chore(deps): update versions

[dinwwwh]

Summary by CodeRabbit

• Chores

  • Broad dependency updates across tooling, frameworks, and libraries for improved stability and compatibility.
  • Refined package manager and workspace configuration; removed several legacy npm settings and updated workspace behavior.
  • Adjusted linting rules for YAML-related checks.

• Tests

  • Tool metadata identification field renamed from "name" to "title" (tests and tooling updated).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

This PR removes specific npm settings from .npmrc, consolidates workspace/package manager settings in pnpm-workspace.yaml, performs a wide dependency/version bump across the monorepo, and renames the AI SDK tool metadata field from name to title.

Changes

Cohort / File(s)	Summary
Root config \.npmrc, pnpm-workspace.yaml, eslint.config.js	Deleted several npm config keys from .npmrc; added workspace-related keys (useNodeVersion, preferWorkspacePackages, linkWorkspacePackages, shamefullyHoist) and expanded packages globs in pnpm-workspace.yaml; added ESLint disables for pnpm/yaml-enforce-settings and yaml/sort-keys.
Root manifests package.json	Bumped packageManager (pnpm@10.26.2) and updated numerous devDependencies (testing, eslint configs, @types/node, TypeScript spec changes, tooling/version pins).
Apps apps/content/package.json, apps/content/docs/integrations/ai-sdk.md	Large dependency updates (AI SDK, TanStack libs, Svelte, Vue, OpenAI, mermaid, zod, etc.); docs examples changed to async handlers and awaited message conversion; example tool metadata switched from name to title.
AI SDK package & tests packages/ai-sdk/package.json, packages/ai-sdk/src/tool.ts, packages/ai-sdk/src/tool.test.ts	Bumped ai/zod versions; tool meta field renamed from name → title (tests and annotations updated to assert/access tool.title).
Wide zod & typings alignment packages/*/package.json, playgrounds/*/package.json (e.g., packages/*, playgrounds/*)	Systematic zod bumps (^4.1.12 → ^4.2.1), many @types/node updates, and coordinated TanStack/react/vue/solid/svelte-query version bumps across core packages and playgrounds.
Specialized package updates packages/arktype/package.json, packages/durable-iterator/package.json, packages/publisher*.json, packages/ratelimit/package.json, packages/valibot/package.json, ...	Adds @ark/schema and arktype devDeps; bumps partysocket, @cloudflare/workers-types, @upstash/redis, @valibot/to-json-schema, and other package-specific version updates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• unnoq/orpc#775 — Edits the same AI SDK integration docs and examples that were updated in this PR.
• unnoq/orpc#360 — Addresses workspace/package manager and dependency metadata changes similar to this PR.

Poem

🐇 I hopped through package trees tonight,

bumped versions till they sparkled bright.
From .npmrc trims to workspace tune,
name became title — a brand new rune.
Heaps of deps aligned — a merry monorepo moon.

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'chore(deps): update versions' is a generic, vague statement that does not convey specific information about which dependencies were updated or the nature of the changes.	Consider using a more descriptive title that highlights the main changes, such as 'chore(deps): upgrade zod, tanstack packages, and ai-sdk' or specifying key version updates to help reviewers quickly understand the scope.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/deps/bump-28-12-25

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dc68615 and f54463c.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• apps/content/docs/integrations/ai-sdk.md
• apps/content/package.json
• packages/ai-sdk/src/tool.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: test
• GitHub Check: publish-commit
• GitHub Check: lint
• GitHub Check: Cloudflare Pages

🔇 Additional comments (5)

apps/content/package.json (2)

55-55: Zod 4.2.1 update looks good.

The Zod update from ^4.1.12 to ^4.2.1 is a minor version bump within Zod 4.x. Based on the provided Zod 4 documentation, this should be a non-breaking update with potential bug fixes and minor enhancements.

---

11-12: AI SDK v6 compatibility confirmed with @ai-sdk/google v3 and @ai-sdk/react v3.

The @ai-sdk/google@^3.0.1 and @ai-sdk/react@^3.0.3 packages are compatible with ai@^6.0.3. The integration example in docs/integrations/ai-sdk.md correctly uses the v6 API (convertToModelMessages instead of the deprecated convertToCoreMessages, and proper streamText usage), confirming that breaking changes have been addressed.

apps/content/docs/integrations/ai-sdk.md (2)

29-29: The use of await convertToModelMessages(input.messages) is correct for AI SDK v6. In v6, this function is asynchronous and returns Promise<ModelMessage[]>, so the await is required.

---

25-25: Async handler is required here due to await convertToModelMessages() in AI SDK v6.

This handler must be async because convertToModelMessages() is now async in AI SDK v6. However, note that AI SDK v6 does not require all handlers to be async—only those that use async APIs like streaming or the updated convertToModelMessages(). The handler itself can remain synchronous for use cases that don't await async functions.

packages/ai-sdk/src/tool.ts (1)

41-41: The field name title is correct for AI SDK v6 Tool metadata. Both documentation examples consistently use title: 'Get Weather', and the implementation properly spreads the metadata into the tool definition via the AI_SDK_TOOL_META_SYMBOL. No updates needed.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying orpc with    Cloudflare Pages

Latest commit:	f54463c
Status:	✅  Deploy successful!
Preview URL:	https://ce79133c.orpc-1qh.pages.dev
Branch Preview URL:	https://chore-deps-bump-28-12-25.orpc-1qh.pages.dev

View logs

[gemini-code-assist]

Summary of Changes

Hello @unnoq, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a significant dependency version update across the entire monorepo, ensuring all packages and playgrounds are running on the latest compatible versions of their respective libraries and tools. Alongside these updates, it refactors the pnpm workspace configuration for better management and adjusts ESLint rules to align with the new setup, contributing to overall project stability and maintainability.

Highlights

• Dependency Version Bumps: Numerous packages across the monorepo, including core libraries and playground examples, have received updates to their dependencies and dev dependencies. This includes updates to @tanstack/* libraries, @nestjs/*, react, vue, svelte, zod, ai, and various build/tooling dependencies. Notably, typescript versions in several playgrounds were adjusted to ~5.8.3.
• PNPM Configuration Centralization: The project's pnpm configuration has been streamlined by removing the .npmrc file and integrating its settings (such as useNodeVersion, preferWorkspacePackages, linkWorkspacePackages, and shamefullyHoist) directly into pnpm-workspace.yaml. This centralizes workspace-level pnpm behaviors.
• ESLint Rule Adjustments: New rules have been added to eslint.config.js to disable pnpm/yaml-enforce-settings and yaml/sort-keys, likely to prevent linting errors related to the updated pnpm-workspace.yaml format or specific project needs.
• AI SDK Tool Metadata Refactor: A minor internal change in packages/ai-sdk/src/tool.test.ts updates the metadata symbol from name to title for AI SDK tool definitions, indicating a potential API refinement within the AI SDK integration.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[pkg-pr-new]

More templates

• @orpc/astro-playground
• @orpc/browser-extension-playground
• @orpc/bun-websocket-otel-playground
• @orpc/cloudflare-worker-playground
• @orpc/contract-first-playground
• @orpc/electron-playground
• @orpc/nest-playground
• @orpc/next-playground
• @orpc/nuxt-playground
• @orpc/solid-start-playground
• @orpc/svelte-kit-playground
• @orpc/tanstack-start-playground

@orpc/ai-sdk

npm i https://pkg.pr.new/@orpc/ai-sdk@1315

@orpc/arktype

npm i https://pkg.pr.new/@orpc/arktype@1315

@orpc/client

npm i https://pkg.pr.new/@orpc/client@1315

@orpc/contract

npm i https://pkg.pr.new/@orpc/contract@1315

@orpc/experimental-durable-iterator

npm i https://pkg.pr.new/@orpc/experimental-durable-iterator@1315

@orpc/hey-api

npm i https://pkg.pr.new/@orpc/hey-api@1315

@orpc/interop

npm i https://pkg.pr.new/@orpc/interop@1315

@orpc/json-schema

npm i https://pkg.pr.new/@orpc/json-schema@1315

@orpc/nest

npm i https://pkg.pr.new/@orpc/nest@1315

@orpc/openapi

npm i https://pkg.pr.new/@orpc/openapi@1315

@orpc/openapi-client

npm i https://pkg.pr.new/@orpc/openapi-client@1315

@orpc/otel

npm i https://pkg.pr.new/@orpc/otel@1315

@orpc/experimental-pino

npm i https://pkg.pr.new/@orpc/experimental-pino@1315

@orpc/experimental-publisher

npm i https://pkg.pr.new/@orpc/experimental-publisher@1315

@orpc/experimental-publisher-durable-object

npm i https://pkg.pr.new/@orpc/experimental-publisher-durable-object@1315

@orpc/experimental-ratelimit

npm i https://pkg.pr.new/@orpc/experimental-ratelimit@1315

@orpc/react

npm i https://pkg.pr.new/@orpc/react@1315

@orpc/react-query

npm i https://pkg.pr.new/@orpc/react-query@1315

@orpc/experimental-react-swr

npm i https://pkg.pr.new/@orpc/experimental-react-swr@1315

@orpc/server

npm i https://pkg.pr.new/@orpc/server@1315

@orpc/shared

npm i https://pkg.pr.new/@orpc/shared@1315

@orpc/solid-query

npm i https://pkg.pr.new/@orpc/solid-query@1315

@orpc/standard-server

npm i https://pkg.pr.new/@orpc/standard-server@1315

@orpc/standard-server-aws-lambda

npm i https://pkg.pr.new/@orpc/standard-server-aws-lambda@1315

@orpc/standard-server-fastify

npm i https://pkg.pr.new/@orpc/standard-server-fastify@1315

@orpc/standard-server-fetch

npm i https://pkg.pr.new/@orpc/standard-server-fetch@1315

@orpc/standard-server-node

npm i https://pkg.pr.new/@orpc/standard-server-node@1315

@orpc/standard-server-peer

npm i https://pkg.pr.new/@orpc/standard-server-peer@1315

@orpc/svelte-query

npm i https://pkg.pr.new/@orpc/svelte-query@1315

@orpc/tanstack-query

npm i https://pkg.pr.new/@orpc/tanstack-query@1315

@orpc/trpc

npm i https://pkg.pr.new/@orpc/trpc@1315

@orpc/valibot

npm i https://pkg.pr.new/@orpc/valibot@1315

@orpc/vue-colada

npm i https://pkg.pr.new/@orpc/vue-colada@1315

@orpc/vue-query

npm i https://pkg.pr.new/@orpc/vue-query@1315

@orpc/zod

npm i https://pkg.pr.new/@orpc/zod@1315

commit: f54463c

[gemini-code-assist]

Code Review

This pull request updates numerous dependencies across the monorepo. The changes also include a refactoring of the pnpm configuration, moving settings from .npmrc to pnpm-workspace.yaml. While most of the dependency updates are straightforward, I've identified a potential issue with the pnpm configuration changes that could affect developer workflow. Specifically, the removal of auto-install-peers should be reviewed.

[gemini-code-assist]

The auto-install-peers = true setting was removed with the deletion of this file. This will change the dependency installation behavior, as peer dependencies will no longer be installed automatically. This might lead to issues if developers are not aware of this change and forget to install them manually. If this was unintentional, consider restoring the .npmrc file with this setting.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/ai-sdk/src/tool.test.ts (1)

57-68: Update JSDoc examples to use title instead of name in tool metadata.

The migration from name to title is incomplete. While the test uses the new title field, the JSDoc examples in packages/ai-sdk/src/tool.ts (lines 40-41 and 107-108) still reference the old name field. Update the documentation examples to match the new API to avoid misleading users.

♻️ Duplicate comments (2)

packages/json-schema/package.json (1)

45-45: Zod upgrade aligns with monorepo strategy.

This update is part of the coordinated Zod upgrade across all packages. Ensure the verification requested for Zod 4.2.1 compatibility (in packages/client/package.json) covers this package as well.

packages/shared/package.json (1)

52-52: Zod upgrade consistent with monorepo strategy.

This Zod update aligns with the coordinated upgrade across all packages. Refer to the verification requested in packages/client/package.json for compatibility confirmation.

🧹 Nitpick comments (1)

eslint.config.js (1)

7-10: Consider documenting the rationale for disabling these linting rules.

Disabling pnpm/yaml-enforce-settings and yaml/sort-keys appears related to the workspace configuration changes in pnpm-workspace.yaml. Consider adding a comment explaining why these rules are disabled and whether this is a temporary or permanent change.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c20c3b4 and dc68615.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (47)

• .npmrc
• apps/content/package.json
• eslint.config.js
• package.json
• packages/ai-sdk/package.json
• packages/ai-sdk/src/tool.test.ts
• packages/arktype/package.json
• packages/client/package.json
• packages/contract/package.json
• packages/durable-iterator/package.json
• packages/hey-api/package.json
• packages/json-schema/package.json
• packages/nest/package.json
• packages/openapi/package.json
• packages/publisher-durable-object/package.json
• packages/publisher/package.json
• packages/ratelimit/package.json
• packages/react-query/package.json
• packages/react-swr/package.json
• packages/react/package.json
• packages/server/package.json
• packages/shared/package.json
• packages/solid-query/package.json
• packages/standard-server-aws-lambda/package.json
• packages/standard-server-fastify/package.json
• packages/standard-server-fetch/package.json
• packages/standard-server-node/package.json
• packages/svelte-query/package.json
• packages/tanstack-query/package.json
• packages/trpc/package.json
• packages/valibot/package.json
• packages/vue-colada/package.json
• packages/vue-query/package.json
• packages/zod/package.json
• playgrounds/astro/package.json
• playgrounds/browser-extension/package.json
• playgrounds/bun-websocket-otel/package.json
• playgrounds/cloudflare-worker/package.json
• playgrounds/contract-first/package.json
• playgrounds/electron/package.json
• playgrounds/nest/package.json
• playgrounds/next/package.json
• playgrounds/nuxt/package.json
• playgrounds/solid-start/package.json
• playgrounds/svelte-kit/package.json
• playgrounds/tanstack-start/package.json
• pnpm-workspace.yaml

💤 Files with no reviewable changes (1)

• .npmrc

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: publish-commit
• GitHub Check: test
• GitHub Check: lint
• GitHub Check: Cloudflare Pages

🔇 Additional comments (47)

packages/react/package.json (1)

55-56: Dependency updates look appropriate.

The React patch version bump (19.2.0 → 19.2.3) follows semantic versioning and should only include bug fixes without breaking changes. The Zod update aligns with the monorepo-wide upgrade strategy.

packages/vue-query/package.json (1)

49-49: TanStack Query patch update looks good.

The patch version bump for @tanstack/vue-query (5.91.2 → 5.92.1) should only include bug fixes and is backward compatible. This aligns with the broader TanStack library updates across the monorepo.

packages/shared/package.json (1)

46-46: Type-fest minor version update.

The type-fest update from ^5.2.0 to ^5.3.1 is a minor version bump. Note that this is a production dependency (not devDependency), but minor versions of type-fest typically add new utility types without breaking existing ones, maintaining backward compatibility.

packages/hey-api/package.json (1)

43-43: OpenAPI TypeScript generator patch update.

The update from @hey-api/openapi-ts ^0.80.8 to ^0.80.18 spans 10 patch versions, which likely includes accumulated bug fixes and improvements. Patch versions should maintain backward compatibility with the generated client code.

packages/standard-server-fastify/package.json (1)

51-51: Node.js type definitions update.

The @types/node update from ^22.15.30 to ^22.19.3 is part of a monorepo-wide alignment. Minor version updates to type definitions typically add new types for newer Node.js APIs without breaking existing type definitions.

packages/ai-sdk/package.json (1)

46-47: The code has already been appropriately updated for AI SDK 6.0.x compatibility—the tool metadata field rename from name to title reflects the breaking changes introduced in the 6.0.0 stable release. Version 6.0.3 is a patch release with no additional breaking changes.

packages/client/package.json (1)

73-73: No action needed on this upgrade.

The upgrade from Zod ^4.1.12 to ^4.2.1 is a standard minor version bump. Version 4.2.0 added new features (JSON-Schema support via .toJSONSchema() and z.fromJSONSchema(), plus new combinators z.xor() and z.looseRecord()), and 4.2.1 is a patch release that followed. No breaking changes or compatibility issues were introduced in the 4.2.x line.

packages/standard-server-aws-lambda/package.json (1)

43-43: LGTM!

The @types/node update to ^22.19.3 is consistent with the repo-wide update pattern and represents a routine types-only patch update.

packages/standard-server-node/package.json (1)

41-41: LGTM!

Consistent @types/node update matching the repo-wide dependency upgrade pattern.

playgrounds/solid-start/package.json (1)

18-23: LGTM!

The dependency updates represent routine minor and patch version bumps for the playground environment. Zod 4.2.1 is confirmed valid per the Zod 4 documentation.

packages/valibot/package.json (2)

47-47: LGTM!

The Zod update to ^4.2.1 is consistent with the repo-wide dependency upgrade pattern.

---

43-43: The @valibot/to-json-schema@1.5.0 upgrade is valid.

Version 1.5.0 exists and is stable. It requires valibot ^1.2.0, which matches the devDependency version specified in this package. The peerDependency constraint (>=1.0.0) remains compatible.

packages/zod/package.json (2)

45-47: LGTM! Zod peerDependency range correctly supports both Zod 3 and 4.

The peerDependency specification ">=3.25.0" combined with the devDependency on ^4.2.1 and the explicit ./zod4 export demonstrates proper support for both Zod 3.x and 4.x users. The broad peerDependency range allows consumers to use either major version while the package tests against Zod 4.

---

52-52: No issues found. The wildcard-match@5.1.4 dependency is published and available as the latest version.

packages/react-swr/package.json (1)

44-44: swr version 2.3.8 is published and available on npm.

packages/publisher/package.json (1)

72-72: Version 1.36.0 is valid and secure.

The @upstash/redis version exists in the npm registry (published 2025-12-25, MIT licensed) with no known security vulnerabilities.

packages/solid-query/package.json (1)

49-50: LGTM! Dependency updates look good.

The updates to @tanstack/solid-query (patch bump) and zod (minor bump within v4) are appropriate for routine maintenance.

packages/ratelimit/package.json (1)

76-76: LGTM! Upstash Redis update looks good.

The minor version bump to @upstash/redis ^1.36.0 is appropriate.

packages/trpc/package.json (1)

46-47: LGTM! tRPC and Zod updates are appropriate.

The updates to @trpc/server and zod follow semantic versioning for minor version bumps.

packages/vue-colada/package.json (1)

49-51: LGTM! Vue ecosystem updates look good.

The patch updates to @pinia/colada and vue are appropriate for routine maintenance.

packages/standard-server-fetch/package.json (1)

40-40: LGTM! Hono server update looks good.

The patch bump to @hono/node-server ^1.19.7 is appropriate.

packages/openapi/package.json (1)

81-85: LGTM! Dependency updates look good.

The updates to rou3 (runtime dependency, patch bump) and zod (devDependency, minor bump) are appropriate for maintenance.

packages/contract/package.json (1)

45-51: LGTM! Schema and validation library updates are appropriate.

The updates include:

• @standard-schema/spec (runtime dependency): ^1.0.0 → ^1.1.0 - minor version bump that should be backward compatible
• zod (devDependency): ^4.1.12 → ^4.2.1 - minor version bump

packages/svelte-query/package.json (1)

49-50: LGTM! TanStack and Zod updates look good.

The updates to @tanstack/svelte-query (patch bump) and zod (minor bump) align with the broader dependency update strategy across the monorepo.

playgrounds/nuxt/package.json (1)

19-23: LGTM! Standard dependency updates for Nuxt, TanStack Vue Query, and Zod.

playgrounds/astro/package.json (2)

13-29: All dependency versions verified as valid.

The pinned versions for all dependencies exist on npm, including @astrojs/check@0.9.6, @tanstack/react-query@5.90.12, @types/react@19.2.7, astro@5.16.6, react@19.2.3, react-dom@19.2.3, typescript@5.8.3, and zod@4.2.1. The @orpc packages with "next" tag are also available. No version issues found.

---

28-28: TypeScript downgrade to 5.8.3 may be intentional for editor stability.

TypeScript 5.8 and 5.9 are both compatible with Astro 5.16.6 at the build level. However, downgrading from 5.9 to 5.8 and switching to a tilde (~) range is a known practice in the Astro ecosystem to maintain editor/LSP stability—TypeScript 5.9 introduced changes that can occasionally cause language-server integration issues. This is typically a pragmatic choice rather than a hard requirement. If this was intentional for stability, it's acceptable; if unintentional, ensure the latest Astro 5.16.x patch is in use and run astro check to verify no typing regressions occur.

playgrounds/bun-websocket-otel/package.json (1)

16-34: LGTM! All dependency versions verified as published on npm. The updates are standard patch/minor bumps across OpenTelemetry, React, TanStack Query, and Zod packages.

packages/react-query/package.json (1)

49-51: Dependency versions verified—all updates are safe.

All three versions are published and secure:

• @tanstack/react-query@5.90.12 (Dec 4, 2025) — no known vulnerabilities
• react@19.2.3 (Dec 11, 2025) — security patch addressing DoS and RCE vulnerabilities
• zod@4.2.1 — no known vulnerabilities

No blocking security advisories. The React update is particularly beneficial as it includes fixes for recent Server Components vulnerabilities.

playgrounds/svelte-kit/package.json (1)

22-29: Verify svelte-check version — 4.3.5 may not exist.

Most dependencies are confirmed (as of Dec 2025): @sveltejs/kit@2.49.2, @sveltejs/vite-plugin-svelte@6.2.1, @tanstack/svelte-query@6.0.10, svelte@5.46.1, typescript@5.8.3, vite@7.3.0, and zod@4.2.1 all exist. However, svelte-check@4.3.5 shows inconsistency—CDN listings report it, but the official GitHub releases for sveltejs/language-tools only confirm up to v4.3.4. Confirm the correct version or downgrade to 4.3.4.

packages/server/package.json (2)

150-150: Clarify if this is a Next.js 15→16 major upgrade; if so, verify breaking changes.

Next.js 16.1.1 patch (16.0.7 → 16.1.1) itself is low-risk—it only backports a Windows symlink fix. However, if this is part of a broader upgrade from Next.js 15 to 16, verify compatibility with these breaking changes: async Request APIs (cookies(), headers(), etc. must be awaited), Node.js 20.9+ requirement, removed AMP support, middleware.ts → proxy.ts transition, caching API changes (revalidateTag, updateTag/refresh semantics), and removed config options (serverRuntimeConfig, publicRuntimeConfig, devIndicators.appIsrStatus/buildActivity).

---

143-153: Verify @tanstack/router-core@1.144.0 availability on npm registry.

Cookie@1.1.1 and zod@4.2.1 have no known vulnerabilities. Next@16.1.1 is a patched release addressing critical RCE (CVE-2025-66478) and DoS vulnerabilities. However, @tanstack/router-core@1.144.0 was released by TanStack on Dec 27, 2025, but does not yet appear in the npm registry snapshot—confirm this version is properly published and accessible before merging.

playgrounds/next/package.json (2)

27-27: Clarify the TypeScript version strategy.

The use of ~5.8.3 (tilde range) restricts updates to patch versions only (5.8.x), which is more conservative than ^5.8.3 (caret range) that would allow minor updates (5.x.x). The pnpm-workspace.yaml shows typescript: ~5.8.3 as an override, suggesting this is an intentional workspace-wide constraint.

However, I notice other playgrounds are being downgraded from ^5.9.3 to ~5.8.3. Please clarify:

1. Is this downgrade intentional?
2. Are there compatibility issues with TypeScript 5.9.x?

---

19-28: Dependency versions verified and secure.

All 10 packages exist on npm and show no known security vulnerabilities.

playgrounds/contract-first/package.json (1)

19-23: Dependency updates align with workspace configuration.

These updates are consistent with the workspace-wide dependency management strategy defined in pnpm-workspace.yaml.

playgrounds/browser-extension/package.json (1)

24-32: LGTM! Dependency updates are consistent.

The updates follow the same pattern as other playground packages and align with the workspace configuration.

playgrounds/electron/package.json (1)

24-36: LGTM! Build tooling and dependency updates look good.

The Electron, Vite, and React plugin updates are minor version bumps that should be compatible with the existing codebase.

playgrounds/tanstack-start/package.json (1)

20-34: LGTM! TanStack ecosystem updates look good.

The TanStack packages are updated to recent versions. Note that @tanstack/react-start is at version 1.145.0 while the router packages are at 1.144.0 - this is likely intentional as these packages may have different release cycles.

pnpm-workspace.yaml (1)

4-4: Good addition of playgrounds to workspace packages.

Including playgrounds/* in the workspace allows consistent dependency management across playground projects, which aligns with the dependency updates in this PR.

packages/arktype/package.json (1)

45-47: LGTM! DevDependencies align with peer dependencies.

Adding @ark/schema and arktype as devDependencies is appropriate since they're already declared as peer dependencies. This allows proper development and testing without requiring consumers to install specific versions.

playgrounds/nest/package.json (1)

12-14: LGTM - NestJS patch updates.

The NestJS packages are updated to patch version 11.1.10, which should be a safe, backward-compatible update.

packages/durable-iterator/package.json (1)

54-60: LGTM - Dependency updates look good.

The dependency updates include:

• partysocket patch update (^1.1.6 → ^1.1.10)
• @cloudflare/workers-types with date-based versioning (Dec 2 → Dec 28, 2025)
• @types/node minor update (^22.15.30 → ^22.19.3)

All updates are backward-compatible version bumps.

packages/tanstack-query/package.json (1)

44-53: LGTM - Coordinated TanStack ecosystem updates.

All TanStack library updates are minor/patch versions that maintain compatibility:

• Query libraries updated to latest patches
• Framework integrations (Angular, React, Solid, Svelte, Vue) updated
• Zod update aligns with monorepo-wide upgrade

These coordinated updates ensure ecosystem compatibility.

package.json (2)

6-6: LGTM - pnpm patch update.

The package manager update from pnpm 10.26.1 to 10.26.2 is a safe patch version bump.

---

29-54: Verify TypeScript version constraint change and downgrade rationale.

The package.json currently specifies ~5.8.3 (tilde constraint, patch-only), not the typical caret (minor + patch) used elsewhere. If this represents a change from a previous ^5.9.3, this is unusual and warrants clarification:

• Is the downgrade from 5.9 to 5.8 intentional? (5.9 introduced stricter type inference that can surface new errors—a plausible reason to pin an earlier version)
• Why the tilde constraint instead of the standard caret used in other devDependencies?

Provide context in the commit message or PR description for this decision.

playgrounds/cloudflare-worker/package.json (1)

15-35: LGTM with note on TypeScript version.

All dependency updates are standard minor/patch bumps:

• Cloudflare, Vite, and React ecosystem updates
• wrangler updated to latest version
• zod aligned with monorepo-wide upgrade

Note: The TypeScript downgrade to ~5.8.3 is consistent with the root package.json change (flagged separately for verification).

apps/content/package.json (1)

34-55: Other dependency updates look good.

Besides the AI SDK major version change (flagged separately), all other updates are minor/patch versions:

• TanStack libraries aligned with ecosystem updates
• Framework updates (Vue, Svelte) are minor versions
• Tooling updates (Sentry, Shiki, OpenAI client) are safe bumps
• zod update consistent with monorepo-wide upgrade

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

Vercel AI SDK version 6 breaking changes compared to version 5

💡 Result:

Summary of notable breaking changes in AI SDK v6 vs v5

• New language-model spec (v3): v6 adopts the v3 Language Model Specification (enables agents/tool approval). This is the main reason for the major version bump and may change some model/agent-related data shapes. [1][2]

• Package & export changes: several @ai-sdk/* packages and the core ai package have new major versions (ai@^6.0.0, @ai-sdk/provider@^3.0.0, provider-utils@^4.0.0, etc.). Compare your imports/exports from ai@5 to ai@6 — some exports were renamed/removed. The repo notes “compare exports of ai@5 and ai@6” as a migration checklist. [4][6]

• ai/test mocks removed/changed: v6 no longer exports the v2 mock classes previously available under ai/test — tests relying on those mocks need updating. [6]

• Data/format changes for agents & tool workflows: agent/tool approval flows and partial streaming semantics follow the new spec; UIs and server code that rely on older v5 agent behaviors may need adjustments. [1][2][4]

• Required code changes & automated codemods: Vercel provides v6 codemods (npx @ai-sdk/codemod v6) to automate many changes (and recommend running them). Also check any manual migration steps in the v6 migration guide. [4]

• Potential runtime incompatibilities during rolling upgrades: docs and community issues warn about incompatibilities between mixed client/server versions and stream/data-format mismatches — consider coordinating client/server upgrades or using compatibility wrappers. [7][9]

Migration guidance (brief)

• Pin and upgrade packages listed in the migration guide (ai@6, @ai-sdk/provider@3, etc.). Run the provided v6 codemods and run tests. Keep backups and coordinate client/server deploys to avoid mixed-version breakage. [4][2][7]

Sources
[1] Vercel blog: AI SDK 6 announcement.
[2] AI SDK 6 Beta announcement / docs.
[4] AI SDK migration guide: Migrate AI SDK 5.x → 6.0 (codemods & package list).
[6] Vercel/ai GitHub (v6 breaking-changes notes: exports, ai/test mock removal).
[7] Community / GitHub issue re: mixed-version compatibility.

---

🏁 Script executed:

#!/bin/bash
# Search for AI SDK imports and usage patterns
rg -n --type ts --type tsx 'from ["\']ai["\']' -A 3 -B 1

Repository: unnoq/orpc

Length of output: 164

---

🏁 Script executed:

#!/bin/bash
# Also check for common AI SDK functions that might have changed
rg -n 'generateText|streamText|generateObject|streamObject' --type ts --type tsx -B 2 -A 2

Repository: unnoq/orpc

Length of output: 81

---

🏁 Script executed:

#!/bin/bash
# Find TypeScript files first
fd -e ts -e tsx | head -20

Repository: unnoq/orpc

Length of output: 914

---

🏁 Script executed:

#!/bin/bash
# Search for AI SDK imports with simpler pattern
rg "from ['\"]ai['\"]" -A 3 | head -50

Repository: unnoq/orpc

Length of output: 1355

---

🏁 Script executed:

#!/bin/bash
# Search for common AI SDK function calls that might indicate v5 vs v6 usage
rg "generateText|streamText|generateObject|streamObject" -A 2 -B 2 | head -50

Repository: unnoq/orpc

Length of output: 2607

---

🏁 Script executed:

#!/bin/bash
# Check if there are any migration-related files or comments
rg "ai-sdk|codemod|migration|v6|breaking" -i | head -30

Repository: unnoq/orpc

Length of output: 2407

---

🏁 Script executed:

#!/bin/bash
# Look for package.json to understand the repo structure
find . -name "package.json" -type f | grep -E "^\./(apps|packages)" | head -10

Repository: unnoq/orpc

Length of output: 378

---

🏁 Script executed:

#!/bin/bash
# View apps/content/package.json to see all AI-related dependencies
cat apps/content/package.json | grep -A 30 '"dependencies"'

Repository: unnoq/orpc

Length of output: 36

---

🏁 Script executed:

#!/bin/bash
# View packages/ai-sdk/package.json for its dependencies
cat packages/ai-sdk/package.json | grep -A 30 '"dependencies"'

Repository: unnoq/orpc

Length of output: 288

---

🏁 Script executed:

#!/bin/bash
# Check if there are any recent changes to the AI SDK imports or usage patterns
# Look for v6-specific imports or patterns
rg "from ['\"]ai['\"]|import.*from.*ai" --type ts --type tsx -B 2 -A 5 | head -80

Repository: unnoq/orpc

Length of output: 81

---

🏁 Script executed:

#!/bin/bash
# Check if there are any ai/test mocks being used (which would break in v6)
rg "ai/test|from ['\"]ai/test['\"]" -i

Repository: unnoq/orpc

Length of output: 36

---

🏁 Script executed:

#!/bin/bash
# Look at git diff or recent changes if available to see what changed in this update
git log --oneline --all -20 -- apps/content/package.json 2>/dev/null || echo "Git history not available"

Repository: unnoq/orpc

Length of output: 1873

---

🏁 Script executed:

#!/bin/bash
# Check the full packages/ai-sdk/package.json to see dependencies and peerDependencies
cat packages/ai-sdk/package.json

Repository: unnoq/orpc

Length of output: 1014

---

🏁 Script executed:

#!/bin/bash
# Search for ai-sdk related imports in the actual packages directory
rg "from ['\"]ai['\"]" packages/ -A 2 -B 1

Repository: unnoq/orpc

Length of output: 861

---

🏁 Script executed:

#!/bin/bash
# Check if there are any type imports that might indicate v5-specific types
rg "import type.*from ['\"]ai['\"]" -A 2 -B 1

Repository: unnoq/orpc

Length of output: 372

---

🏁 Script executed:

#!/bin/bash
# Look for any test files that might be using old v5 patterns
fd -e test.ts -e test.tsx packages/ai-sdk/ -x cat {} \;

Repository: unnoq/orpc

Length of output: 423

---

🏁 Script executed:

#!/bin/bash
# Find and read test files in packages/ai-sdk
fd . packages/ai-sdk/ -e test.ts -e test.tsx

Repository: unnoq/orpc

Length of output: 120

---

🏁 Script executed:

#!/bin/bash
# Read the tool.ts file to see what's being imported and used from ai package
cat packages/ai-sdk/src/tool.ts

Repository: unnoq/orpc

Length of output: 5911

---

🏁 Script executed:

#!/bin/bash
# Read the tool.test-d.ts file to see the actual usage patterns
cat packages/ai-sdk/src/tool.test-d.ts

Repository: unnoq/orpc

Length of output: 4264

---

🏁 Script executed:

#!/bin/bash
# Check if there are any breaking changes being handled or migration comments
rg "Tool|tool" packages/ai-sdk/src/ -B 2 -A 2 | head -100

Repository: unnoq/orpc

Length of output: 5827

---

🏁 Script executed:

#!/bin/bash
# Check if there are any v6-specific patterns that would break with v5
# Look for patterns that might not work in v5
rg "Tool|tool|generateText" packages/ai-sdk/src/ -B 2 -A 2 | head -60

Repository: unnoq/orpc

Length of output: 3330

---

🏁 Script executed:

#!/bin/bash
# Check what's exported from ai package and see if v6 introduced changes
# Look for imports from 'ai' package to verify they're v6-compatible
cat packages/ai-sdk/src/index.ts

Repository: unnoq/orpc

Length of output: 311

---

🏁 Script executed:

#!/bin/bash
# Verify the actual peerDependencies constraint vs devDependencies
echo "=== packages/ai-sdk/package.json ==="
grep -A 2 "peerDependencies" packages/ai-sdk/package.json
echo ""
echo "=== packages/ai-sdk/package.json ==="
grep -A 2 "devDependencies" packages/ai-sdk/package.json

Repository: unnoq/orpc

Length of output: 241

---

🏁 Script executed:

#!/bin/bash
# Check git log to see if recent changes were made for v6 upgrade
git log --oneline --all -10 -- packages/ai-sdk/package.json

Repository: unnoq/orpc

Length of output: 398

---

🏁 Script executed:

#!/bin/bash
# Check for any v6-specific breaking changes that might not be handled
# Look for language model spec related code
rg "languageModel|spec|v3" packages/ai-sdk/src/ -i

Repository: unnoq/orpc

Length of output: 36

---

🏁 Script executed:

#!/bin/bash
# Verify peerDependencies declaration - is it intentional to support both v5 and v6?
cat packages/ai-sdk/package.json | head -40

Repository: unnoq/orpc

Length of output: 834

---

Update peerDependencies in packages/ai-sdk to reflect v6 requirement, and verify v6 breaking changes were fully addressed.

The codebase has been upgraded to use AI SDK v6 (^6.0.3), which includes breaking changes: new language-model spec (v3), removed ai/test mocks, export changes, and data format changes for agents/tools. While the code already uses v6-compatible APIs (Tool type, tool(), generateText), there's a version constraint mismatch: packages/ai-sdk declares peerDependencies: "ai": ">=5.0.76" but is only tested with v6 devDependencies. This allows consumers to install v5.0.76, which would break at runtime.

Update packages/ai-sdk/package.json peerDependencies to "ai": "^6.0.0" to enforce v6 requirement and prevent incompatibility. Additionally, confirm that any v6-specific breaking changes (language model spec, export migrations) have been fully addressed across the codebase.

🤖 Prompt for AI Agents

In apps/content/package.json around line 42 and in packages/ai-sdk/package.json
(peerDependencies block), the project now depends on AI SDK v6 but
packages/ai-sdk still allows "ai": ">=5.0.76"; update
packages/ai-sdk/package.json to require "ai": "^6.0.0" in peerDependencies to
prevent installation of incompatible v5, and run a quick sweep to ensure all v6
breaking changes are handled (language-model spec v3 usage, removed ai/test
mocks, updated exports, and agent/tool data format changes) fixing any code that
still expects v5 APIs.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify all package versions in the snippet

for pkg in "@nestjs/common@11.1.10" "@nestjs/core@11.1.10" "@nestjs/platform-express@11.1.10" "@nestjs/platform-fastify@11.1.10" "@nestjs/testing@11.1.10" "@ts-rest/core@3.52.1" "@types/express@5.0.6" "express@5.2.1" "fastify@5.6.2" "rxjs@7.8.2" "supertest@7.1.4" "zod@4.2.1"; do
  echo "Checking $pkg..."
  npm view "$pkg" version 2>&1 | head -1
done

Repository: unnoq/orpc

Length of output: 164

---

🌐 Web query:

@nestjs/common version 11.1.10 npm package

💡 Result:

@nestjs/common@11.1.10 is published (release v11.1.10 on Dec 22, 2025). Install with:
npm install @nestjs/common@11.1.10. [1][2]

Sources:
[1] Nest v11.1.10 release notes (Dec 22, 2025). [DevTalk / GitHub summary].
[2] Package entry showing version 11.1.10 (jsdocs/npm metadata).

---

🌐 Web query:

rxjs version 7.8.2 npm package

💡 Result:

rxjs version 7.8.2 is published on npm — install with:

npm install rxjs@7.8.2

Key details:

• Package page / version 7.8.2 on npm. [1]
• Published (npm shows release date Feb 22, 2025) and mirrored on release trackers. [1][4]
• There is at least one GitHub issue reporting that 7.8.2 included an unexpected breaking change (discussion on the rxjs repo). [2]

Sources:
[1] npm package page for rxjs v7.8.2.
[2] GitHub issue discussing 7.8.2 breaking-change report (ReactiveX/rxjs #7534).
[3] Libraries.io / package metadata for rxjs@7.8.2.

---

🌐 Web query:

zod version 4.2.1 npm package

💡 Result:

Yes — zod version 4.2.1 is published on npm. Install with:
npm install zod@4.2.1

Sources: Snyk package info showing latest 4.2.1, and Zod release notes/changelog. [1][2]

References
[1] Snyk — zod (shows latest version 4.2.1).
[2] Zod changelog / release notes.

---

🌐 Web query:

express version 5.2.1 npm package

💡 Result:

Express v5.2.1 — summary

• Latest published stable release: v5.2.1 (release notes: reverts erroneous breaking change to the extended query parser). [1]
• Release/publish timeframe: published early December 2025 (v5.2.1 on the project releases). [1][2]
• Install: npm install express@5.2.1
• Node requirement / docs: see the package page and repo for Node compatibility and changelog. [2][1]

Sources:
[1] express GitHub releases (v5.2.1).
[2] express package on npm (package page / versions).

---

🌐 Web query:

fastify version 5.6.2 npm package

💡 Result:

fastify v5.6.2 — published (npm) and current release. Install: npm install fastify@5.6.2. [1][2]

References:

1. npm package page (fastify) — shows version 5.6.0/5.6.2 listing and publish info. [1]
2. Release notes / changelog for v5.6.2 (summary of fixes/refactors). [2]

---

All versions exist, but rxjs@7.8.2 has a reported breaking change.

Verified that @nestjs/common@11.1.10, @nestjs/core@11.1.10, @nestjs/platform-express@11.1.10, @nestjs/platform-fastify@11.1.10, @nestjs/testing@11.1.10, rxjs@7.8.2, zod@4.2.1, express@5.2.1, and fastify@5.6.2 are all published. However, rxjs@7.8.2 includes a breaking change (GitHub ReactiveX/rxjs #7534). Verify the codebase is compatible with the rxjs changes before merging.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

npm view @cloudflare/workers-types@4.20251228.0 version 2>&1 | head -20
npm view @types/node@22.19.3 version 2>&1 | head -20

Repository: unnoq/orpc

Length of output: 164

---

🏁 Script executed:

cat packages/publisher-durable-object/package.json | head -50

Repository: unnoq/orpc

Length of output: 164

---

🌐 Web query:

@cloudflare/workers-types version 4.20251228.0 npm

💡 Result:

I couldn't find a published npm release for @cloudflare/workers-types version 4.20251228.0. The most-recent published versions I found are 4.20251225.0 (listed in a Cloudflare package index) and 4.20251120.0 (Yarn/npm listings). Sources: [cfdata/npm index showing v4.20251225.0] [Yarn/npm package page showing latest tags and recent versions]. [1][2]

References

1. cfdata npm index for @cloudflare packages (shows v4.20251225.0).
2. Yarn / npm package pages for @cloudflare/workers-types (recent versions and "latest" tag).

---

🌐 Web query:

@types/node version 22.19.3 npm

💡 Result:

Yes — @types/node@22.19.3 exists (published Dec 14, 2025). Install with:

• npm (dev dep): npm install --save-dev @types/node@22.19.3
• or regular: npm install @types/node@22.19.3

Sources: [1], [2].

Sources
[1] Release list showing 22.19.3 (Dec 14, 2025).
[2] @types/node package on npm.

---

Fix package version: @cloudflare/workers-types does not exist at specified version.

@cloudflare/workers-types@4.20251228.0 is not published on npm. The most recent available version is 4.20251225.0. Update line 44 to use ^4.20251225.0 instead.

@types/node@22.19.3 is valid (verified Dec 14, 2025).

🤖 Prompt for AI Agents

In packages/publisher-durable-object/package.json around lines 44 to 46, the
dependency version for "@cloudflare/workers-types" is set to a non-existent
release "4.20251228.0"; change that version to the latest published one
"^4.20251225.0" (leave the rest of the file and other deps unchanged), save the
file, and run a quick dependency install (npm/yarn/pnpm) to verify there are no
resolution errors.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cat -n playgrounds/svelte-kit/package.json | grep -A 5 -B 5 "typescript"

Repository: unnoq/orpc

Length of output: 373

---

🌐 Web query:

TypeScript 5.9 compatibility issues Vite 7.3 SvelteKit 2.49

💡 Result:

Summary — known compatibility pain points and fixes

• TypeScript 5.9: introduces inference/typing changes that can surface new type errors in libraries and app code (you may need to add explicit type args or update typings). Test/expect type-check breaks after upgrading. (devblogs.microsoft.com)

• Vite 7 / ecosystem changes: Vite 7 is ESM-only and raises Node.js minimums (Node 20.19+/22.12+); that plus breaking plugin peer-dependency ranges has caused some plugins (official Tailwind plugin and others) to fail to install or work until they update peer ranges. Expect to update Node and some Vite plugins (or pin versions). (vite.dev)

• SvelteKit 2.49: current 2.49.x releases are available (2.49.1/2.49.2) and include fixes through Nov–Dec 2025; SvelteKit itself has been kept compatible with recent Vite releases but some adapter/plugins or tooling around SvelteKit (vite-plugin-svelte, Tailwind integrations, language tools) may need matching updates. Verify your @sveltejs/kit, vite-plugin-svelte and related plugins are up-to-date. (github.com)

Practical checklist / remediation

1. Reproduce locally: create minimal branch, upgrade to TS 5.9 and run tsc and your dev build to locate errors. (devblogs.microsoft.com)
2. If you see new type errors from inference changes, try adding explicit type arguments or updating affected packages' types. (devblogs.microsoft.com)
3. Ensure Node meets Vite 7 requirements if you upgrade Vite to 7.x (Node >= 20.19 or 22.12). Otherwise keep Vite <7.0. (vite.dev)
4. Upgrade these in tandem: @sveltejs/kit -> latest 2.49.x, vite-plugin-svelte, and other Vite plugins (Tailwind plugin). Watch plugin peer-deps — pin or wait for plugin releases if installation fails. (github.com)
5. If immediate upgrade causes CI or editor failures, pin TypeScript at 5.8.x (or the last working TS), and upgrade stepwise while monitoring plugin compatibility. (devblogs.microsoft.com)

If you want, tell me:

• your current package versions (typescript, vite, @sveltejs/kit, vite-plugin-svelte, Node) and I’ll give exact upgrade or pin commands and pinpoint likely breaking changes.

Citations:

• 1: https://devblogs.microsoft.com/typescript/announcing-typescript-5-9-rc?utm_source=openai
• 2: https://vite.dev/blog/announcing-vite7?utm_source=openai
• 3: https://github.com/sveltejs/kit/releases?utm_source=openai
• 4: https://devblogs.microsoft.com/typescript/announcing-typescript-5-9-rc?utm_source=openai
• 5: https://devblogs.microsoft.com/typescript/announcing-typescript-5-9-rc?utm_source=openai
• 6: https://vite.dev/blog/announcing-vite7?utm_source=openai
• 7: https://github.com/sveltejs/kit/releases?utm_source=openai
• 8: https://devblogs.microsoft.com/typescript/announcing-typescript-5-9-rc?utm_source=openai

---

Document the type-checking issues preventing TypeScript 5.9 upgrade.

TypeScript 5.8.3 is pinned here (same as in playgrounds/astro/package.json), which aligns with known behavior: TypeScript 5.9 introduces stricter type inference that surfaces type errors in existing code. There is no hard incompatibility with Vite 7.3.0, SvelteKit 2.49.2, or Svelte 5.46.1.

This suggests the codebase has unresolved type errors when compiled with TypeScript 5.9. Please:

• Document which type errors appear when upgrading to ^5.9.3
• Create an issue tracking the effort to resolve these errors and upgrade TypeScript

🤖 Prompt for AI Agents

In playgrounds/svelte-kit/package.json around line 27, TypeScript is pinned to
5.8.3; the reviewer asks you to document the specific type-checking errors
blocking an upgrade to ^5.9.3 and to create a tracking issue to resolve them and
update TypeScript. Run a local TypeScript 5.9.3 install (or update
devDependencies temporarily) and run tsc and the SvelteKit typechecks to capture
all compiler errors; add a new markdown file (e.g.,
docs/ts-upgrade-5.9-issues.md) listing each error with file, line, exact
compiler message, minimal repro or code snippet, and estimated effort to fix;
then create a GitHub issue linking to that doc which outlines the required code
changes, testing steps, and a plan to upgrade package.json to ^5.9.3 and run
CI/typechecks, and include the issue number in the package.json comment or
changelog entry so reviewers can track progress.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

shamefullyHoist pnpm workspaces best practices implications

💡 Result:

Short answer — what it is

• shamefullyHoist (aka shamefully-hoist / shamefully-flatten) tells pnpm to hoist packages into the workspace root node_modules (same effect as publicHoistPattern = ["*"]). It forces a flat/root node_modules layout for compatibility with tools that assume npm/Yarn Classic resolution. [1][2]

When to avoid it (best practice)

• Don’t enable globally by default. Prefer targeted fixes first: add missing deps to the package that needs them, use a pnpmfile hook to patch manifests, or selectively hoist only the problematic packages via hoistPattern / publicHoistPattern. Only use shamefullyHoist when those targeted fixes aren’t possible. [2][3]

Implications and trade‑offs

• Compatibility: fixes tools that break on pnpm’s strict node_modules (good short‑term). [1][2]
• Loss of isolation: packages can access phantom/undeclared deps from root, making dependency boundaries unreliable and masking missing declarations. This increases risk of hidden breakage and harder-to-debug dependency issues. [1][2]
• Determinism & reproducibility: can make installs less explicit and hide why code works locally but fails in stricter CI or other environments. [1][2]
• Performance & disk layout: may increase node_modules size at root and reduce some pnpm performance/network benefits (though the pnpm store is still used). [2]
• Tooling interactions: may hide problems with bundlers, type-checkers, or monorepo-aware tooling; also can interfere with stricter nodeLinker modes (pnp/isolated) if misconfigured. [2][7]

Recommended configuration approach

1. Keep shamefullyHoist=false (default). [1]
2. If a tool fails, first: a) add the missing dependency to the package manifest, or b) add a hoist-pattern/public-hoist-pattern entry for only the packages that need root hoisting. Use exclusions (!pattern) to limit scope. [2][6]
3. Only when selective hoisting or manifest fixes are impossible, enable shamefullyHoist=true as a last resort and document it for the team. [2][7]
4. Prefer explicit CI checks (install on clean environment, pnpm -r why / pnpm install checks) to catch phantom-dependency reliance early. [2]

Quick examples

• Selective public hoist (better than global):
  publicHoistPattern[]=babel-
  publicHoistPattern[]=!@types/react
• Full fallback (only if necessary):
  shamefully-hoist=true
  (See pnpm config docs for exact keys/format.) [2][6]

Sources

1. pnpm npmrc / shamefully-hoist docs. [turn0search2]
2. pnpm docs - node-modules configuration, hoist/hoist-pattern/public-hoist-pattern and guidance. [turn0search7]
3. pnpm workspace settings (shamefullyHoist note). [turn0search0]

---

Reconsider shamefullyHoist: true as a default setting.

The configuration additions improve consistency, but shamefullyHoist should be avoided unless specifically needed:

Positive:

• useNodeVersion: 22.21.1 - Ensures consistent Node.js version across the team
• preferWorkspacePackages: true and linkWorkspacePackages: true - Ensures workspace dependencies are properly linked

Issue with shamefullyHoist: true:

• Flattening all dependencies to root node_modules masks missing dependency declarations in individual packages, allowing phantom dependencies to hide actual issues
• Reduces determinism and can lead to code that works locally but fails in stricter CI or other environments
• May interfere with bundlers, type-checkers, and other tooling

Recommendation:
Before enabling shamefullyHoist, try targeted alternatives:

1. Add missing dependencies directly to the package that needs them
2. Use publicHoistPattern or hoistPattern to hoist only specific packages causing resolution issues (e.g., publicHoistPattern: ["*babel*"])

Only enable shamefullyHoist: true as a last resort if selective hoisting doesn't resolve compatibility issues, and document the specific reason it's required for your workspace.

🤖 Prompt for AI Agents

In pnpm-workspace.yaml around lines 13 to 16, the setting "shamefullyHoist:
true" is enabled which can mask missing package declarations and reduce
determinism; change this by removing or setting "shamefullyHoist" to false,
instead fix package dependency declarations in the affected workspace packages
and, if hoisting is still required for specific packages, add a targeted
"publicHoistPattern" or "hoistPattern" entry (e.g., publicHoistPattern:
["*babel*"]) to selectively hoist only the problematic modules; if you decide to
keep shamefullyHoist, add a clear comment in the file documenting the exact
reason and which packages require it.