fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.4.0 → ^2.4.15			devDependencies	patch
@changesets/changelog-github (source)	^0.5.2 → ^0.7.0			devDependencies	minor
@changesets/cli (source)	^2.29.8 → ^2.31.0			devDependencies	minor
@effect/cli (source)	^0.73.2 → ^0.75.1			dependencies	minor
@effect/cluster (source)	^0.56.4 → ^0.58.2			dependencies	minor
@effect/experimental (source)	^0.58.0 → ^0.60.0			dependencies	minor
@effect/platform (source)	^0.94.5 → ^0.96.1			dependencies	minor
@effect/platform-node (source)	^0.104.1 → ^0.106.0			dependencies	minor
@effect/printer (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/printer-ansi (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/rpc (source)	^0.73.1 → ^0.75.1			dependencies	minor
@effect/sql (source)	^0.49.0 → ^0.51.1			dependencies	minor
@effect/typeclass (source)	^0.38.0 → ^0.40.0			dependencies	minor
@effect/vitest (source)	^0.27.0 → ^0.29.0			devDependencies	minor
@effect/workflow (source)	^0.16.0 → ^0.18.1			dependencies	minor
@eslint-community/eslint-plugin-eslint-comments	^4.6.0 → ^4.7.1			devDependencies	minor
@eslint/compat (source)	2.0.2 → 2.1.0			devDependencies	minor
@eslint/eslintrc	3.3.3 → 3.3.5			devDependencies	patch
@​prover-coder-ai/eslint-plugin-suggest-members	^0.0.25 → ^0.0.26			devDependencies	patch
@types/node (source)	^24.10.13 → ^24.12.4			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	^8.55.0 → ^8.59.3			devDependencies	minor
@typescript-eslint/parser (source)	^8.55.0 → ^8.59.3			devDependencies	minor
@vitest/coverage-v8 (source)	^4.0.18 → ^4.1.6			devDependencies	minor
@vitest/eslint-plugin	^1.6.9 → ^1.6.17			devDependencies	patch
actions/upload-artifact	v6 → v7			action	major
effect (source)	^3.19.17 → ^3.21.2			dependencies	minor
eslint (source)	^10.0.0 → ^10.3.0			devDependencies	minor
eslint-plugin-simple-import-sort	^12.1.1 → ^13.0.0			devDependencies	major
eslint-plugin-sonarjs (source)	^3.0.7 → ^4.0.3			devDependencies	major
eslint-plugin-sort-destructure-keys	^2.0.0 → ^3.0.0			devDependencies	major
eslint-plugin-unicorn	^63.0.0 → ^64.0.0			devDependencies	major
globals	^17.3.0 → ^17.6.0			devDependencies	minor
jscpd	^4.0.8 → ^4.2.0			devDependencies	minor
node	24.13.1 → 24.15.0			uses-with	minor
pnpm (source)	10.29.3 → 11.1.2			packageManager	major
pnpm/action-setup	v4 → v6			action	major
pnpm/action-setup	v3 → v6			action	major
ts-morph	^27.0.2 → ^28.0.0			dependencies	major
typescript (source)	^5.9.3 → ^6.0.3			devDependencies	major
typescript-eslint (source)	^8.55.0 → ^8.59.3			devDependencies	minor
vite (source)	^7.3.1 → ^8.0.13			devDependencies	major
vitest (source)	^4.0.18 → ^4.1.6			devDependencies	minor

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.15

Compare Source

Patch Changes

• #​9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #​10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  
  nextTick(() => {
    updateDom();
  });

• #​10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @&#8203;keyup.13="submit" />

• #​10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #​10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #​10201 1a08f89 Thanks @​realknove! - Fixed #​10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #​9574 3bd2b6a Thanks @​Conaclos! - Fixed #​9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #​10205 a704a6c Thanks @​Conaclos! - Fixed #​10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

• #​10052 b565bed Thanks @​minseong0324! - Improved noMisleadingReturnType: it now flags union annotations whose extra variants are never returned, and suggests the narrower type (e.g. string | null → string).

  These functions are now reported because null and number are included in the return annotations but never returned:

  function getUser(): string | null {
    return "hello";
  } // null is never returned
  function getCode(): string | number {
    return "hello";
  } // number is never returned

• #​10213 ac30057 Thanks @​dyc3! - Fixed #​9450: HTML and Vue element formatting now preserves child line breaks when an element contains another element child on its own line, instead of collapsing the child element onto the same line.

• #​10275 9ee6c03 Thanks @​solithcy! - Fixed #​10274: Svelte templates with missing expressions no longer parsed as HtmlBogusElement

• #​10143 56798a7 Thanks @​minseong0324! - noMisleadingReturnType now detects misleading return type annotations when object literal properties are initialized with as const.

  This function is now reported because the return annotation widens a property initialized with as const:

  function f(): { value: string } {
    return { value: "text" as const };
  }

• #​10143 56798a7 Thanks @​minseong0324! - noUselessTypeConversion now detects redundant conversions on object literal properties initialized with as const.

  This conversion is now reported because message.value is inferred as a string literal:

  const message = { value: "text" as const };
  String(message.value);

• #​9807 0ae5840 Thanks @​dyc3! - Added the new nursery rule useThisInClassMethods, based on ESLint's class-methods-use-this.

  The rule now reports instance methods, getters, setters, and function-valued instance fields that do not use this, and biome migrate eslint preserves the supported ignoreMethods, ignoreOverrideMethods, and ignoreClassesWithImplements options.

  Invalid:

  class Foo {
    bar() {
      // does not use `this`, invalid
      console.log("Hello Biome");
    }
  }

• #​10258 e7b18f7 Thanks @​ematipico! - Improved linter performance by narrowing the query nodes for several lint rules, reducing how often they are evaluated.

• #​10273 04e22a1 Thanks @​dyc3! - Fixed #​10271: The HTML parser now correctly parses of as text content when in text contexts.

• #​9838 83f7385 Thanks @​dyc3! - Added the nursery rule noBaseToString, which reports stringification sites that fall back to Object's default "[object Object]" formatting. The rule also supports the ignoredTypeNames option.

• #​10143 56798a7 Thanks @​minseong0324! - useExhaustiveSwitchCases now checks switch statements over object literal properties initialized with as const.

  This switch is now reported because status.kind is inferred as the string literal "ready" but no case handles it:

  const status = { kind: "ready" as const };
  switch (status.kind) {
  }

• #​10143 56798a7 Thanks @​minseong0324! - useStringStartsEndsWith now detects string index comparisons on object literal properties initialized with as const.

  This comparison is now reported because message.value is inferred as a string literal:

  const message = { value: "hello" as const };
  message.value[0] === "h";

v2.4.14

Compare Source

Patch Changes

• #​9393 491b171 Thanks @​dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

• #​10157 eefc5ab Thanks @​dyc3! - Fixed #​7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.

• #​10054 0e9f569 Thanks @​minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

  A function annotated : object returning an object literal:

  function f(): object {
    return { retry: true };
  }

• #​10116 53269eb Thanks @​jiwon79! - Fixed #​6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.

• #​10092 33d8543 Thanks @​Conaclos! - Fixed #​9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

  Given the following organizeImports options:

  {
    "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
  }

  The following code...

  // Comment
  import "package";
  import "./file.js";

  ...was organized as:

  +
    // Comment
    import "package";
  +
    import "./file.js";

  A blank line was added even though the group ':NODE:' doesn't match any imports here.
  :BLANK_LINE: between never-matched groups and matched groups are now ignored.
  The code is now organized as:

    // Comment
    import "package";
  +
    import "./file.js";

• #​10138 a10b6c1 Thanks @​dyc3! - Fixed Vue v-for handling for noUndeclaredVariables and noUnusedVariables. Biome now recognizes variables declared by v-for directives and references to iterated values in Vue templates.

• #​10115 d428d76 Thanks @​minseong0324! - noMisleadingReturnType no longer reports false positives when a union return type's boolean variant is covered by both true and false returns.

• #​9922 7acf1e0 Thanks @​dyc3! - Added the new nursery rule noReactStringRefs, which disallows legacy React string refs such as ref="hello" and this.refs.hello.

  Biome also reports template-literal refs such as ref={`hello`}, so React code can consistently migrate to callback refs, createRef(), or useRef().

• #​10010 f3e76ab Thanks @​dyc3! - Fixed a bug in the LSP file watcher registration so Biome now watches .biome.json and .biome.jsonc configuration files and reloads workspace settings when they change.

• #​10176 8a40ef8 Thanks @​dyc3! - Fixed #​10011: The noThisInStatic rule no longer reports this when it is used as the constructor target in new this(...), which is required for inherited static factory methods.

• #​10163 6867e96 Thanks @​jiwon79! - Fixed #​9884: The useSortedAttributes auto-fix no longer corrupts source code when both an outer JSX element and a nested JSX-valued attribute have unsorted attributes in the same pass. Multiple unsorted groups separated by spread or shorthand attributes within the same JSX element are now reported as a single diagnostic.

• #​10079 d29dd19 Thanks @​Damix48! - Fixed false positive in noAssignInExpressions for Svelte {@​const} blocks. Assignments in {@​const name = value} are now correctly recognized as declarations rather than accidental assignments in expressions.

• #​10080 5d8fdac Thanks @​Damix48! - Fixed parsing of closing parentheses in Svelte {#each} block key expressions. Biome now correctly parses method calls and other parenthesised expressions used as keys.

  For example, the following snippets are now parsed correctly:

  {#each numbers as number, index (number.toString())}
    <p>{number}</p>
  {/each}
  
  {#each numbers as number (key(number))}
    <p>{number}</p>
  {/each}

• #​10140 e7024b9 Thanks @​solithcy! - Fixed #​10135: Biome no longer crashes on missing Svelte template expressions.

  The following code snippet longer panics:

  {#if }
   <p>^ this would previously crash</p>
  {/if}
  {@&#8203;const }
  <p>    ^ this would also crash</p>

• #​10111 7818009 Thanks @​jiwon79! - Fixed #​9997: noDuplicateSelectors no longer reports false positives for selectors inside @scope queries. Biome now treats @scope as a separate at-rule context, like @media, @supports, @container, and @starting-style.

  The following snippet is no longer flagged as a duplicate:

  .Example {
    padding: 0;
  }
  
  @​scope (.theme-dark) {
    .Example {
      color: white;
    }
  }

• #​9926 d62b331 Thanks @​dyc3! - Added the nursery lint rule useMathMinMax, which prefers Math.min() and Math.max() over equivalent ternary comparisons.

  For example, this code:

  const min = a < b ? a : b;

  is much more readable when rewritten as:

  const min = Math.min(a, b);

• #​10115 d428d76 Thanks @​minseong0324! - useExhaustiveSwitchCases now flags missing true/false cases for boolean discriminants, including when boolean is a union variant.

• #​10125 a55a0b6 Thanks @​bmish! - Fixed a resolver bug where packages that define a typed entry point through package.json's main field but omit types were ignored during type-aware resolution. Type-aware rules such as noFloatingPromises can now inspect imports from those packages.

• #​10117 895e809 Thanks @​denizdogan! - Added support for the corner-shape family of CSS properties and the superellipse()/squircle() value functions, so noUnknownProperty and noUnknownFunction no longer flag them as unknown.

  New known properties: corner-shape, corner-block-end-shape, corner-block-start-shape, corner-bottom-left-shape, corner-bottom-right-shape, corner-bottom-shape, corner-end-end-shape, corner-end-start-shape, corner-inline-end-shape, corner-inline-start-shape, corner-left-shape, corner-right-shape, corner-start-end-shape, corner-start-start-shape, corner-top-left-shape, corner-top-right-shape, corner-top-shape.

  New known value functions: superellipse(), squircle().

• #​8620 8df8f73 Thanks @​dyc3! - Fixed #​8062: Added support for parsing Vue v-for directives more accurately.

• #​10191 aa055cd Thanks @​guney! - Now the rule noStaticElementInteractions doesn't trigger custom elements.

• #​9757 2c62594 Thanks @​dyc3! - Fixed #​9099: the HTML formatter collapsing non-text children (inline elements, Svelte expressions, comments) onto a single line when the source had them on separate lines. Biome now preserves the user's intended line breaks for exclusively non-text children.

  For example, the following Svelte snippet is now preserved instead of being collapsed to <div>{name}<!-- comment --></div>:

  <div>
    {name}<!-- comment -->
  </div>

  Similarly, HTML elements like <span> inside a <div> are now preserved when written on their own line:

  <div>
    <span>text</span>
  </div>

• #​10105 e7c1a6d Thanks @​jiwon79! - Fixed #​10039: useReadonlyClassProperties now detects unreassigned private members in class expressions and export default classes, not only in class declarations.

  The following patterns are now correctly flagged:

  const AnonClass = class {
    #prop = 123;
    constructor() {
      console.log(this.#prop);
    }
  };
  
  export default class {
    #prop = 123;
    constructor() {
      console.log(this.#prop);
    }
  }

• #​10141 46a77d0 Thanks @​minseong0324! - Improved noUnnecessaryConditions to detect conditions that are always truthy because they check built-in global class instances such as Date, Map, Set, WeakMap, and Error.

• #​10178 7b05a89 Thanks @​dyc3! - Fixed #​10177: The HTML parser no longer reports lowercase html or doctype text as invalid after void elements such as <br>.

• #​10155 0d4595d Thanks @​jiwon79! - Fixed #​10045: the CSS formatter no longer compounds indentation inside nested functional pseudo-classes such as :not(:where(...)), :is(:where(...)), and similar combinations. The same fix also removes one level of unnecessary indentation that was added inside any pseudo-class function whose argument list wrapped onto multiple lines, including :nth-child(... of ...), ::part(...), and :active-view-transition-type(...).
  The following snippet is now correctly formatted, matching Prettier.

  input:not(
    :where(
      [type="submit"],
      [type="checkbox"],
      [type="radio"],
      [type="button"],
      [type="reset"]
    )
  ) {
    inline-size: 100%;
  }

• #​10112 6f0251e Thanks @​dyc3! - Fixed #​10110: Biome's parser now accepts surrogate code points in JavaScript string \u{...} escapes.

• #​10141 46a77d0 Thanks @​minseong0324! - Improved noMisleadingReturnType to detect object return annotations that hide built-in global class instances such as Date, Map, Set, WeakMap, and Error.

• #​10083 4a664c1 Thanks @​ematipico! - Added two new options to noShadow, both defaulting to true to match typescript-eslint's behavior.

  Fixed #​9482: Added ignoreFunctionTypeParameterNameValueShadow option. When enabled, parameter names inside function type annotations (e.g. (options: unknown) => void) are not flagged as shadowing outer variables.

  Fixed #​7812: Added ignoreTypeValueShadow option. When enabled, a value binding that shares its name with a type-only declaration (type alias or interface) is not flagged, since types and values occupy separate namespaces in TypeScript.

• #​9286 52695cf Thanks @​Hugo-Polloli! - Fixed #​6316: Biome now resolves Svelte $store references to the underlying store binding in semantic analysis, preventing false noUndeclaredVariables diagnostics when the store is declared.

• #​10188 ae659dd Thanks @​dyc3! - Added a new nursery rule noExcessiveNestedCallbacks, which disallows callbacks nested deeper than the configured maximum.

• #​9757 2c62594 Thanks @​dyc3! - Fixed #​9450: the HTML formatter now correctly preserves multiline formatting for nested <template> elements (e.g. <template #body>) when the source has children on separate lines. Previously, the children were collapsed onto a single line.

   <template>
     <UModal>
  -    <template #body> <p>content</p> </template>
  +    <template #body>
  +      <p>content</p>
  +    </template>
     </UModal>
   </template>

• #​10118 c6edcb4 Thanks @​Netail! - Fixed #​10024: biome migrate eslint correctly migrates eslint rules that belong to multiple Biome rules.

v2.4.13

Compare Source

Patch Changes

• #​9969 c5eb92b Thanks @​officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

  For example, the following code triggers the rule:

  const a = `${"hello"}`; // can be 'hello'
  const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
  const c = `${"a"}${"b"}`; // can be 'ab'

• #​10037 f785e8c Thanks @​minseong0324! - Fixed #​9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.

  class Store {
    get status(): string {
      if (Math.random() > 0.5) return "loading";
      return "idle";
    }
    set status(v: string) {}
  }

• #​10084 5e2f90c Thanks @​jiwon79! - Fixed #​10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

  The following pattern is now considered valid:

  /[a-z\&]/v;

• #​10063 c9ffa16 Thanks @​Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​10035 946b50e Thanks @​Netail! - Fixed #​10032: useIframeSandbox now flags if there's no initializer value.

• #​9865 68fb8d4 Thanks @​dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

  For example, the following snippet triggers the rule:

  const foo = node.innerText;

• #​10023 bd1e74f Thanks @​ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

  For example, the following code triggers the rule:

  import View from "react-native/Libraries/Components/View/View";

• #​9885 3dce737 Thanks @​dyc3! - Added a new nursery rule useDomQuerySelector that prefers querySelector() and querySelectorAll() over older DOM query methods such as getElementById() and getElementsByClassName().

• #​9995 4da9caf Thanks @​siketyan! - Fixed #​9994: Biome now parses nested CSS rules correctly when declarations follow them inside embedded snippets.

• #​10009 b41cc5a Thanks @​Jayllyz! - Fixed #​10004: noComponentHookFactories no longer reports false positives for object methods and class methods.

• #​9988 eabf54a Thanks @​Netail! - Tweaked the diagnostics range for useAltText, useButtonType, useHtmlLang, useIframeTitle, useValidAriaRole & useIfameSandbox to report on the opening tag instead of the full tag.

• #​10043 [`fc65902

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated pnpm package manager to version 11.1.2
  • Upgraded Node.js runtime to 24.15.0
  • Updated GitHub Actions and artifact upload workflows
  • Bumped development dependencies including build tools, linting, testing, and framework packages

Walkthrough

This PR upgrades GitHub Actions and package manager dependencies across the repository. The root package.json is updated to use pnpm 11.1.2 with Changesets tooling bumped. The app-level package.json upgrades the same pnpm version and numerous dependencies including @effect/* packages, effect, ts-morph, and tooling packages. GitHub workflow files are updated to use newer action versions and Node.js 24.15.0.

Changes

Dependency and Action Upgrades

Layer / File(s)	Summary
Root package manager and Changesets tooling package.json	Root package.json updated to use pnpm 11.1.2 and Changesets packages bumped to compatible versions.
App package manager and dependency upgrades packages/app/package.json	App-level package.json updated to pnpm 11.1.2 and all dependencies (@effect/\* packages, effect, ts-morph, tooling packages) bumped to newer releases.
GitHub Actions and workflow configuration .github/actions/setup/action.yml, .github/workflows/checking-dependencies.yml, .github/workflows/snapshot.yml	GitHub workflow files and composite action updated to use newer action versions (pnpm/action-setup v6, upload-artifact v7) and Node.js 24.15.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• Dependency Dashboard #10 — This PR directly addresses the Renovate Dependency Dashboard updates listed in that issue, including the same pnpm/action-setup, upload-artifact, pnpm, and @effect/* package version bumps.
• Dependency Dashboard component-tagger#2 — Both PRs update the same GitHub Actions (pnpm/action-setup, upload-artifact) and package dependency versions across workflow and package.json files.
• Dependency Dashboard openapi-effect#1 — This PR implements the same Renovate-managed dependency updates (workflow action tags and package.json versions) from the Dependency Dashboard.
• Dependency Dashboard eslint-plugin-suggest-members#2 — This PR applies the Renovate Dependency Dashboard updates mentioned in that issue (pnpm/action-setup, upload-artifact, Node version, and package.json upgrades).
• Dependency Dashboard context-doc#5 — This PR addresses the same Renovate Dependency Dashboard updates (pnpm/action-setup, upload-artifact, pnpm, and package dependency versions).

Poem

🐰 Hop, hop—fresh dependencies bloom!
pnpm 11 clears the room,
@effect packages dance so bright,
workflows upgraded for the light! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(deps): update all dependencies' directly and accurately describes the main change in the pull request, which is a comprehensive dependency update across the entire project.
Description check	✅ Passed	The pull request description is related to the changeset, providing a detailed table of updated packages, versions, update types, and release notes from a Renovate dependency update automation tool.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/actions/setup/action.yml:
- Line 13: The action uses pnpm/action-setup@v6 but the custom action default
still sets node-version: 20.16.0 which is incompatible; update the default
node-version in action.yml to Node 24 (>=24.0.0, e.g., 24.15.0 to match
checking-dependencies.yml) so the action runs on the required runtime, and after
changing the default verify pnpm selection behavior (packageManager in
package.json / pnpm@11.1.2) because v6 has a bug that may ignore
packageManager—if necessary pin the pnpm version explicitly or add configuration
to enforce packageManager to ensure the expected pnpm version is used.

In @.github/workflows/checking-dependencies.yml:
- Line 15: The workflow uses pnpm/action-setup@v6 but package.json declares
packageManager: pnpm@11.1.2, causing a mismatch; either align the workflow or
package.json: update package.json's packageManager to "pnpm@11.1.1" to match the
action's default, or explicitly configure the action in
.github/workflows/checking-dependencies.yml (pnpm/action-setup) with a
compatible with.version value (e.g., 11.1.1) until 11.1.2 is released, or remove
the explicit version so the action auto-detects from package.json and surfaces
the proper error if the version is unavailable.

In `@package.json`:
- Line 6: Update package.json to remove deprecated pnpm v10 fields and adopt
pnpm v11 format: replace any ignoredBuiltDependencies and onlyBuiltDependencies
entries with the new allowBuilds configuration (mapping allowed package patterns
or booleans accordingly) and set the engines.node field to ">=22" (or "22.x" per
project policy) so Node.js requirement is explicit for pnpm 11; also keep
packageManager set to "pnpm@11.1.2" and run the pnpm v10→v11 codemod (pnpx
codemod run pnpm-v10-to-v11) to ensure any other migration changes are applied.

In `@packages/app/package.json`:
- Line 71: Add an "engines" entry to packages/app/package.json to require
Node.js >=20.19.0 so ESLint 10.3.0 runs correctly; locate the existing "eslint":
"^10.3.0" dependency in package.json and add an "engines" object with "node":
">=20.19.0" to enforce the minimum Node version for contributors and CI.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 99f915a6-56ca-42ec-8fc8-02ccf3d20151

📥 Commits

Reviewing files that changed from the base of the PR and between 2b21043 and f9810e9.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/actions/setup/action.yml
• .github/workflows/checking-dependencies.yml
• .github/workflows/snapshot.yml
• package.json
• packages/app/package.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

pnpm/action-setup v6 v5 v4 changelog breaking changes

💡 Result:

Key breaking changes when moving between major versions of pnpm/action-setup (v4 → v5 → v6): 1) GitHub Actions runtime Node.js version changed to Node 24 - The action’s “runs” environment changed from using Node 20 to using Node 24 between v4 and v5 (and therefore affects v5+). [1] - There are discussions/issues explicitly describing this as breaking for older/self-hosted runners and recommending using v5 (or pinning an older v4 tag) as a workaround. [2] - In the v4...v6 compare view, the “runs” section shows node20 → node24. [3] 2) pnpm v11 support and updated pnpm bootstrap behavior (v6 line) - v6 releases include updates to pnpm (for example, “update pnpm to 11.1.1”). [4] - The main releases page shows v6-era notes like “Added support for pnpm v11” and “Updated the action to use Node.js 24.” [5] 3) Input/README contract adjustments that can break workflows relying on older defaults - cache_dependency_path input type/default documentation changed (v4...v6 compare shows a doc/contract change from “string|string[]” to “string” and notes multiple paths are accepted delimited by newlines). [3] - v4...v6 compare also shows example workflow snippets updated to use actions/checkout@v6 and pnpm/action-setup@v6 (if you had workflow parsing or strict linting around these snippets, that would matter, though it’s more guidance than runtime behavior). [3] 4) v5 → v6 behavior regarding package.json packageManager pinning (reported as a bug) - There’s an open issue stating that “action-setup@v6 does not take the requested pnpm version into account” (i.e., it is not honoring the version specified in the packageManager field in package.json). [6] - This is not described as an intentional breaking change in the official release notes we found, but it is a workflow-relevant behavioral regression/issue when upgrading to v6. [6] Practical upgrade guidance (based on the above): - If you run on older/self-hosted GitHub Actions runners that can’t handle Node 24, expect breakage when moving from v4 → v5 or v6; pin to an earlier v4 sub-version as suggested in the issue thread, or test with a runner that supports Node 24. [2] - Re-validate pnpm version selection logic after upgrading to v6, especially if you rely on package.json “packageManager”: the v6 behavior is reported as not honoring that value. [6] - If you use pnpm/action-setup caching, re-check your cache_dependency_path formatting: it’s documented differently in the v4...v6 compare view (string with multiple paths via newline delimiting). [3] If you want, tell me your current pin (e.g., pnpm/action-setup@v4.x or @v5.x) and how you set pnpm version (version input vs package.json packageManager) and whether you use caching; I can map the above into an exact “what to change” checklist.

Citations:

• 1: pnpm/action-setup@v4...v5
• 2: Update to node 24 - breaking pipelines with old GitHub runners pnpm/action-setup#210
• 3: pnpm/action-setup@v4...v6
• 4: https://github.com/pnpm/action-setup/releases/tag/v6.0.8
• 5: https://github.com/pnpm/action-setup/releases
• 6: action-setup@v6 does not take the requested pnpm version into account pnpm/action-setup#225

---

🏁 Script executed:

#!/bin/bash
# Verify consistency across all GitHub Actions files
echo "=== Checking pnpm/action-setup versions ==="
rg -n "pnpm/action-setup@" --type yaml

echo -e "\n=== Checking setup action usage ==="
rg -n "uses: \\./.github/actions/setup" --type yaml

Repository: ProverCoderAI/effect-template

Length of output: 154

---

🏁 Script executed:

#!/bin/bash
# Explore the .github directory structure
echo "=== .github directory structure ==="
find .github -type f 2>/dev/null | head -20

echo -e "\n=== All YAML files in repo ==="
fd -e yaml -e yml | head -30

echo -e "\n=== Search for pnpm references (broader search) ==="
rg "pnpm" --type yaml -l

Repository: ProverCoderAI/effect-template

Length of output: 410

---

🏁 Script executed:

#!/bin/bash
# Read the action.yml file mentioned in the comment
echo "=== Content of .github/actions/setup/action.yml ==="
if [ -f ".github/actions/setup/action.yml" ]; then
  cat -n ".github/actions/setup/action.yml"
else
  echo "File not found at .github/actions/setup/action.yml"
fi

Repository: ProverCoderAI/effect-template

Length of output: 780

---

🏁 Script executed:

#!/bin/bash
# Search for all pnpm/action-setup references with broader patterns
echo "=== Searching for pnpm/action-setup references ==="
rg "pnpm/action-setup" -i

echo -e "\n=== Searching for pnpm version specifications ==="
rg "pnpm" | grep -E "(version|@v[0-9])" | head -20

Repository: ProverCoderAI/effect-template

Length of output: 175

---

🏁 Script executed:

#!/bin/bash
# Read all workflow files to see how the setup action is used
echo "=== Checking workflow files ==="
for file in .github/workflows/*.yml; do
  echo "File: $file"
  cat -n "$file" | grep -A5 -B5 "setup"
  echo "---"
done

Repository: ProverCoderAI/effect-template

Length of output: 2855

---

🏁 Script executed:

#!/bin/bash
# Check for package.json and packageManager field
echo "=== Searching for package.json ==="
find . -name "package.json" -type f | head -5 | while read f; do
  echo "=== $f ==="
  head -30 "$f"
done

Repository: ProverCoderAI/effect-template

Length of output: 2290

---

🏁 Script executed:

#!/bin/bash
# Check git history for pnpm/action-setup changes
echo "=== Git history for pnpm/action-setup version changes ==="
git log -p --all -- ".github/actions/setup/action.yml" | grep -A5 -B5 "pnpm/action-setup" | head -50

Repository: ProverCoderAI/effect-template

Length of output: 131

---

Node.js 24 required for pnpm/action-setup@v6, but action defaults to Node 20.

The upgrade to v6 requires Node.js 24 (its runs environment uses node24), but the custom action defaults to node-version: 20.16.0. This causes the action to fail on Node 20 runners. The checking-dependencies.yml workflow already uses Node 24.15.0 with v6; the custom action's default must match. Additionally, v6 has a reported bug where it does not honor the packageManager field in package.json (currently set to pnpm@11.1.2), which may cause unexpected pnpm version selection. Update the default node-version to 24 or higher, and verify pnpm version behavior after upgrading.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/actions/setup/action.yml at line 13, The action uses
pnpm/action-setup@v6 but the custom action default still sets node-version:
20.16.0 which is incompatible; update the default node-version in action.yml to
Node 24 (>=24.0.0, e.g., 24.15.0 to match checking-dependencies.yml) so the
action runs on the required runtime, and after changing the default verify pnpm
selection behavior (packageManager in package.json / pnpm@11.1.2) because v6 has
a bug that may ignore packageManager—if necessary pin the pnpm version
explicitly or add configuration to enforce packageManager to ensure the expected
pnpm version is used.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

pnpm/action-setup v6 release notes

💡 Result:

pnpm/action-setup v6 release notes (from the repo’s official GitHub Releases pages) are available as a series of versioned release entries under the v6 tags. The most recent v6 entry visible in the official releases feed is v6.0.8 (published 2026-05-12), with the following changes: 1) v6.0.8 (2026-05-12) - docs(README): fix cache_dependency_path type (PR #257) [1] - fix: drop patchPnpmEnv so standalone+self-update works on Windows (PR #258) [1] - fix: update pnpm to 11.1.1 (PR #248) [1] 2) v6.0.4 (2026-04-30) - fix: use npm co-located with the action node binary (PR #239) [2] Additional v6 changes are also reflected in the v4...v6 comparison page (including updates to README/examples and caching-related input typing/behavior), which indicates that v6 introduces/updates inputs like cache_dependency_path handling. In that compare view, cache_dependency_path is described as accepting multiple paths delimited by newlines, and the example workflows are updated to use pnpm/action-setup@v6 instead of v4. [3] Notes / where to read the full set of v6 release notes: - Start at the official Releases index for pnpm/action-setup and select the v6.x.y tags. The Releases index is the source of truth for the complete v6 changelog history. [4] If you want, tell me the exact v6 range you care about (e.g., “v6.0.0 through v6.0.8” or “just v6.0.8”), and I’ll summarize only those entries.

Citations:

• 1: https://github.com/pnpm/action-setup/releases/tag/v6.0.8
• 2: https://github.com/pnpm/action-setup/releases/tag/v6.0.4
• 3: pnpm/action-setup@v4...v6
• 4: https://github.com/pnpm/action-setup/releases

---

🌐 Web query:

Node.js 24.15.0 release notes

💡 Result:

Node.js 24.15.0 (Krypton, LTS) release notes (published 2026-04-15) list these notable changes: - cli: add --max-heap-size option [1] - cli: add --require-module / --no-require-module [2] - crypto: add raw key formats support to the KeyObject APIs [1] - fs: add throwIfNoEntry option for fs.stat and fs.promises.stat [2] - http2: add http1Options for HTTP/1 fallback configuration [2] - module: mark require(esm) as stable [2] - module: mark module compile cache as stable [2] - net: add setTOS and getTOS to Socket [2] - sqlite: add limits property to DatabaseSync [2] - sqlite: mark as release candidate [2] - src: add C++ support for diagnostics channels [2] - stream: rename Duplex.toWeb type option to readableType [2] - test_runner: add exports option for module mocks [2] - test_runner: expose worker ID for concurrent test execution [2] - test_runner: show interrupted test on SIGINT [2] Primary sources for the above are the official Node.js blog release page and the Node.js v24 changelog section for 24.15.0 [1][2].

Citations:

• 1: https://nodejs.org/blog/release/v24.15.0
• 2: https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V24.md

---

🏁 Script executed:

#!/bin/bash
# Check all workflow files for consistency in action versions
rg -n "pnpm/action-setup@" --type yaml
rg -n "node-version:" --type yaml

Repository: ProverCoderAI/effect-template

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Check if the workflow file exists
ls -la .github/workflows/ 2>/dev/null || echo "Directory not found"

# If it exists, read the file
if [ -f ".github/workflows/checking-dependencies.yml" ]; then
  echo "=== File found, reading contents ==="
  cat -n ".github/workflows/checking-dependencies.yml"
else
  echo "File not found"
fi

# Also check with fd for any workflow files
echo "=== Searching for workflow files ==="
fd -e yml -e yaml ".github/workflows/" 2>/dev/null || fd -e yml -e yaml

Repository: ProverCoderAI/effect-template

Length of output: 1412

---

🏁 Script executed:

#!/bin/bash
# Check pnpm version in lock file
head -20 pnpm-lock.yaml | grep -i "version\|lockfileVersion"

# Also check package.json for pnpm version requirement if any
if [ -f "package.json" ]; then
  grep -i "pnpm" package.json
fi

# Check if there's a .npmrc or similar config
if [ -f ".npmrc" ]; then
  cat .npmrc
fi

Repository: ProverCoderAI/effect-template

Length of output: 745

---

🌐 Web query:

pnpm 11.1.2 release date and availability

💡 Result:

No evidence found of a pnpm 11.1.2 release as of 2026-05-14. The latest releases are v11.1.1 (published around 2026-05-12 [1]) and v11.1.0 (published 2026-05-11 [2][3][4]). Official GitHub releases page lists recent tags up to May 12 but no 11.1.2 [3]. npm registry tracks these releases [4], and no sources mention 11.1.2. It is not yet released or available.[2][3][1]

Citations:

• 1: https://newreleases.io/project/github/pnpm/pnpm/release/v11.1.1
• 2: https://github.com/pnpm/pnpm/releases/tag/v11.1.0
• 3: https://github.com/pnpm/pnpm/releases
• 4: https://newreleases.io/project/npm/pnpm/release/11.1.0

---

🌐 Web query:

pnpm/action-setup configure pnpm version 11.1.2

💡 Result:

To configure pnpm/action-setup to install pnpm 11.1.2, use the action’s with.version input: steps: - uses: pnpm/action-setup@v6 with: version: 11.1.2 The version input is “Version of pnpm to install” and supports exact versions like 11.1.2 (or version ranges/tags). If you omit version, the action can use the packageManager field from your package.json instead.[1] You may optionally specify run_install if you also want the action to run pnpm install for you; otherwise run pnpm install in a later step.[1]

Citations:

• 1: https://github.com/pnpm/action-setup

---

Configure pnpm version in pnpm/action-setup to match project requirement.

The workflow uses pnpm/action-setup@v6 which installs pnpm 11.1.1 by default, but the project specifies packageManager: pnpm@11.1.2 in package.json. Since pnpm 11.1.2 does not yet exist, the pnpm install --frozen-lockfile step (line 21) will fail due to version mismatch. Either update package.json to use pnpm 11.1.1, or configure the action with with.version: 11.1.2 once that version is released. Alternatively, the action can auto-detect the version from package.json if no version input is specified (allowing proper error messaging when unavailable).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/checking-dependencies.yml at line 15, The workflow uses
pnpm/action-setup@v6 but package.json declares packageManager: pnpm@11.1.2,
causing a mismatch; either align the workflow or package.json: update
package.json's packageManager to "pnpm@11.1.1" to match the action's default, or
explicitly configure the action in .github/workflows/checking-dependencies.yml
(pnpm/action-setup) with a compatible with.version value (e.g., 11.1.1) until
11.1.2 is released, or remove the explicit version so the action auto-detects
from package.json and surfaces the proper error if the version is unavailable.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

pnpm 11 release notes breaking changes from pnpm 10

💡 Result:

pnpm 11 introduces several breaking changes from v10, primarily documented in the official migration guide [1] and v11.0.0 release notes [2][3]. Key breaking changes include: Node.js requirement: Now requires Node.js 22 or newer; support for v18-21 dropped. pnpm is pure ESM, and standalone exe needs glibc 2.27+ [3][2][4]. Configuration changes [1]: - No longer reads config from package.json#pnpm; move to pnpm-workspace.yaml. -.npmrc limited to auth/registry; other settings (hoist-pattern, node-linker, etc.) to pnpm-workspace.yaml (camelCase keys). - npm_config_* env vars ignored; use pnpm_config_*. - Deprecated build settings (onlyBuiltDependencies, etc.) removed; use allowBuilds [3][2]. - Package manager settings consolidated to pmOnFail: 'download'|'ignore'|'warn'|'error'. - Renames: allowNonAppliedPatches -> allowUnusedPatches; auditConfig.ignoreCves -> auditConfig.ignoreGhsas. Store upgraded to v11: SQLite index.db replaces JSON files; incompatible with v10 stores (clear or migrate) [3][2][5]. Global installs: Isolated in {pnpmHomeDir}/global/v11/{hash}/ with own package.json/node_modules/pnpm-lock.yaml. pnpm install -g (no args) removed; use pnpm add -g [3][2]. pnpm link changes: No global store resolution; only relative/absolute paths. --global removed (use pnpm add -g.); no-arg pnpm link removed [1][6]. Removed commands: pnpm server; npm passthrough (publish, login, etc.) now native, some like access, edit removed [3][2]. Lockfile: patchedDependencies simplified to selector -> hash; auto-migrated [5]. Script shadowing: Scripts named clean/setup/deploy/rebuild run script, not built-in; use pnpm pm [1]. Security defaults: minimumReleaseAge=1440 (1 day), blockExoticSubdeps=true, strictDepBuilds=true [3][2]. A codemod assists migration: pnpx codemod run pnpm-v10-to-v11 [1]. Full details: https://pnpm.io/migration [1], https://github.com/pnpm/pnpm/releases/tag/v11.0.0 [2], https://pnpm.io/blog/releases/11.0 [3].

Citations:

• 1: https://pnpm.io/migration
• 2: https://github.com/pnpm/pnpm/releases/tag/v11.0.0
• 3: https://pnpm.io/blog/releases/11.0
• 4: https://github.com/pnpm/pnpm/releases/tag/v11.0.0-rc.0
• 5: https://github.com/pnpm/pnpm/releases/tag/v11.0.0-alpha.14
• 6: https://github.com/pnpm/pnpm/releases/tag/v11.0.0-beta.3

---

🏁 Script executed:

#!/bin/bash
# Check if pnpm-lock.yaml has been updated alongside this change
git diff HEAD -- pnpm-lock.yaml | head -50

Repository: ProverCoderAI/effect-template

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Check if pnpm-lock.yaml exists and what version it specifies
if [ -f "pnpm-lock.yaml" ]; then
  echo "=== pnpm-lock.yaml lockfileVersion ==="
  head -20 pnpm-lock.yaml | rg "lockfileVersion|name|version"
else
  echo "pnpm-lock.yaml not found"
fi

# Check if package.json has pnpm config that needs migration
echo -e "\n=== package.json pnpm config ==="
jq '.pnpm' package.json 2>/dev/null || echo "No pnpm config in package.json"

# Check Node.js version requirement
echo -e "\n=== Node.js engines requirement ==="
jq '.engines' package.json 2>/dev/null || echo "No engines field"

Repository: ProverCoderAI/effect-template

Length of output: 586

---

🏁 Script executed:

#!/bin/bash
# Check git log to see if pnpm-lock.yaml was modified in this change
echo "=== Recent git changes to pnpm-lock.yaml ==="
git log --oneline -n 10 -- pnpm-lock.yaml 2>/dev/null || echo "No pnpm-lock.yaml history"

# Check if .npmrc or pnpm-workspace.yaml exists
echo -e "\n=== pnpm configuration files ==="
ls -la .npmrc pnpm-workspace.yaml .pnpmfile.cjs 2>/dev/null || echo "Checking config files..."
fd -e "npmrc|pnpmfile|workspace.yaml" .

Repository: ProverCoderAI/effect-template

Length of output: 287

---

🏁 Script executed:

#!/bin/bash
# Check CI workflows for Node.js version
echo "=== CI/CD Node.js version requirement ==="
find .github -name "*.yml" -o -name "*.yaml" 2>/dev/null | head -5 | xargs grep -l "node-version\|node_version\|setup-node" 2>/dev/null | head -1 | xargs cat 2>/dev/null | grep -A 2 "node-version\|setup-node" || echo "Checking workflows..."

Repository: ProverCoderAI/effect-template

Length of output: 370

---

Migrate deprecated pnpm configuration to pnpm 11 format.

The pnpm-lock.yaml has been regenerated to v9.0 (pnpm 11 format), but package.json still contains deprecated configuration that is no longer supported in pnpm 11:

• ignoredBuiltDependencies and onlyBuiltDependencies must be migrated to the new allowBuilds configuration
• Node.js requirement must be explicitly set to 22+ in the engines field (pnpm 11 no longer supports Node.js v18-21)

These deprecated options will cause failures when running pnpm commands. Use the pnpm v10→v11 migration codemod (pnpx codemod run pnpm-v10-to-v11) to complete the migration.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 6, Update package.json to remove deprecated pnpm v10
fields and adopt pnpm v11 format: replace any ignoredBuiltDependencies and
onlyBuiltDependencies entries with the new allowBuilds configuration (mapping
allowed package patterns or booleans accordingly) and set the engines.node field
to ">=22" (or "22.x" per project policy) so Node.js requirement is explicit for
pnpm 11; also keep packageManager set to "pnpm@11.1.2" and run the pnpm v10→v11
codemod (pnpx codemod run pnpm-v10-to-v11) to ensure any other migration changes
are applied.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

ESLint 10.0 release notes breaking changes migration guide

💡 Result:

ESLint 10.0 release notes / breaking changes and the official migration guide are here: 1) Official migration guide (v9.x → v10.x) https://eslint.org/docs/latest/use/migrate-to-10.0.0 [1] 2) Official release notes for v10.0.0 https://eslint.org/blog/2026/02/eslint-v10.0.0-released/ [2] Key breaking changes called out in the migration guide (high-signal items) A) Node.js version support dropped ESLint v10.0.0 no longer supports Node.js versions < v20.19.0 (and also drops v21.x and v23.x); the migration guide says to upgrade to Node.js v20.19.0 or later [1][3]. B) “Old config format” no longer supported; flat config required The v10 migration guide states the legacy config system is removed (i.e., old eslintrc format is no longer supported) and points you to use flat config (eslint.config.) [1]. The migration guide summary also calls out removing the eslintrc format [1][3]. C) New configuration file lookup algorithm In ESLint v9 there was an alternate behavior guarded by a feature flag; in v10.0.0, the behavior is the default. The migration guide describes that config lookup now starts from the directory of each linted file and searches upward to the filesystem root (instead of starting from the current working directory) and that the v10_config_lookup_from_file flag was removed [1]. D) Removed feature for eslintrc config lookup behavior flag Attempting to use v10_config_lookup_from_file now results in an error (because the flag was removed) [1]. E) Rule/behavior & API breaking changes (examples listed in the migration guide) The migration guide lists multiple other breaking/API changes, including (among others) removal of the nodeType property in LintMessage objects [1], JSX references now being tracked [1], and changes around fixer APIs requiring string text arguments [1]. How to migrate (practical steps to follow) - Upgrade Node.js to a supported version (>= v20.19.0) before running ESLint 10 [1]. - Ensure you are using flat config (eslint.config.) and remove any legacy eslintrc configuration usage [1]. - If you previously relied on the v9 config lookup behavior / feature flag, update to the new lookup algorithm (start from each linted file’s directory) [1]. - Then run the official migration guide’s checklist/sections to address any remaining listed breaking changes in your specific setup [1].

Citations:

• 1: https://eslint.org/docs/latest/use/migrate-to-10.0.0
• 2: https://eslint.org/blog/2026/02/eslint-v10.0.0-released/
• 3: https://mintlify.com/eslint/eslint/guides/migrate-to-10

---

🏁 Script executed:

#!/bin/bash
# Check ESLint configuration files for compatibility
fd eslint.config -e js -e mjs -e cjs --exec cat {}

Repository: ProverCoderAI/effect-template

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Check for ESLint configuration files
echo "=== Searching for ESLint config files ==="
fd -e json -e js -e cjs -e mjs '(eslintrc|eslint\.config)' --base-directory .

# Check package.json for Node.js version and ESLint config location
echo -e "\n=== Checking packages/app/package.json ==="
head -80 packages/app/package.json | tail -20

# Check root package.json for Node.js engines
echo -e "\n=== Checking root package.json for engines ==="
rg '"engines"' -A 5 package.json

Repository: ProverCoderAI/effect-template

Length of output: 1013

---

🏁 Script executed:

#!/bin/bash
# More comprehensive search for all ESLint-related configs
echo "=== Searching for all ESLint configs ==="
find . -type f \( -name ".eslintrc*" -o -name "eslint.config.*" \) 2>/dev/null

# Check for ESLint in workspace packages
echo -e "\n=== Checking eslint references in all package.json files ==="
find . -name "package.json" -type f -exec grep -l "eslint" {} \; 2>/dev/null

Repository: ProverCoderAI/effect-template

Length of output: 252

---

🏁 Script executed:

#!/bin/bash
# Check the ESLint flat config file
echo "=== Content of eslint.config.mts ==="
cat packages/app/eslint.config.mts

# Search for Node.js version constraints
echo -e "\n=== Searching for Node.js version constraints ==="
find . -type f \( -name ".nvmrc" -o -name ".tool-versions" -o -name "nvmrc" \) 2>/dev/null | head -10

# Check GitHub workflows for Node.js version
echo -e "\n=== Checking for Node.js version in CI/workflows ==="
fd "\.ya?ml$" .github/workflows 2>/dev/null | xargs grep -h "node-version" 2>/dev/null | head -10

Repository: ProverCoderAI/effect-template

Length of output: 10380

---

🏁 Script executed:

#!/bin/bash
# Check if engines field exists in root and app package.json
echo "=== Checking engines field in package.json files ==="
rg '"engines"' -B 1 -A 3 . --type json

# Check for `@eslint/compat` usage in eslint.config.mts
echo -e "\n=== Checking `@eslint/compat` usage ==="
grep -n "@eslint/compat\|compat" packages/app/eslint.config.mts || echo "No `@eslint/compat` found in config"

Repository: ProverCoderAI/effect-template

Length of output: 219

---

Add engines field to enforce Node.js >= v20.19.0 for ESLint 10.3.0 compatibility.

The repository has already properly migrated to ESLint's flat config format (eslint.config.mts) and uses @eslint/compat correctly for plugin compatibility. However, ESLint 10.3.0 requires Node.js >= v20.19.0, and this constraint should be explicitly documented in package.json via an engines field. Without it, developers using older Node.js versions may encounter runtime errors. Add to packages/app/package.json:

"engines": {
  "node": ">=20.19.0"
}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/app/package.json` at line 71, Add an "engines" entry to
packages/app/package.json to require Node.js >=20.19.0 so ESLint 10.3.0 runs
correctly; locate the existing "eslint": "^10.3.0" dependency in package.json
and add an "engines" object with "node": ">=20.19.0" to enforce the minimum Node
version for contributors and CI.