component, onClick, type, href, children, sx, name, + ...rest }: UiButtonProps): React.ReactElement { - const componentProps = component ? { component } : {}; - const hrefProps = href ? { href } : {}; return ( <ThemeProvider theme={theme}> <Button variant={variant} size={size} disabled={disabled} fullWidth={fullWidth} type={type} onClick={onClick} sx={sx} name={name} - {...componentProps} - {...hrefProps} + component={component} + href={href} + {...rest} > {children} </Button> </ThemeProvider> ); }Also applies to: 24-35
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/components/UiButton/index.tsx` around lines 6 - 18, UiButton currently destructures a fixed prop list and drops standard native/button/link attributes (target, rel, aria-*, id, data-*, etc.); change the component to accept and forward the rest props: update the function signature to collect a rest object (e.g. function UiButton({ variant, size, disabled, fullWidth, component, onClick, type, href, children, sx, name, ...rest }: UiButtonProps & React.ButtonHTMLAttributes<HTMLButtonElement> & React.AnchorHTMLAttributes<HTMLAnchorElement>)), then spread {...rest} onto the rendered element (the anchor when href is present or the button otherwise) so native attributes are preserved; keep existing props/behavior and ensure types still cover both button and anchor attributes when forwarding.src/features/landing/components/AboutUs/TextInfo/TextInfo.tsx (1)
22-25: ⚡ Quick winMINOR: Avoid
React.CSSPropertiescast on MUIsxCasting
sxtoReact.CSSPropertiesbypasses MUI system typing. Use nativesxcomposition instead.Minimal patch
<UiButton href="`#signUp`" - sx={{ ...styles.link, ...styles.button } as React.CSSProperties} + sx={[styles.link, styles.button]} variant="contained" size="medium" >🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/features/landing/components/AboutUs/TextInfo/TextInfo.tsx` around lines 22 - 25, The UiButton usage is casting the sx prop to React.CSSProperties which bypasses MUI system typing; remove the cast and pass a proper sx composition instead (e.g. sx={{ ...styles.link, ...styles.button }}), and if TypeScript complains update the styles.* definitions to use Mx SxProps/Theme types (or SxProps) so that styles.link and styles.button are compatible with the sx prop on UiButton.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/sandbox-creating.yml:
- Around line 158-162: The PR extraction code treats a missing PR_NUMBER as
fatal and exits, which breaks push-triggered runs; update the block that reads
RESPONSE/PR_NUMBER so it only fails for pull_request events (or when a PR is
required) rather than unconditionally. Concretely, modify the conditional around
PR_NUMBER (and the exit) to check GITHUB_EVENT_NAME (or an explicit flag) and
only call echo "::error::..."; exit 1 when GITHUB_EVENT_NAME == "pull_request"
(or the flag indicates a PR is required); otherwise allow PR_NUMBER to be empty
and continue (preserve BRANCH_NAME usage for push flows). Ensure the variables
PR_NUMBER, RESPONSE and BRANCH_NAME remain unchanged.
In @.github/workflows/sandbox-deleting.yml:
- Around line 73-80: The PR_NUMBER extraction currently queries GET
/repos/.../pulls and parses RESPONSE into PR_NUMBER, which fails when the PR is
closed; replace that network lookup with the event payload value by setting
PR_NUMBER to the GitHub Actions expression github.event.pull_request.number (use
the existing "Get PR Number" step and the PR_NUMBER variable) so the workflow
reads the PR number directly from the pull_request.closed event instead of
calling the pulls API.
In `@src/test/e2e/click-button.spec.ts`:
- Around line 56-57: The locator drawerTryItNowButton is using page.getByRole
and can match other CTAs; instead scope the query to the opened drawer container
before clicking. Update the test to first locate the drawer element (e.g.,
assign a locator like drawerContainer or drawerLocator for the open drawer) and
then call drawerContainer.getByRole(...) to create drawerTryItNowButton, then
await drawerTryItNowButton.click(); this ensures the getByRole is limited to the
drawer context and avoids ambiguity with other page CTAs.
In `@src/test/unit/logoNavigationMemoryLeak.test.ts`:
- Around line 9-13: The MockPage mock used in these tests is missing
waitForFunction so tests only exercise the fallback waitForNavigation path;
update the MockPage type and the createPage/mock factory to include a jest.Mock
waitForFunction and add the corresponding test case(s) that assert
waitForFunction is called by waitForPath (in logoNavigation.js), ensuring the
primary production branch is covered instead of only the fallback branch.
---
Nitpick comments:
In `@src/components/UiButton/index.tsx`:
- Around line 6-18: UiButton currently destructures a fixed prop list and drops
standard native/button/link attributes (target, rel, aria-*, id, data-*, etc.);
change the component to accept and forward the rest props: update the function
signature to collect a rest object (e.g. function UiButton({ variant, size,
disabled, fullWidth, component, onClick, type, href, children, sx, name, ...rest
}: UiButtonProps & React.ButtonHTMLAttributes<HTMLButtonElement> &
React.AnchorHTMLAttributes<HTMLAnchorElement>)), then spread {...rest} onto the
rendered element (the anchor when href is present or the button otherwise) so
native attributes are preserved; keep existing props/behavior and ensure types
still cover both button and anchor attributes when forwarding.
In `@src/features/landing/components/AboutUs/TextInfo/TextInfo.tsx`:
- Around line 22-25: The UiButton usage is casting the sx prop to
React.CSSProperties which bypasses MUI system typing; remove the cast and pass a
proper sx composition instead (e.g. sx={{ ...styles.link, ...styles.button }}),
and if TypeScript complains update the styles.* definitions to use Mx
SxProps/Theme types (or SxProps) so that styles.link and styles.button are
compatible with the sx prop on UiButton.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 1e741e9b-0927-4968-b206-b4552529eb74
⛔ Files ignored due to path filters (16)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlsrc/test/visual/visualComparison.spec.ts-snapshots/uk-desktop-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualComparison.spec.ts-snapshots/uk-desktop2-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualComparison.spec.ts-snapshots/uk-full-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualComparison.spec.ts-snapshots/uk-tablet-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualComparison.spec.ts-snapshots/uk-tablet2-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationError.spec.ts-snapshots/uk-desktop-error-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationError.spec.ts-snapshots/uk-desktop2-error-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationError.spec.ts-snapshots/uk-full-error-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationError.spec.ts-snapshots/uk-tablet-error-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationError.spec.ts-snapshots/uk-tablet2-error-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationSuccess.spec.ts-snapshots/uk-desktop-success-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationSuccess.spec.ts-snapshots/uk-desktop2-success-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationSuccess.spec.ts-snapshots/uk-full-success-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationSuccess.spec.ts-snapshots/uk-tablet-success-webkit-linux.pngis excluded by!**/*.pngsrc/test/visual/visualNotificationSuccess.spec.ts-snapshots/uk-tablet2-success-webkit-linux.pngis excluded by!**/*.png
📒 Files selected for processing (27)
.github/dependabot.yml.github/workflows/sandbox-creating.yml.github/workflows/sandbox-deleting.ymlsrc/components/UiButton/index.tsxsrc/components/UiButton/types.tssrc/components/UiCardItem/CardContent.tsxsrc/features/landing/components/AboutUs/TextInfo/TextInfo.tsxsrc/features/landing/components/AuthSection/SocialItem/SocialItem.tsxsrc/features/landing/components/ForWhoSection/Cards/Cards.tsxsrc/features/landing/components/ForWhoSection/MainTitle/MainTitle.tsxsrc/features/landing/components/Header/AuthButtons/AuthButtons.tsxsrc/features/landing/components/Header/AuthButtons/styles.tssrc/features/landing/components/Header/Drawer/Drawer.tsxsrc/features/landing/components/WhyUs/WhyUs.tsxsrc/features/landing/components/WhyUs/styles.tssrc/test/e2e/click-button.spec.tssrc/test/memory-leak/tests/logoNavigation.jssrc/test/testing-library/AuthButtons.test.tsxsrc/test/testing-library/Cards.test.tsxsrc/test/testing-library/Drawer.test.tsxsrc/test/testing-library/ForWhoSection.test.tsxsrc/test/testing-library/MainTitle.test.tsxsrc/test/testing-library/Socialitem.test.tsxsrc/test/testing-library/TextInfo.test.tsxsrc/test/testing-library/UiCardItem.test.tsxsrc/test/testing-library/WhyUs.test.tsxsrc/test/unit/logoNavigationMemoryLeak.test.ts
💤 Files with no reviewable changes (2)
- src/features/landing/components/Header/AuthButtons/styles.ts
- .github/dependabot.yml
🚧 Files skipped from review as they are similar to previous changes (2)
- src/features/landing/components/Header/Drawer/Drawer.tsx
- src/test/testing-library/Drawer.test.tsx
There was a problem hiding this comment.
5 issues found across 9 files (changes from recent commits).
Tip: Review your code locally with the cubic CLI to iterate faster.
Re-trigger cubic
|
You're iterating quickly on this pull request. To help protect your rate limits, cubic has paused automatic reviews on new pushes for now—when you're ready for another review, comment |
Contributor
Author
|
@coderabbitai review |
✅ Action performedReview finished.
|
![qltysh[bot]](https://avatars.githubusercontent.com/in/890766?s=60&v=4){kind=small}
Contributor
Author
|
@cubic-dev-ai review |
@RudoiDmytro I have started the AI code review. It will take a few minutes to complete. |
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
Kravalg
approved these changes
Jun 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Consolidates the pending dependabot
feat(deps)updates into a single PR: first the safe minor/patch refresh, then the breaking major upgrades, plus dependabot-config hardening and a couple of unrelated CI-infra fixes that were blocking the container jobs.Dependency updates
Minor/patch (within current majors): next 16.2.6, @apollo/client 4.x, @apollo/server 5.5.1, sentry 10.55, storybook 10.4.1, swiper 12.2, typescript-eslint 8.60, prettier 3.8.3, jest 30.4.x, … (~60 packages).
Majors:
@mui/material+@mui/system7 → 9typescript5 → 6i18next25 → 26,react-i18next16 → 17uuid13 → 14,dotenv-expand12 → 13eslint-plugin-react-hooks7.0 → 7.1Code adaptations required by the majors
Stack/Box; moved them intosx(andflexDirection→direction) across ~16 components — identical resulting CSS, no visual change intended.ignoreDeprecations: "6.0"for the deprecatedbaseUrl; inlinedpathsintotsconfig.json(Next 16 under TS6 doesn't readpathsviaextends) and removedtsconfig.paths.json; adopted Next's mandatedjsx: react-jsxand removed 30 now-unusedimport Reactlines (automatic runtime already configured in babel + eslint).TooltipWrapperoffsetState-in-effect (state derived during render) for the newset-state-in-effectrule.1.57.0to match the Docker-pinnedplaywright; @types/react 19.2.15onInputtyping inUiInput; MUI 7.3.11 Drawer testwaitFor.Other changes
.github/dependabot.yml—update-types: [minor, patch]on theall-depsgroup so majors arrive as individual PRs.Dockerfile+MemoryLeak.Dockerfile— re-pinned drifted Alpine apk versions (python33.12.12→3.12.13-r0,ca-certificates20250911→20260413-r0) that were breaking all container CI jobs (pre-existing, unrelated to deps).Supersedes / to close
#297 (all-deps group), #296 (next), #293 (@apollo/server), #284 (storybook), #282 (swiper), #298 (uuid), #199 (brace-expansion, already on
main).Verification
Local, all green:
pnpm install --frozen-lockfile,tsc,eslint,markdownlint, client + server unit tests (353 passing), and productionnext build --webpack.