fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.4.0 → ^2.5.0			devDependencies	minor
@changesets/changelog-github (source)	^0.5.2 → ^0.7.0			devDependencies	minor
@changesets/cli (source)	^2.29.8 → ^2.31.0			devDependencies	minor
@effect/cli (source)	^0.73.2 → ^0.75.2			dependencies	minor
@effect/cluster (source)	^0.56.4 → ^0.59.0			dependencies	minor
@effect/experimental (source)	^0.58.0 → ^0.60.0			dependencies	minor
@effect/platform (source)	^0.94.5 → ^0.96.1			dependencies	minor
@effect/platform-node (source)	^0.104.1 → ^0.107.0			dependencies	minor
@effect/printer (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/printer-ansi (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/rpc (source)	^0.73.1 → ^0.75.1			dependencies	minor
@effect/sql (source)	^0.49.0 → ^0.51.1			dependencies	minor
@effect/typeclass (source)	^0.38.0 → ^0.40.0			dependencies	minor
@effect/vitest (source)	^0.27.0 → ^0.29.0			devDependencies	minor
@effect/workflow (source)	^0.16.0 → ^0.18.2			dependencies	minor
@eslint-community/eslint-plugin-eslint-comments	^4.6.0 → ^4.7.2			devDependencies	minor
@eslint/compat (source)	2.0.2 → 2.1.0			devDependencies	minor
@eslint/eslintrc	3.3.3 → 3.3.5			devDependencies	patch
@​prover-coder-ai/eslint-plugin-suggest-members	^0.0.25 → ^0.0.26			devDependencies	patch
@types/node (source)	^24.10.13 → ^24.13.2			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	^8.55.0 → ^8.61.1			devDependencies	minor
@typescript-eslint/parser (source)	^8.55.0 → ^8.61.1			devDependencies	minor
@vitest/coverage-v8 (source)	^4.0.18 → ^4.1.9			devDependencies	minor
@vitest/eslint-plugin	^1.6.9 → ^1.6.20			devDependencies	patch
actions/upload-artifact	v6 → v7			action	major
effect (source)	^3.19.17 → ^3.21.3			dependencies	minor
eslint (source)	^10.0.0 → ^10.5.0			devDependencies	minor
eslint-import-resolver-typescript	^4.4.4 → ^4.4.5			devDependencies	patch
eslint-plugin-simple-import-sort	^12.1.1 → ^13.0.0			devDependencies	major
eslint-plugin-sonarjs (source)	^3.0.7 → ^4.0.3			devDependencies	major
eslint-plugin-sort-destructure-keys	^2.0.0 → ^3.0.0			devDependencies	major
eslint-plugin-unicorn	^63.0.0 → ^67.0.0			devDependencies	major
globals	^17.3.0 → ^17.6.0			devDependencies	minor
jscpd (source)	^4.0.8 → ^5.0.9			devDependencies	major
node	24.13.1 → 24.16.0			uses-with	minor
pnpm (source)	10.29.3 → 11.7.0			packageManager	major
pnpm/action-setup	v4 → v6			action	major
pnpm/action-setup	v3 → v6			action	major
ts-morph	^27.0.2 → ^28.0.0			dependencies	major
typescript (source)	^5.9.3 → ^6.0.3			devDependencies	major
typescript-eslint (source)	^8.55.0 → ^8.61.1			devDependencies	minor
vite (source)	^7.3.1 → ^8.0.16			devDependencies	major
vitest (source)	^4.0.18 → ^4.1.9			devDependencies	minor

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.5.0

Compare Source

Minor Changes

• #​9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

  ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
  ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
  × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
  × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
  

• #​9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

  Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

  <!-- Invalid: no keyboard handler -->
  <div onclick="handleClick()">Click me</div>
  
  <!-- Valid: has keyboard handler -->
  <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
  
  <!-- Valid: inherently keyboard-accessible -->
  <button onclick="handleClick()">Submit</button>

• #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

  <!-- .typo is used but never defined -->
  <html>
    <head>
      <style>
        .button {
          color: blue;
        }
      </style>
    </head>
    <body>
      <div class="button typo"></div>
    </body>
  </html>

• #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

  /* styles.css — .ghost is never used in any importing file */
  .button {
    color: blue;
  }
  .ghost {
    color: red;
  }

  /* App.jsx */
  import "./styles.css";
  export default () => <div className="button" />;

• #​9546 6567efa Thanks @​nhedger! - Added a biome upgrade command for standalone installations. It upgrades Homebrew installs with brew upgrade biome, updates manually installed binaries from the latest GitHub release, and tells npm users to upgrade with their package manager instead.

• #​9716 701767a Thanks @​faizkhairi! - Added the HTML version of the useHeadingContent rule. The rule now enforces that heading elements (h1-h6) have content accessible to screen readers in HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: empty heading -->
  <h1></h1>
  
  <!-- Invalid: heading hidden from screen readers -->
  <h1 aria-hidden="true">invisible content</h1>
  
  <!-- Valid: heading with text content -->
  <h1>heading</h1>
  
  <!-- Valid: heading with accessible name -->
  <h1 aria-label="Screen reader content"></h1>

• #​9582 f437ef8 Thanks @​rahuld109! - Added the HTML version of the useKeyWithMouseEvents rule. The rule now enforces that onmouseover is accompanied by onfocus and onmouseout is accompanied by onblur in HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: onmouseover without onfocus -->
  <div onmouseover="handleMouseOver()"></div>
  
  <!-- Valid: onmouseover paired with onfocus -->
  <div onmouseover="handleMouseOver()" onfocus="handleFocus()"></div>

• #​9275 1fdbcee Thanks @​ff1451! - Added the new assist action useSortedTypeFields, which sorts the fields of GraphQL object types, interface types and input object types alphabetically, e.g. name, age, id becomes age, id, name.

• #​10561 78075b7 Thanks @​Conaclos! - Added a new style option to useExportType,
  which enforces a style for exporting types.
  This is the same option as the one provided by useImportType.

• #​8987 d16e32b Thanks @​DerTimonius! - Ported the useValidAnchor rule to HTML. This rule enforces that all anchors are valid and that they are navigable elements.

• #​9533 4d251d4 Thanks @​ematipico! - The init command now prints the Biome logo.

• #​10069 0eb9310 Thanks @​Netail! - Added the HTML lint rule noStaticElementInteractions, which enforces that static, visible elements (such as <div>) that have click handlers use the valid role attribute.

  Invalid:

  <div onclick="myFunction()"></div>

• #​9134 2a43488 Thanks @​ematipico! - Added the assist action useSortedPackageJson.

  This action organizes package.json fields according to the same conventions as the popular sort-package-json tool.

• #​9309 7daa18b Thanks @​Bertie690! - The allowDoubleNegation option has been added to noImplicitCoercions to allow ignoring double negations inside code.

  With the option enabled, the following example is considered valid and is ignored by the rule:

  const truthy = !!value;

• #​9700 894f3fb Thanks @​ematipico! - The Biome Language server now supports the "go-to definition" feature.

  When the cursor of the mouse is hovering an entity (variable, CSS class, type, etc.), and the command CTRL + click is triggered, the editor jumps to where this entity is defined, if the language server can find it.

  Here's what Biome is able to resolve:

  • Variables and types used in JavaScript modules, defined in the same file or imported from another module.
  • JSX Components used in JavaScript modules, defined in the same file or imported from another module.
  • CSS classes used in JSX and HTML-ish files (Vue, Svelte and Astro), and defined in CSS files.
  • Components used in HTML-ish files and defined in other HTML-ish.
  • Variables used in HTML-ish files and defined in the same file or imported from another module (JavaScript or HTML-ish).

• #​10070 bae0710 Thanks @​Conaclos! - Added the :STYLE: group matcher for organizeImports that matches style imports.

  For example, the following configuration...

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": {
              "groups": ["**", "!:STYLE:"],
              "sortBareImports": true
            }
          }
        }
      }
    }
  }

  ...places style imports last:

  - import "./style.css"
    import A from "./a.js"
  + import "./style.css"

• #​9170 e3107de Thanks @​mdrobny! - Added bundleDependencies option to NoUndeclaredDependencies rule.

  This rule now supports imports of packages that are defined only in bundleDependencies and bundledDependencies arrays.

• #​9547 01f8473 Thanks @​mujpao! - Added new assist rule useSortedAttributes for HTML, porting the existing JSX rule. This rule enforces sorted HTML attributes.

  Invalid

  <input type="text" id="name" name="name" />

• #​9366 2ca1117 Thanks @​dyc3! - Added the html.parser.vue configuration option. When enabled, it adds support for the parsing of Vue in .html files. Most Vue users don't need to enable this option since Vue files typically use the .vue extension, but it can be useful for projects that embed Vue syntax in regular HTML files.

• #​9073 74b20ee Thanks @​chocky335! - Added support for applying GritQL plugin rewrites as code actions. GritQL plugins that use the rewrite operator (=>) now produce fixable diagnostics for JavaScript, CSS, and JSON files. By default, plugin rewrites are treated as unsafe fixes and require --write --unsafe to apply. Plugin authors can pass fix_kind = "safe" to register_diagnostic() to mark a fix as safe, allowing it to be applied with just --write.

  Example plugin (useConsoleInfo.grit):

  language js
  
  `console.log($msg)` as $call where {
      register_diagnostic(span = $call, message = "Use console.info instead of console.log.", severity = "warn", fix_kind = "safe"),
      $call => `console.info($msg)`
  }
  

  Running biome check --write applies safe rewrites. Unsafe rewrites (the default, or fix_kind = "unsafe") still require --write --unsafe.

• #​9384 f4c9edc Thanks @​Conaclos! - Added the sortBareImports option to organizeImports,
  which allows bare imports to be sorted within other imports when set to false.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": { "sortBareImports": true }
          }
        }
      }
    }
  }

  - import "b";
    import "a";
  + import "b";
    import { A } from "a";
  + import "./file";
    import { Local } from "./file";
  - import "./file";

• #​8731 e7872bf Thanks @​siketyan! - Added the watch mode (--watch) to the CLI for check/format/lint commands. By enabling this option, Biome will re-run the check automatically when any file in the workspace has changed after the first run.

• #​10106 9b35f78 Thanks @​ematipico! - Biome can now format and lint .svg files.

• #​9967 e9b6c17 Thanks @​dyc3! - Added HTML support for noExcessiveLinesPerFile. Biome now reports HTML files that exceed the configured line limit, including when skipBlankLines is enabled.

• #​9491 b3eb63c Thanks @​IxxyDev! - Added the HTML lint rule noAriaUnsupportedElements. This rule enforces that elements that do not support ARIA roles, states, and properties (meta, html, script, style) do not have role or aria-* attributes.

  <!-- Invalid: meta does not support aria attributes -->
  <meta charset="UTF-8" role="meta" />

• #​9306 afd57a6 Thanks @​viraxslot! - Added the noNoninteractiveTabindex lint rule for HTML. This rule enforces that tabindex is not used on non-interactive elements, as it can cause usability issues for keyboard users.

  <div tabindex="0">Invalid: non-interactive element</div>
  `

• #​9276 6d041d9 Thanks @​IxxyDev! - Added the HTML lint rule noRedundantRoles. This rule enforces that explicit role attributes are not the same as the implicit/default role of an HTML element. It supports HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: role="button" is redundant on <button> -->
  <button role="button"></button>

• #​9813 69aadc2 Thanks @​ematipico! - Added a new linter configuration called preset. With the new option, users can enable different kinds of rules at once.

  The following presets are available:

  • "recommended": it enables all Biome-recommended rules, or recommended rules of a group;
  • "all": it enables all Biome rules, or enables all rules of a group;
  • "none": it disables all Biome rules, or disable all rules of a group.

  You can enable recommended rules:

  {
    "linter": {
      "rules": {
        "preset": "recommended"
      }
    }
  }

  You can enable all rules at once:

  {
    linter: {
      rules: {
        preset: "all", // enables all rules
      },
    },
  }

  Or enable all rules for a group:

  {
    linter: {
      rules: {
        style: {
          preset: "all", // enables all rules in the style group
        },
      },
    },
  }

  This new option, however, doesn't affect how nursery rules work. Nursery rules must be enabled singularly, due to their nature.

  This new option is meant to replace recommended, so make sure to run the migrate command.

• #​10022 3422d71 Thanks @​Netail! - Added the HTML lint rule noNoninteractiveElementToInteractiveRole, which enforces that interactive ARIA roles are not assigned to non-interactive HTML elements.

  Invalid:

  <h1 role="checkbox"></h1>

• #​8396 13785fc Thanks @​apple-yagi! - Biome now supports pnpm catalogs (default and named) when resolving dependencies for linting. This behavior is opt-in and requires setting javascript.resolver.experimentalPnpmCatalogs to true.

• #​10028 1009414 Thanks @​Netail! - Added the HTML lint rule noInteractiveElementToNoninteractiveRole, which enforces that non-interactive ARIA roles are not assigned to interactive HTML elements.

  Invalid:

  <input role="img" />

• #​9853 816302f Thanks @​Netail! - Added the new assist action useSortedSelectionSet, which sorts GraphQL selection sets alphabetically, e.g. name, age, id becomes age, id, name.

  Invalid:

  query {
    name
    age
    id
  }

• #​10074 9c7c6eb Thanks @​georgephillips! - Added a kind field to the ImportMatcher used by the organizeImports assist action. The new field selects imports by their syntactic kind and currently supports bare (matching side-effect imports such as import "polyfill") with optional ! negation (!bare). The matcher composes with the existing type and source fields, so users can express patterns such as "only bare imports that import a CSS file" ({ "kind": "bare", "source": "**/*.css" }).

  For example, with the following configuration:

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": {
              "sortBareImports": true,
              "groups": [
                { "kind": "!bare" },
                ":BLANK_LINE:",
                { "kind": "bare" }
              ]
            }
          }
        }
      }
    }
  }

  ...the following code:

  import "./register-my-component";
  import { render } from "react-dom";
  import "./polyfill";
  import { Button } from "@​/components/Button";

  ...is organized as:

  import { render } from "react-dom";
  import { Button } from "@​/components/Button";
  
  import "./polyfill";
  import "./register-my-component";

• #​9171 ce65710 Thanks @​chocky335! - Added includes option for plugin file scoping. Plugins can now be configured with glob patterns to restrict which files they run on. Use negated globs for exclusions.

  {
    "plugins": [
      "global-plugin.grit",
      {
        "path": "scoped-plugin.grit",
        "includes": ["src/**/*.ts", "!**/*.test.ts"]
      }
    ]
  }

• #​9617 dcb99ef Thanks @​faizkhairi! - Ported useAriaActivedescendantWithTabindex a11y rule to HTML.

• #​9496 1dfb829 Thanks @​aviraldua93! - Added HTML support for the noAriaHiddenOnFocusable accessibility lint rule, which enforces that aria-hidden="true" is not set on focusable elements. Focusable elements include native interactive elements (<button>, <input>, <select>, <textarea>), elements with href (<a>, <area>), elements with tabindex >= 0, and editing hosts (contenteditable). Includes an unsafe fix to remove the aria-hidden attribute.

  <!-- Invalid: aria-hidden on a focusable element -->
  <button aria-hidden="true">Submit</button>
  
  <!-- Valid: aria-hidden on a non-focusable element -->
  <div aria-hidden="true">decorative content</div>

• #​9792 f516854 Thanks @​Maximiliano-Zeballos! - Added the useSemanticElements lint rule for HTML. The rule now detects the use of role attributes in HTML elements and suggests using semantic elements instead.

  For example, the following code is now flagged:

  <div role="navigation"></div>

  The rule suggests using <nav> instead.

• #​9761 cbbb7d5 Thanks @​Maximiliano-Zeballos! - Ported the useValidAriaProps lint rule to HTML. This rule checks that all aria-* attributes used in HTML elements are valid ARIA attributes as defined by the WAI-ARIA specification.

• #​9928 aa82576 Thanks @​aviraldua93! - Ported useValidAriaValues to HTML. Biome now validates static aria-* attribute values in HTML elements against WAI-ARIA types, catching invalid values such as aria-hidden="yes".

• #​10562 6642895 Thanks @​ematipico! - Promoted 73 nursery rules to stable groups.

  Four rules were renamed as part of the promotion:

  • noFloatingClasses is now noUnusedInstantiation, because the rule checks any discarded new expression, not only classes.
  • noMultiStr is now noMultilineString.
  • useFind is now useArrayFind.
  • useSpread is now useSpreadOverApply, because the rule enforces spread call arguments over Function.apply(), not array or object spread.

Correctness

Promoted the following rules to the correctness group:

• noBeforeInteractiveScriptOutsideDocument
• noUnusedInstantiation
• useInlineScriptId (recommended, Next.js domain)
• noVueVIfWithVFor (recommended, Vue domain)
• useVueValidVBind (recommended, Vue domain)
• useVueValidVElse (recommended, Vue domain)
• useVueValidVElseIf (recommended, Vue domain)
• useVueValidVHtml (recommended, Vue domain)
• useVueValidVIf (recommended, Vue domain)
• useVueValidVOn (recommended, Vue domain)
• useVueValidVText (recommended, Vue domain)
• useVueValidTemplateRoot (recommended, Vue domain)
• useVueValidVCloak (recommended, Vue domain)
• useVueValidVOnce (recommended, Vue domain)
• useVueValidVPre (recommended, Vue domain)
• useVueVForKey (recommended, Vue domain)
• noDuplicateAttributes (recommended)
• noDuplicateArgumentNames (recommended)
• noDuplicateInputFieldNames (recommended)
• noDuplicateVariableNames (recommended)
• noDuplicateEnumValueNames (recommended)
• useLoneAnonymousOperation (recommended)

Suspicious

Promoted the following rules to the suspicious group:

• noShadow
• noUnnecessaryConditions
• noParametersOnlyUsedInRecursion
• noUnknownAttribute
• useArraySortCompare
• noForIn
• noDuplicatedSpreadProps
• noEqualsToNull
• noProto (recommended)
• noUndeclaredEnvVars (recommended, Turborepo domain)
• noReturnAssign (default severity: error)
• noDuplicateEnumValues (recommended)
• noVueArrowFuncInWatch (recommended, Vue domain)
• noNestedPromises
• noLeakedRender
• noDeprecatedMediaType (recommended)
• noDuplicateGraphqlOperationName
• useRequiredScripts

Style

Promoted the following rules to the style group:

• useVueMultiWordComponentNames (recommended, Vue domain)
• useVueDefineMacrosOrder
• noIncrementDecrement
• noContinue
• useSpreadOverApply
• noTernary
• noMultilineString
• noMultiAssign
• noExcessiveClassesPerFile
• noExcessiveLinesPerFile
• noVueOptionsApi
• useErrorCause
• useConsistentEnumValueType
• useConsistentMethodSignatures
• useGlobalThis (default severity: warn)
• useDestructuring
• useVueHyphenatedAttributes (recommended, Vue domain)
• useVueConsistentVBindStyle (recommended, Vue domain)
• useVueConsistentVOnStyle (recommended, Vue domain)
• noHexColors
• useConsistentGraphqlDescriptions
• noRootType
• useLoneExecutableDefinition
• useInputName

Complexity

Promoted the following rules to the complexity group:

• useArrayFind
• noRedundantDefaultExport (default severity: warn)
• noUselessReturn
• noDivRegex

Performance

Promoted the following rules to the performance group:

• noSyncScripts
• noJsxPropsBind
• useVueVapor

Security

Promoted the following rules to the security group:

• noScriptUrl (recommended)

A11y

Promoted the following rules to the a11y group:

• noAmbiguousAnchorText (recommended)

• #​10121 450f8e1 Thanks @​jongwan56! - Biome now applies Git's local exclude file when VCS ignore files are enabled. Files listed in .git/info/exclude are skipped the same way as files listed in .gitignore, including in linked worktrees.

• #​9397 d5913c9 Thanks @​mvarendorff! - Added ignore option to the noUnusedVariables rule. The option allows excluding identifiers by providing a list of ignored names. It also allows excluding kinds of identifiers from this rule entirely, which may be useful when loading classes dynamically.

  For example, unused classes as well as all unused variables, functions, etc. called "unused" may be ignored entirely with the following configuration:

  {
    "ignore": {
      "*": ["unused"],
      "class": ["*"]
    }
  }

• #​10089 71a21f0 Thanks @​Netail! - Added the lint rule noLabelWithoutControl to HTML, which enforces that a label element or component has a text label and an associated input.

  <label></label>

• #​10015 1828261 Thanks @​Netail! - Added the HTML lint rule useAriaPropsSupportedByRole, which enforces that ARIA properties are valid for the roles that are supported by the element.

  <a href="#" aria-checked></a>

• #​10234 1a51569 Thanks @​ematipico! - Added the delimiterSpacing formatter option. This option inserts spaces inside delimiters (after the opening delimiter and before the closing delimiter) when the content fits on a single line. Empty delimiters are not affected, and no space is added before the opening delimiter. The specific delimiters affected depend on the language. It can be configured globally via formatter.delimiterSpacing or per-language via

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Bumps pnpm to 11.1.3 at root and app, upgrades Changesets and many app deps/devDeps, and updates GitHub Actions versions: pnpm/action-setup → v6, Node runtime → 24.15.0, and actions/upload-artifact → v7.

Changes

Dependency and Action Upgrades

Layer / File(s)	Summary
Root package manager and Changesets tooling package.json	Root package.json updated to packageManager: "pnpm@11.1.3" and Changesets devDependencies (@changesets/changelog-github, @changesets/cli) bumped.
App package manager and dependency upgrades packages/app/package.json	packages/app packageManager set to pnpm@11.1.3; multiple runtime dependencies and devDependencies (including @effect/*, effect, ts-morph, tooling, TypeScript, Vite/Vitest, linters) have version bumps.
GitHub Actions and workflow configuration .github/actions/setup/action.yml, .github/workflows/checking-dependencies.yml, .github/workflows/snapshot.yml	Composite action/workflows updated: pnpm/action-setup bumped to v6, actions/setup-node node-version changed to 24.15.0, and actions/upload-artifact bumped to v7.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Dependency Dashboard openapi-effect#1 — Matches Renovate-style dependency and workflow version bumps (pnpm and action versions).
• Dependency Dashboard eslint-plugin-suggest-members#2 — Overlaps CI and Changesets dependency/version updates present in this PR.
• Dependency Dashboard #10 — Similar CI/action and package metadata updates (pnpm, actions, packageManager).
• Dependency Dashboard context-doc#5 — Contains comparable dependency/version adjustments across workflows and manifests.
• Dependency Dashboard dist-deps-prune#2 — Related updates to GitHub Action versions and package.json dependency entries.
• Dependency Dashboard effect-eslint-template#6 — Mirrors pnpm/action-setup and pnpm packageManager version bumps seen here.

Poem

🐰 A patch of pins and versions new,
I nibbled bumps and pushed them through.
Workflows hum and artifacts sing,
PNPM hops to a brighter spring.
— Rabbit with a CI carrot 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(deps): update all dependencies' directly and clearly describes the main change: a comprehensive dependency update across the entire project, as evidenced by the raw summary and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description clearly relates to the changeset, providing a comprehensive table of package updates with versions, types, and dependencies.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/actions/setup/action.yml:
- Line 13: The action uses pnpm/action-setup@v6 but the custom action default
still sets node-version: 20.16.0 which is incompatible; update the default
node-version in action.yml to Node 24 (>=24.0.0, e.g., 24.15.0 to match
checking-dependencies.yml) so the action runs on the required runtime, and after
changing the default verify pnpm selection behavior (packageManager in
package.json / pnpm@11.1.2) because v6 has a bug that may ignore
packageManager—if necessary pin the pnpm version explicitly or add configuration
to enforce packageManager to ensure the expected pnpm version is used.

In @.github/workflows/checking-dependencies.yml:
- Line 15: The workflow uses pnpm/action-setup@v6 but package.json declares
packageManager: pnpm@11.1.2, causing a mismatch; either align the workflow or
package.json: update package.json's packageManager to "pnpm@11.1.1" to match the
action's default, or explicitly configure the action in
.github/workflows/checking-dependencies.yml (pnpm/action-setup) with a
compatible with.version value (e.g., 11.1.1) until 11.1.2 is released, or remove
the explicit version so the action auto-detects from package.json and surfaces
the proper error if the version is unavailable.

In `@package.json`:
- Line 6: Update package.json to remove deprecated pnpm v10 fields and adopt
pnpm v11 format: replace any ignoredBuiltDependencies and onlyBuiltDependencies
entries with the new allowBuilds configuration (mapping allowed package patterns
or booleans accordingly) and set the engines.node field to ">=22" (or "22.x" per
project policy) so Node.js requirement is explicit for pnpm 11; also keep
packageManager set to "pnpm@11.1.2" and run the pnpm v10→v11 codemod (pnpx
codemod run pnpm-v10-to-v11) to ensure any other migration changes are applied.

In `@packages/app/package.json`:
- Line 71: Add an "engines" entry to packages/app/package.json to require
Node.js >=20.19.0 so ESLint 10.3.0 runs correctly; locate the existing "eslint":
"^10.3.0" dependency in package.json and add an "engines" object with "node":
">=20.19.0" to enforce the minimum Node version for contributors and CI.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 99f915a6-56ca-42ec-8fc8-02ccf3d20151

📥 Commits

Reviewing files that changed from the base of the PR and between 2b21043 and f9810e9.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/actions/setup/action.yml
• .github/workflows/checking-dependencies.yml
• .github/workflows/snapshot.yml
• package.json
• packages/app/package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

pnpm/action-setup v6 release notes

💡 Result:

pnpm/action-setup v6 release notes (from the repo’s official GitHub Releases pages) are available as a series of versioned release entries under the v6 tags. The most recent v6 entry visible in the official releases feed is v6.0.8 (published 2026-05-12), with the following changes: 1) v6.0.8 (2026-05-12) - docs(README): fix cache_dependency_path type (PR #257) [1] - fix: drop patchPnpmEnv so standalone+self-update works on Windows (PR #258) [1] - fix: update pnpm to 11.1.1 (PR #248) [1] 2) v6.0.4 (2026-04-30) - fix: use npm co-located with the action node binary (PR #239) [2] Additional v6 changes are also reflected in the v4...v6 comparison page (including updates to README/examples and caching-related input typing/behavior), which indicates that v6 introduces/updates inputs like cache_dependency_path handling. In that compare view, cache_dependency_path is described as accepting multiple paths delimited by newlines, and the example workflows are updated to use pnpm/action-setup@v6 instead of v4. [3] Notes / where to read the full set of v6 release notes: - Start at the official Releases index for pnpm/action-setup and select the v6.x.y tags. The Releases index is the source of truth for the complete v6 changelog history. [4] If you want, tell me the exact v6 range you care about (e.g., “v6.0.0 through v6.0.8” or “just v6.0.8”), and I’ll summarize only those entries.

Citations:

• 1: https://github.com/pnpm/action-setup/releases/tag/v6.0.8
• 2: https://github.com/pnpm/action-setup/releases/tag/v6.0.4
• 3: pnpm/action-setup@v4...v6
• 4: https://github.com/pnpm/action-setup/releases

---

🌐 Web query:

Node.js 24.15.0 release notes

💡 Result:

Node.js 24.15.0 (Krypton, LTS) release notes (published 2026-04-15) list these notable changes: - cli: add --max-heap-size option [1] - cli: add --require-module / --no-require-module [2] - crypto: add raw key formats support to the KeyObject APIs [1] - fs: add throwIfNoEntry option for fs.stat and fs.promises.stat [2] - http2: add http1Options for HTTP/1 fallback configuration [2] - module: mark require(esm) as stable [2] - module: mark module compile cache as stable [2] - net: add setTOS and getTOS to Socket [2] - sqlite: add limits property to DatabaseSync [2] - sqlite: mark as release candidate [2] - src: add C++ support for diagnostics channels [2] - stream: rename Duplex.toWeb type option to readableType [2] - test_runner: add exports option for module mocks [2] - test_runner: expose worker ID for concurrent test execution [2] - test_runner: show interrupted test on SIGINT [2] Primary sources for the above are the official Node.js blog release page and the Node.js v24 changelog section for 24.15.0 [1][2].

Citations:

• 1: https://nodejs.org/blog/release/v24.15.0
• 2: https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V24.md

---

🏁 Script executed:

#!/bin/bash
# Check all workflow files for consistency in action versions
rg -n "pnpm/action-setup@" --type yaml
rg -n "node-version:" --type yaml

Repository: ProverCoderAI/effect-template

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Check if the workflow file exists
ls -la .github/workflows/ 2>/dev/null || echo "Directory not found"

# If it exists, read the file
if [ -f ".github/workflows/checking-dependencies.yml" ]; then
  echo "=== File found, reading contents ==="
  cat -n ".github/workflows/checking-dependencies.yml"
else
  echo "File not found"
fi

# Also check with fd for any workflow files
echo "=== Searching for workflow files ==="
fd -e yml -e yaml ".github/workflows/" 2>/dev/null || fd -e yml -e yaml

Repository: ProverCoderAI/effect-template

Length of output: 1412

---

🏁 Script executed:

#!/bin/bash
# Check pnpm version in lock file
head -20 pnpm-lock.yaml | grep -i "version\|lockfileVersion"

# Also check package.json for pnpm version requirement if any
if [ -f "package.json" ]; then
  grep -i "pnpm" package.json
fi

# Check if there's a .npmrc or similar config
if [ -f ".npmrc" ]; then
  cat .npmrc
fi

Repository: ProverCoderAI/effect-template

Length of output: 745

---

🌐 Web query:

pnpm 11.1.2 release date and availability

💡 Result:

No evidence found of a pnpm 11.1.2 release as of 2026-05-14. The latest releases are v11.1.1 (published around 2026-05-12 [1]) and v11.1.0 (published 2026-05-11 [2][3][4]). Official GitHub releases page lists recent tags up to May 12 but no 11.1.2 [3]. npm registry tracks these releases [4], and no sources mention 11.1.2. It is not yet released or available.[2][3][1]

Citations:

• 1: https://newreleases.io/project/github/pnpm/pnpm/release/v11.1.1
• 2: https://github.com/pnpm/pnpm/releases/tag/v11.1.0
• 3: https://github.com/pnpm/pnpm/releases
• 4: https://newreleases.io/project/npm/pnpm/release/11.1.0

---

🌐 Web query:

pnpm/action-setup configure pnpm version 11.1.2

💡 Result:

To configure pnpm/action-setup to install pnpm 11.1.2, use the action’s with.version input: steps: - uses: pnpm/action-setup@v6 with: version: 11.1.2 The version input is “Version of pnpm to install” and supports exact versions like 11.1.2 (or version ranges/tags). If you omit version, the action can use the packageManager field from your package.json instead.[1] You may optionally specify run_install if you also want the action to run pnpm install for you; otherwise run pnpm install in a later step.[1]

Citations:

• 1: https://github.com/pnpm/action-setup

---

Configure pnpm version in pnpm/action-setup to match project requirement.

The workflow uses pnpm/action-setup@v6 which installs pnpm 11.1.1 by default, but the project specifies packageManager: pnpm@11.1.2 in package.json. Since pnpm 11.1.2 does not yet exist, the pnpm install --frozen-lockfile step (line 21) will fail due to version mismatch. Either update package.json to use pnpm 11.1.1, or configure the action with with.version: 11.1.2 once that version is released. Alternatively, the action can auto-detect the version from package.json if no version input is specified (allowing proper error messaging when unavailable).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/checking-dependencies.yml at line 15, The workflow uses
pnpm/action-setup@v6 but package.json declares packageManager: pnpm@11.1.2,
causing a mismatch; either align the workflow or package.json: update
package.json's packageManager to "pnpm@11.1.1" to match the action's default, or
explicitly configure the action in .github/workflows/checking-dependencies.yml
(pnpm/action-setup) with a compatible with.version value (e.g., 11.1.1) until
11.1.2 is released, or remove the explicit version so the action auto-detects
from package.json and surfaces the proper error if the version is unavailable.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

pnpm 11 release notes breaking changes from pnpm 10

💡 Result:

pnpm 11 introduces several breaking changes from v10, primarily documented in the official migration guide [1] and v11.0.0 release notes [2][3]. Key breaking changes include: Node.js requirement: Now requires Node.js 22 or newer; support for v18-21 dropped. pnpm is pure ESM, and standalone exe needs glibc 2.27+ [3][2][4]. Configuration changes [1]: - No longer reads config from package.json#pnpm; move to pnpm-workspace.yaml. -.npmrc limited to auth/registry; other settings (hoist-pattern, node-linker, etc.) to pnpm-workspace.yaml (camelCase keys). - npm_config_* env vars ignored; use pnpm_config_*. - Deprecated build settings (onlyBuiltDependencies, etc.) removed; use allowBuilds [3][2]. - Package manager settings consolidated to pmOnFail: 'download'|'ignore'|'warn'|'error'. - Renames: allowNonAppliedPatches -> allowUnusedPatches; auditConfig.ignoreCves -> auditConfig.ignoreGhsas. Store upgraded to v11: SQLite index.db replaces JSON files; incompatible with v10 stores (clear or migrate) [3][2][5]. Global installs: Isolated in {pnpmHomeDir}/global/v11/{hash}/ with own package.json/node_modules/pnpm-lock.yaml. pnpm install -g (no args) removed; use pnpm add -g [3][2]. pnpm link changes: No global store resolution; only relative/absolute paths. --global removed (use pnpm add -g.); no-arg pnpm link removed [1][6]. Removed commands: pnpm server; npm passthrough (publish, login, etc.) now native, some like access, edit removed [3][2]. Lockfile: patchedDependencies simplified to selector -> hash; auto-migrated [5]. Script shadowing: Scripts named clean/setup/deploy/rebuild run script, not built-in; use pnpm pm [1]. Security defaults: minimumReleaseAge=1440 (1 day), blockExoticSubdeps=true, strictDepBuilds=true [3][2]. A codemod assists migration: pnpx codemod run pnpm-v10-to-v11 [1]. Full details: https://pnpm.io/migration [1], https://github.com/pnpm/pnpm/releases/tag/v11.0.0 [2], https://pnpm.io/blog/releases/11.0 [3].

Citations:

• 1: https://pnpm.io/migration
• 2: https://github.com/pnpm/pnpm/releases/tag/v11.0.0
• 3: https://pnpm.io/blog/releases/11.0
• 4: https://github.com/pnpm/pnpm/releases/tag/v11.0.0-rc.0
• 5: https://github.com/pnpm/pnpm/releases/tag/v11.0.0-alpha.14
• 6: https://github.com/pnpm/pnpm/releases/tag/v11.0.0-beta.3

---

🏁 Script executed:

#!/bin/bash
# Check if pnpm-lock.yaml has been updated alongside this change
git diff HEAD -- pnpm-lock.yaml | head -50

Repository: ProverCoderAI/effect-template

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Check if pnpm-lock.yaml exists and what version it specifies
if [ -f "pnpm-lock.yaml" ]; then
  echo "=== pnpm-lock.yaml lockfileVersion ==="
  head -20 pnpm-lock.yaml | rg "lockfileVersion|name|version"
else
  echo "pnpm-lock.yaml not found"
fi

# Check if package.json has pnpm config that needs migration
echo -e "\n=== package.json pnpm config ==="
jq '.pnpm' package.json 2>/dev/null || echo "No pnpm config in package.json"

# Check Node.js version requirement
echo -e "\n=== Node.js engines requirement ==="
jq '.engines' package.json 2>/dev/null || echo "No engines field"

Repository: ProverCoderAI/effect-template

Length of output: 586

---

🏁 Script executed:

#!/bin/bash
# Check git log to see if pnpm-lock.yaml was modified in this change
echo "=== Recent git changes to pnpm-lock.yaml ==="
git log --oneline -n 10 -- pnpm-lock.yaml 2>/dev/null || echo "No pnpm-lock.yaml history"

# Check if .npmrc or pnpm-workspace.yaml exists
echo -e "\n=== pnpm configuration files ==="
ls -la .npmrc pnpm-workspace.yaml .pnpmfile.cjs 2>/dev/null || echo "Checking config files..."
fd -e "npmrc|pnpmfile|workspace.yaml" .

Repository: ProverCoderAI/effect-template

Length of output: 287

---

🏁 Script executed:

#!/bin/bash
# Check CI workflows for Node.js version
echo "=== CI/CD Node.js version requirement ==="
find .github -name "*.yml" -o -name "*.yaml" 2>/dev/null | head -5 | xargs grep -l "node-version\|node_version\|setup-node" 2>/dev/null | head -1 | xargs cat 2>/dev/null | grep -A 2 "node-version\|setup-node" || echo "Checking workflows..."

Repository: ProverCoderAI/effect-template

Length of output: 370

---

Migrate deprecated pnpm configuration to pnpm 11 format.

The pnpm-lock.yaml has been regenerated to v9.0 (pnpm 11 format), but package.json still contains deprecated configuration that is no longer supported in pnpm 11:

• ignoredBuiltDependencies and onlyBuiltDependencies must be migrated to the new allowBuilds configuration
• Node.js requirement must be explicitly set to 22+ in the engines field (pnpm 11 no longer supports Node.js v18-21)

These deprecated options will cause failures when running pnpm commands. Use the pnpm v10→v11 migration codemod (pnpx codemod run pnpm-v10-to-v11) to complete the migration.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 6, Update package.json to remove deprecated pnpm v10
fields and adopt pnpm v11 format: replace any ignoredBuiltDependencies and
onlyBuiltDependencies entries with the new allowBuilds configuration (mapping
allowed package patterns or booleans accordingly) and set the engines.node field
to ">=22" (or "22.x" per project policy) so Node.js requirement is explicit for
pnpm 11; also keep packageManager set to "pnpm@11.1.2" and run the pnpm v10→v11
codemod (pnpx codemod run pnpm-v10-to-v11) to ensure any other migration changes
are applied.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

ESLint 10.0 release notes breaking changes migration guide

💡 Result:

ESLint 10.0 release notes / breaking changes and the official migration guide are here: 1) Official migration guide (v9.x → v10.x) https://eslint.org/docs/latest/use/migrate-to-10.0.0 [1] 2) Official release notes for v10.0.0 https://eslint.org/blog/2026/02/eslint-v10.0.0-released/ [2] Key breaking changes called out in the migration guide (high-signal items) A) Node.js version support dropped ESLint v10.0.0 no longer supports Node.js versions < v20.19.0 (and also drops v21.x and v23.x); the migration guide says to upgrade to Node.js v20.19.0 or later [1][3]. B) “Old config format” no longer supported; flat config required The v10 migration guide states the legacy config system is removed (i.e., old eslintrc format is no longer supported) and points you to use flat config (eslint.config.) [1]. The migration guide summary also calls out removing the eslintrc format [1][3]. C) New configuration file lookup algorithm In ESLint v9 there was an alternate behavior guarded by a feature flag; in v10.0.0, the behavior is the default. The migration guide describes that config lookup now starts from the directory of each linted file and searches upward to the filesystem root (instead of starting from the current working directory) and that the v10_config_lookup_from_file flag was removed [1]. D) Removed feature for eslintrc config lookup behavior flag Attempting to use v10_config_lookup_from_file now results in an error (because the flag was removed) [1]. E) Rule/behavior & API breaking changes (examples listed in the migration guide) The migration guide lists multiple other breaking/API changes, including (among others) removal of the nodeType property in LintMessage objects [1], JSX references now being tracked [1], and changes around fixer APIs requiring string text arguments [1]. How to migrate (practical steps to follow) - Upgrade Node.js to a supported version (>= v20.19.0) before running ESLint 10 [1]. - Ensure you are using flat config (eslint.config.) and remove any legacy eslintrc configuration usage [1]. - If you previously relied on the v9 config lookup behavior / feature flag, update to the new lookup algorithm (start from each linted file’s directory) [1]. - Then run the official migration guide’s checklist/sections to address any remaining listed breaking changes in your specific setup [1].

Citations:

• 1: https://eslint.org/docs/latest/use/migrate-to-10.0.0
• 2: https://eslint.org/blog/2026/02/eslint-v10.0.0-released/
• 3: https://mintlify.com/eslint/eslint/guides/migrate-to-10

---

🏁 Script executed:

#!/bin/bash
# Check ESLint configuration files for compatibility
fd eslint.config -e js -e mjs -e cjs --exec cat {}

Repository: ProverCoderAI/effect-template

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Check for ESLint configuration files
echo "=== Searching for ESLint config files ==="
fd -e json -e js -e cjs -e mjs '(eslintrc|eslint\.config)' --base-directory .

# Check package.json for Node.js version and ESLint config location
echo -e "\n=== Checking packages/app/package.json ==="
head -80 packages/app/package.json | tail -20

# Check root package.json for Node.js engines
echo -e "\n=== Checking root package.json for engines ==="
rg '"engines"' -A 5 package.json

Repository: ProverCoderAI/effect-template

Length of output: 1013

---

🏁 Script executed:

#!/bin/bash
# More comprehensive search for all ESLint-related configs
echo "=== Searching for all ESLint configs ==="
find . -type f \( -name ".eslintrc*" -o -name "eslint.config.*" \) 2>/dev/null

# Check for ESLint in workspace packages
echo -e "\n=== Checking eslint references in all package.json files ==="
find . -name "package.json" -type f -exec grep -l "eslint" {} \; 2>/dev/null

Repository: ProverCoderAI/effect-template

Length of output: 252

---

🏁 Script executed:

#!/bin/bash
# Check the ESLint flat config file
echo "=== Content of eslint.config.mts ==="
cat packages/app/eslint.config.mts

# Search for Node.js version constraints
echo -e "\n=== Searching for Node.js version constraints ==="
find . -type f \( -name ".nvmrc" -o -name ".tool-versions" -o -name "nvmrc" \) 2>/dev/null | head -10

# Check GitHub workflows for Node.js version
echo -e "\n=== Checking for Node.js version in CI/workflows ==="
fd "\.ya?ml$" .github/workflows 2>/dev/null | xargs grep -h "node-version" 2>/dev/null | head -10

Repository: ProverCoderAI/effect-template

Length of output: 10380

---

🏁 Script executed:

#!/bin/bash
# Check if engines field exists in root and app package.json
echo "=== Checking engines field in package.json files ==="
rg '"engines"' -B 1 -A 3 . --type json

# Check for `@eslint/compat` usage in eslint.config.mts
echo -e "\n=== Checking `@eslint/compat` usage ==="
grep -n "@eslint/compat\|compat" packages/app/eslint.config.mts || echo "No `@eslint/compat` found in config"

Repository: ProverCoderAI/effect-template

Length of output: 219

---

Add engines field to enforce Node.js >= v20.19.0 for ESLint 10.3.0 compatibility.

The repository has already properly migrated to ESLint's flat config format (eslint.config.mts) and uses @eslint/compat correctly for plugin compatibility. However, ESLint 10.3.0 requires Node.js >= v20.19.0, and this constraint should be explicitly documented in package.json via an engines field. Without it, developers using older Node.js versions may encounter runtime errors. Add to packages/app/package.json:

"engines": {
  "node": ">=20.19.0"
}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/app/package.json` at line 71, Add an "engines" entry to
packages/app/package.json to require Node.js >=20.19.0 so ESLint 10.3.0 runs
correctly; locate the existing "eslint": "^10.3.0" dependency in package.json
and add an "engines" object with "node": ">=20.19.0" to enforce the minimum Node
version for contributors and CI.