release: 8.2537.106

[jihun]

Summary by CodeRabbit

• Chores
  • Updated app and tooling dependencies to latest patch versions for stability, performance, and security.
  • Improved developer tooling (linting, TypeScript, Babel) and workspace catalog versions.
  • Upgraded CI Node setup action to the latest major version.
  • Adjusted automated dependency update rules to maintain compatibility for a specific package.
• Notes
  • No user-facing features or behavior changes expected.

[coderabbitai]

Walkthrough

This PR updates dependency versions across multiple packages, pins nuqs via Renovate configuration, bumps the ESLint catalog in pnpm-workspace, and upgrades a GitHub Action. No source logic or public API declarations are changed.

Changes

Cohort / File(s)	Summary of Changes
API dependencies apps/api/package.json	Bump: @aws-sdk/client-s3 ^3.879.0 → ^3.884.0, @aws-sdk/s3-request-presigner ^3.879.0 → ^3.884.0, @fastify/multipart ^9.0.3 → ^9.2.1, dotenv ^17.2.1 → ^17.2.2, luxon ^3.7.1 → ^3.7.2, mysql2 ^3.14.4 → ^3.14.5; dev: @types/node 22.18.0 → 22.18.1, @typescript-eslint/parser ^8.42.0 → ^8.43.0
E2E dev dependencies apps/e2e/package.json	Dev bump: mysql2 ^3.14.4 → ^3.14.5
Web app deps + Renovate pin apps/web/package.json, renovate.json	Web bumps: @tanstack/react-query/devtools ^5.85.9 → ^5.87.1, i18next ^25.4.2 → ^25.5.2, pino ^9.9.0 → ^9.9.4; nuqs ^2.5.2 → 2.4.3 (pinned). Renovate: add rule restricting nuqs to <= 2.4.3
Workspace catalog pnpm-workspace.yaml	Catalog bump: eslint ^9.34.0 → ^9.35.0
UI package dependency packages/ufb-react/package.json	Bump: lucide-react ^0.542.0 → ^0.543.0
Tooling: ESLint config package tooling/eslint/package.json	Bump: typescript-eslint ^8.42.0 → ^8.43.0
Tooling: Prettier package tooling/prettier/package.json	Dev bump: @types/node 22.18.0 → 22.18.1
CI setup action tooling/github/setup/action.yml	Upgrade actions/setup-node from v4 → v5 (config unchanged)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• release: 8.2533.99 #1958 — Similar dependency and tooling/CI version bumps across workspace and actions.

Suggested reviewers

• chiol

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title concisely indicates that this PR is a release update to version 8.2537.106, which accurately reflects the overarching purpose of the dependency and configuration version bumps that comprise this changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

tooling/prettier/package.json (1)

20-20: LGTM; consider centralizing @types/node via catalog.

To keep versions aligned across the workspace, add @types/node to pnpm-workspace.yaml catalog.

Apply in pnpm-workspace.yaml:

 catalog:
   eslint: ^9.35.0
   prettier: ^3.5.3
   tailwindcss: ^3.4.17
   typescript: ^5.8.3
+  @types/node: ^22.18.1

tooling/github/setup/action.yml (1)

7-11: Recommend ordering setup-node before pnpm/action-setup.

Ensures PNPM installs under the intended Node version. Also consider caching lockfiles from monorepo roots.

 runs:
   using: composite
   steps:
-    - uses: pnpm/action-setup@v4
-    - uses: actions/setup-node@v5
+    - uses: actions/setup-node@v5
       with:
         node-version-file: ".nvmrc"
         cache: "pnpm"
+        cache-dependency-path: |
+          pnpm-lock.yaml
+          apps/**/pnpm-lock.yaml
+          packages/**/pnpm-lock.yaml
+          tooling/**/pnpm-lock.yaml
+    - uses: pnpm/action-setup@v4

renovate.json (1)

12-16: Nuqs pin: add rangeStrategy at rule level to preserve exact pin.

Without this, future updates might reintroduce ranges. Keep the pin stable until you’re ready to upgrade.

   {
     "matchPackageNames": ["nuqs"],
-    "allowedVersions": "<=2.4.3"
+    "allowedVersions": "<=2.4.3",
+    "rangeStrategy": "replace"
   }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 33993bc and 9e9dddf.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (9)

• apps/api/package.json (3 hunks)
• apps/e2e/package.json (1 hunks)
• apps/web/package.json (4 hunks)
• packages/ufb-react/package.json (1 hunks)
• pnpm-workspace.yaml (1 hunks)
• renovate.json (1 hunks)
• tooling/eslint/package.json (1 hunks)
• tooling/github/setup/action.yml (1 hunks)
• tooling/prettier/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: integration-test
• GitHub Check: publish-api-docs

🔇 Additional comments (9)

tooling/eslint/package.json (1)

27-27: Bump to typescript-eslint ^8.43.0 looks good.

Matches ESLint ^9.35.0 and TS 5.x in catalog. Please watch for peer warning noise in CI.

packages/ufb-react/package.json (1)

39-39: lucide-react patch bump is safe.

No API changes expected; tree-shaking unaffected.

pnpm-workspace.yaml (1)

7-7: ESLint catalog -> ^9.35.0 is fine.

Plugins in tooling/eslint appear compatible.

apps/e2e/package.json (1)

12-12: mysql2 patch bump for e2e is fine.

No test harness changes needed.

apps/api/package.json (1)

29-32: Adjust dotenv imports for ESM-only upgrade

• Files under apps/api/src/domains/** and apps/api/src/configs/mysql.config.ts all use
  import dotenv from 'dotenv' (with no explicit dotenv.config()), which will break when upgrading to v17 (ESM-only). Move your dotenv load to a top-level entrypoint with
  import 'dotenv/config' or pin dotenv to v16.x.

apps/web/package.json (4)

73-73: @babel/core patch bump approved
Verified that only apps/web/package.json declares “@babel/core” at ^7.28.4 and no conflicting versions exist in the workspace.

---

55-56: Confirm nuqs API compatibility with v2.4.3
Lockfile resolution shows [email protected] is locked (no caret) in pnpm-lock.yaml and apps/web/package.json; review all import/require('nuqs') statements and ensuing nuqs.* usages to ensure no calls to features added after v2.4.x.

---

31-32: React Query bump verified; please smoke-test SSR & Devtools
Imports for @tanstack/react-query and @tanstack/react-query-devtools are wired throughout the app (e.g. in _app.tsx, hooks, and UI components). No breaking changes expected—run a quick SSR render and verify the Devtools overlay locally to be safe.

---

47-47: Verify no runtime deprecation warnings after bumping i18next to ^25.5.2 – code uses next-i18next’s HOC (no direct i18next.init calls detected); check startup logs for any i18next warnings.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

@types/node 22.18.1: align across packages and with runtime Node.

---

🏁 Script executed:

#!/bin/bash
# Ensure all packages use the same @types/node and capture declared engines
rg -nP '"@types/node"\s*:\s*"[^\"]+"' -g '!**/node_modules/**'
rg -nP '"engines"\s*:\s*\{[^}]*"node"\s*:\s*"[^\"]+"' -n -C1 package.json pnpm-workspace.yaml || true

Length of output: 148

---

🏁 Script executed:

#!/bin/bash
set -e

# For each package.json (excluding node_modules), list @types/node and Node engine settings
for file in $(find . -type f -name 'package.json' -not -path '*/node_modules/*'); do
  echo "=== $file ==="
  echo "- @types/node dependency:"
  rg -Hn -C1 '"@types/node"\s*:\s*".+"' "$file" || echo "  (none)"
  echo "- engines block:"
  rg -Hn -C1 '"engines":' "$file" || echo "  (none)"
  echo "- node engine version:"
  rg -Hn -C1 '"node"\s*:\s*".+"' "$file" || echo "  (none)"
  echo
done

Length of output: 2454

---

Align @types/node with runtime Node version
Bump @types/node from 22.18.1 to 22.19.0 in:

• apps/api/package.json (line 97)
• apps/web/package.json (line 82)
• tooling/prettier/package.json (line 20)
  to match the root package’s engines.node ≥22.19.0.

🤖 Prompt for AI Agents

In apps/web/package.json around line 82, @types/node is pinned to 22.18.1 but
the repo's runtime requires Node ≥22.19.0; update the @types/node entry to
"22.19.0" to match the root engines.node and also ensure the same bump is
applied to apps/api/package.json (line 97) and tooling/prettier/package.json
(line 20) so all packages are consistent.