Chore(deps): Bump packages for npm audit

[black7375]

Description

fix npm audit error

Related Issue

Summary by CodeRabbit

• Chores

  • Updated development and build tool versions across the project (ESLint, TypeScript-ESLint, Vite, Vitest, esbuild, Babel, and related type packages) to improve tooling stability and compatibility.
  • Updated Dependabot schedule for npm updates from weekly to monthly.

• Refactor

  • Minor typing enhancement to project configuration to better support test-related tooling.

Additional context

Checklist

[changeset-bot]

⚠️ No Changeset found

Latest commit: a987d8e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (1c79303).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit 1c79303611b167ba9dbfcc3fc4f4ee2a0cb164fe (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Wed Sep 17 00:00:00 2025 +0900

    Chore(deps): Bump packages for npm audit

It is possible to fast forward main (c1226f2) to update-deps (1c79303). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[coderabbitai]

Warning

Rate limit exceeded

@black7375 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 3 minutes and 33 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 1c79303 and 89a75df.

⛔ Files ignored due to path filters (2)

• packages/babel/src/__snapshots__/index.ts.snap is excluded by !**/*.snap
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (21)

• .github/dependabot.yml (1 hunks)
• configs/eslint-config-custom/eslint.config.typescript.js (1 hunks)
• configs/eslint-config-custom/package.json (1 hunks)
• configs/vite-config-custom/package.json (1 hunks)
• configs/vite-config-custom/src/index.ts (1 hunks)
• examples/react-babel/package.json (2 hunks)
• examples/react-swc/eslint.config.js (2 hunks)
• examples/react-swc/package.json (1 hunks)
• package.json (2 hunks)
• packages/babel/package.json (1 hunks)
• packages/css-additional-types/tsconfig.codegen.json (1 hunks)
• packages/esbuild/package.json (1 hunks)
• packages/esbuild/src/index.ts (1 hunks)
• packages/esbuild/tsconfig.lib.json (1 hunks)
• packages/integration/package.json (1 hunks)
• packages/integration/src/compile.ts (1 hunks)
• packages/integration/tsconfig.lib.json (1 hunks)
• packages/react/package.json (1 hunks)
• packages/vite/package.json (2 hunks)
• packages/vite/tsconfig.lib.json (1 hunks)
• turbo.json (2 hunks)

Walkthrough

Multiple dependency versions updated across the monorepo's package.json files, including eslint, TypeScript-ESLint, Vite, esbuild, React types, and Node types. No structural, logic, or API changes; purely version increments.

Changes

Cohort / File(s)	Change Summary
ESLint and TypeScript tooling configs/eslint-config-custom/package.json	Bumped @eslint/js (9.37.0 → 9.38.0), @typescript-eslint/parser (8.46.0 → 8.46.2), eslint (9.37.0 → 9.38.0), typescript-eslint (8.46.0 → 8.46.2)
Build tools configs/vite-config-custom/package.json, package.json	Vite updated: 7.1.9 → 7.1.11 (both files)
React example projects examples/react-babel/package.json, examples/react-swc/package.json	Multiple bumps: @eslint/js, eslint, vite (7.1.9 → 7.1.11), typescript-eslint (8.46.0 → 8.46.2), eslint-plugin-react-hooks (6.1.1 → 7.0.0), eslint-plugin-react-refresh (0.4.23 → 0.4.24), @types/react-dom (19.2.1 → 19.2.2)
Root devDependencies package.json	Bumped @types/node (24.7.0 → 24.9.1), @vitest/coverage-v8 (3.2.4 → 4.0.1), eslint (9.37.0 → 9.38.0), vite (7.1.9 → 7.1.11), vitest (3.2.4 → 4.0.1)
Build packages packages/esbuild/package.json, packages/integration/package.json	esbuild updated: 0.25.10 → 0.25.11 (both files)
Package devDependencies packages/react/package.json	@types/react-dom: 19.2.1 → 19.2.2
Package devDependencies packages/vite/package.json	@types/node: 24.7.0 → 24.9.1

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Chore(deps): Bump packages #142: Performs dependency version bumps across the same package.json files in configs and examples directories.
• Chore(deps-dev): Bump the dev-dependencies group across 1 directory with 10 updates #56: Includes overlapping dependency bumps (@eslint/js, eslint, vite) in the same package.json files.
• Chore: Bump package upgrade #108: Performs overlapping dependency version bumps (eslint, vite, @types/node) in configs and packages.

Suggested labels

dependencies

Poem

🐰 The deps march on, version by version clear,
Each package takes its leap without a fear,
Vite hops, ESLint prances, esbuild bounds,
While TypeScript types pirouette around!

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description Check	⚠️ Warning	The pull request description is largely incomplete and does not adequately follow the repository's template. While the Description section contains a one-liner ("fix npm audit error"), it lacks specifics about which vulnerabilities are being addressed or why these specific versions were chosen. More critically, three of the four main template sections—Related Issue, Additional context, and Checklist—are completely empty and contain only placeholder comments. For a change affecting multiple packages across the repository, the template expects linked issues and a checklist to guide reviewers, neither of which are provided.	The author should expand the description to include specific details about which npm audit vulnerabilities are being resolved and why these particular version bumps address them. The Related Issue section should reference the relevant issue or audit report if one exists. The Checklist section should specify what reviewers should verify, such as testing outcomes or confirmation that vulnerabilities are resolved. At minimum, the Additional context section could provide information about the scope and impact of these dependency updates.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Chore(deps): Bump packages for npm audit" clearly and concisely describes the main change in the pull request. It accurately reflects that this is a dependency update PR focused on resolving npm audit issues. The title uses a conventional commit format with a "chore" type and "deps" scope, making it clear this is a maintenance change involving package versions. The phrasing is direct and specific enough that a teammate would understand the primary objective without being vague or off-topic.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (f7870a1).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit f7870a13ed53d41cd72b706bab74951a76d1f20a (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Wed Sep 17 00:00:00 2025 +0900

    Chore(deps): Bump packages for npm audit

It is possible to fast forward main (c1226f2) to update-deps (f7870a1). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (c7a0ab5).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit c7a0ab577e8f79cde6103a1b9856fa24d02d1d69 (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Wed Sep 17 00:00:00 2025 +0900

    Chore(deps): Bump packages for npm audit

It is possible to fast forward main (c1226f2) to update-deps (c7a0ab5). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (434a066).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit 434a066bfb8a56e104e8307153a85c6ca6cc2d96 (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Wed Sep 17 00:00:00 2025 +0900

    Chore(deps): Bump packages for npm audit

It is possible to fast forward main (c1226f2) to update-deps (434a066). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (23495f6).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit 23495f67821dc98db76859395938a093659fbac8 (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Wed Sep 17 00:00:00 2025 +0900

    Chore(deps): Bump packages for npm audit

It is possible to fast forward main (c1226f2) to update-deps (23495f6). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (6f3074b).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit 6f3074bd6eeced3cd6489cc59314f6527ddd0065 (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Thu Sep 18 00:00:00 2025 +0900

    Chore: change dependabot interval to monthly

It is possible to fast forward main (c1226f2) to update-deps (6f3074b). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (94397e7).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit 94397e7a5c6f4131093fb726303dfa9ff21ed44c (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Fri Sep 19 00:00:00 2025 +0900

    fix: typescript settings

It is possible to fast forward main (c1226f2) to update-deps (94397e7). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (21a9fae).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit 21a9fae7744e0dd50cc21644a868e83fc82ddb89 (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Fri Sep 19 00:00:00 2025 +0900

    fix: typescript settings

It is possible to fast forward main (c1226f2) to update-deps (21a9fae). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (89a75df).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit 89a75df59a0d265b4e8452bc93b98054786f08de (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Fri Sep 19 00:00:00 2025 +0900

    fix: typescript settings

It is possible to fast forward main (c1226f2) to update-deps (89a75df). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[github-actions]

Triggered from #262 by @​black7375.

Checking if we can fast forward main (c1226f2) to update-deps (a987d8e).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit a987d8e91f8337942e3faff755087b81e854590f (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Fri Sep 19 00:00:00 2025 +0900

    fix: typescript settings

It is possible to fast forward main (c1226f2) to update-deps (a987d8e). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to update-deps.

[black7375]

/fast-forward

[github-actions]

Triggered from #262 (comment) by @​black7375.

Trying to fast forward main (c1226f2) to update-deps (a987d8e).

Target branch (main):

commit c1226f284266fc1d0fa9865e486dd8f2a3a7ab9e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Tue Sep 16 00:00:00 2025 +0900

    Feat: `theme()` support dtcg format #260

Pull request (update-deps):

commit a987d8e91f8337942e3faff755087b81e854590f (pull_request/update-deps)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Fri Sep 19 00:00:00 2025 +0900

    fix: typescript settings

Fast forwarding main (c1226f2) to update-deps (a987d8e).

$ git push origin a987d8e91f8337942e3faff755087b81e854590f:main
To https://github.com/mincho-js/mincho.git
   c1226f2..a987d8e  a987d8e91f8337942e3faff755087b81e854590f -> main