chore(deps): update all dependencies

[auswm85]

Summary

Update all dependencies including major version bumps:

Major version updates:

• astro: 5.18.1 → 6.1.1
• @astrojs/mdx: 4.2.6 → 5.0.3
• @types/node: 22.x → 25.5.0
• @clack/prompts: 0.7.0 → 1.1.0

Minor/patch updates:

• @biomejs/biome: 2.3.11 → 2.4.9
• @astrojs/check: 0.9.6 → 0.9.8
• @playwright/test: 1.50.1 → 1.58.2
• vue: 3.5.27 → 3.5.31

Additional changes:

• Updated Dockerfile.test to use Playwright v1.58.2-jammy
• Updated biome.json schema version
• Fixed lint issues in packages/cli/src/core/color.ts
• Fixed unused type parameter in react.d.ts

Related Issues

Closes #50, closes #51, closes #52, closes #53, closes #54, closes #55, closes #56, closes #57, closes #59, closes #60

Checklist

• Code follows project style guidelines
• Tests added/updated (if applicable)
• Documentation updated (if applicable)
• bun run lint passes
• bun run build succeeds

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update

Additional Notes

All visual tests pass in Docker with the updated Playwright version. No snapshot regeneration was needed.

[coderabbitai]

📝 Walkthrough

Walkthrough

Dependency bumps (Node, Playwright, Astro, Biome, Vue, dev tooling), small runtime/type fixes, CI workflow updates, and minor docs styling/config tweaks. No public API changes.

Changes

Cohort / File(s)	Summary
Test runtime & CI Dockerfile.test, .github/workflows/ci.yml, .github/workflows/deploy-docs.yml	Playwright test image updated to v1.58.2-jammy; added Node.js 22 setup step to docs-a11y and deploy-docs workflows.
Docs app & config apps/docs/package.json, apps/docs/astro.config.mjs, apps/docs/src/content.config.ts, apps/docs/src/pages/showcase/article.astro, apps/docs/src/components/BundleSize.astro	Upgraded Astro and MDX to v6 series, swapped critters integration to @critters-rs/astro, import z from astro:zod, adjusted inline code colors, and convert CSS input to Uint8Array before gzipping.
Tooling / Lint / Biome biome.json, package.json	Biome schema and @biomejs/biome bumped to 2.4.9; Node engine requirement raised to >=22.0.0.
Dev deps across packages packages/core/package.json, packages/cli/package.json, apps/docs/package.json	Bumped @playwright/test to 1.58.2, @axe-core/playwright to 4.11.1, @types/node to 25.5.0, vue patch, and @clack/prompts to 1.1.0.
Type & small logic fixes packages/core/types/react.d.ts, packages/cli/src/core/color.ts	Renamed unused generic T → _T in React augmentation; hardened hexToRgb regex handling and destructured captures for robust parsing.
Accessibility tests apps/docs/tests/accessibility.test.ts, packages/core/tests/e2e/accessibility.a11y.ts, packages/core/tests/e2e/contrast.contrast.ts	Changed @axe-core/playwright imports to named { AxeBuilder }; added explicit TypeScript annotations in filter callbacks for violation IDs.
Styling packages/core/src/components/prose.css	Adjusted prose inline-code color tokens across light/dark themes (--_prose-code-color values updated).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(docs): add showcase pages demonstrating Shift CSS features #49 — touches apps/docs/src/pages/showcase/article.astro; likely related to inline code styling changes.
• feat(docs): add Shiki OKLCH transformer for syntax highlighting #36 — modifies docs config and styling; related to Astro integrations and prose styling adjustments.
• feat(docs): add custom Shift Shiki themes for syntax highlighting #35 — updates docs code-block/theme styling; overlaps with prose/ASTRO config edits.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: updating all dependencies across the project with specific version bumps.
Description check	✅ Passed	The description comprehensively lists all major and minor version updates, additional changes, and linked issues related to the dependency updates.
Linked Issues check	✅ Passed	The PR addresses all coding requirements from linked issues: @clack/prompts upgraded to 1.1.0 with validation fixes [#50], Astro bumped to 6.1.1 [#51], @types/node updated to 25.5.0 [#52, #56], @astrojs/mdx upgraded to 5.0.3 [#53, #59], @biomejs/biome updated to 2.4.9 [#54], @playwright/test bumped to 1.58.2 with import changes [#57], @astrojs/check updated to 0.9.8 [#60], and Vue updated to 3.5.31 [#55].
Out of Scope Changes check	✅ Passed	All changes are in-scope dependency updates and compatibility fixes: package.json updates, Docker base image update, biome.json schema update, import statement fixes for AxeBuilder, TypeScript type annotations, input validation, CSS color token updates, and Astro integration swap are all directly related to the dependency bumps.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/update-all-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Dockerfile.test (1)

1-27: Consider adding a non-root user for defense-in-depth.

Static analysis flags that the container runs as root. While this is a test container (lower risk), running as a non-root user is a security best practice that prevents potential container escape vulnerabilities.

🛡️ Optional: Add non-root user

 FROM mcr.microsoft.com/playwright:v1.58.2-jammy

+# Create non-root user for running tests
+RUN groupadd --gid 1000 testuser && \
+    useradd --uid 1000 --gid 1000 -m testuser
+
 # Install dependencies for Bun
 RUN apt-get update && apt-get install -y unzip && rm -rf /var/lib/apt/lists/*

 # Install Bun
-RUN curl -fsSL https://bun.sh/install | bash
-ENV PATH="/root/.bun/bin:${PATH}"
+RUN curl -fsSL https://bun.sh/install | bash -s -- --install-dir /usr/local/bun
+ENV PATH="/usr/local/bun/bin:${PATH}"

 WORKDIR /app

 # Copy all package files for proper workspace resolution
 COPY package.json bun.lock ./
 COPY packages/core/package.json ./packages/core/
 COPY apps/docs/package.json ./apps/docs/
+COPY packages/cli/package.json ./packages/cli/

 # Install dependencies (skip frozen for cross-platform compatibility)
 RUN bun install

 # Copy source
 COPY . .
+RUN chown -R testuser:testuser /app

 # Build
 RUN bun run build

+USER testuser
+
 # Default command
 CMD ["bun", "run", "--cwd", "packages/core", "test:visual"]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile.test` around lines 1 - 27, Create and switch to a non-root user in
the Dockerfile to avoid running tests as root: add steps to create a user/group
(e.g., "testuser"), chown the /app workspace and Bun install directory
(/root/.bun or move bun to a location the non-root user can access), set HOME
and PATH for that user (so ENV PATH="/root/.bun/bin:${PATH}" is updated or Bun
is installed into a user-writable location), then add USER testuser before the
final CMD (which runs bun run --cwd packages/core test:visual) so the container
executes tests as the non-root account; ensure file ownership and permission
changes happen after COPY and bun install/build so the non-root user can
read/write necessary files.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/docs/package.json`:
- Around line 14-17: Replace the deprecated astro-critters dependency with the
maintained `@critters-rs/astro` (bump to >=1.2.0) in apps/docs/package.json and
update any build references to the new package name so Critters runs with Astro
6; also update the Node engine requirement in the root package.json from "node":
">=20.0.0" to "node": ">=22.0.0" to satisfy Astro 6's Node 22+ requirement.
Ensure package.json dependencies no longer include "astro-critters" and that CI
/ Docker configs honor the new engines spec.

---

Nitpick comments:
In `@Dockerfile.test`:
- Around line 1-27: Create and switch to a non-root user in the Dockerfile to
avoid running tests as root: add steps to create a user/group (e.g.,
"testuser"), chown the /app workspace and Bun install directory (/root/.bun or
move bun to a location the non-root user can access), set HOME and PATH for that
user (so ENV PATH="/root/.bun/bin:${PATH}" is updated or Bun is installed into a
user-writable location), then add USER testuser before the final CMD (which runs
bun run --cwd packages/core test:visual) so the container executes tests as the
non-root account; ensure file ownership and permission changes happen after COPY
and bun install/build so the non-root user can read/write necessary files.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e7156961-94f5-4e5c-9dfa-882e171f9725

📥 Commits

Reviewing files that changed from the base of the PR and between 40e2e73 and 66e4c3e.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock, !bun.lock

📒 Files selected for processing (8)

• Dockerfile.test
• apps/docs/package.json
• biome.json
• package.json
• packages/cli/package.json
• packages/cli/src/core/color.ts
• packages/core/package.json
• packages/core/types/react.d.ts

[coderabbitai]

🧹 Nitpick comments (1)

packages/core/tests/e2e/accessibility.a11y.ts (1)

27-29: Type annotations are pragmatic and correct.

The inline { id: string } type annotation on filter callbacks works correctly for the comparison. For slightly richer type information, you could import and use the Result type from axe-core:

import type { Result } from 'axe-core';
// ...
(v: Result) => v.id === 'color-contrast'

This would give you access to other Result properties (like nodes, impact) with full type support if needed in future debugging scenarios. However, the current approach is perfectly functional.

Also applies to: 48-50, 64-66, 91-93, 158-160, 218-220

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/core/tests/e2e/accessibility.a11y.ts` around lines 27 - 29, Replace
the inline callback type annotations used in the filter calls (e.g., the
callback that produces contrastViolations from
accessibilityScanResults.violations) with the axe-core Result type: add "import
type { Result } from 'axe-core'" at the top, then change the callbacks to accept
(v: Result) so future access to properties like nodes or impact is fully typed;
apply this same change to the other filter occurrences mentioned (the callbacks
at the equivalent filter sites around lines 48-50, 64-66, 91-93, 158-160, and
218-220).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/core/tests/e2e/accessibility.a11y.ts`:
- Around line 27-29: Replace the inline callback type annotations used in the
filter calls (e.g., the callback that produces contrastViolations from
accessibilityScanResults.violations) with the axe-core Result type: add "import
type { Result } from 'axe-core'" at the top, then change the callbacks to accept
(v: Result) so future access to properties like nodes or impact is fully typed;
apply this same change to the other filter occurrences mentioned (the callbacks
at the equivalent filter sites around lines 48-50, 64-66, 91-93, 158-160, and
218-220).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8701ac45-6325-4776-be2c-fcd7dc98b900

📥 Commits

Reviewing files that changed from the base of the PR and between 66e4c3e and 85c8310.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock, !bun.lock

📒 Files selected for processing (7)

• apps/docs/package.json
• apps/docs/src/components/BundleSize.astro
• apps/docs/src/content.config.ts
• apps/docs/tests/accessibility.test.ts
• packages/core/package.json
• packages/core/tests/e2e/accessibility.a11y.ts
• packages/core/tests/e2e/contrast.contrast.ts

✅ Files skipped from review due to trivial changes (5)

• apps/docs/tests/accessibility.test.ts
• apps/docs/src/content.config.ts
• packages/core/tests/e2e/contrast.contrast.ts
• apps/docs/package.json
• packages/core/package.json

[coderabbitai]

🧹 Nitpick comments (2)

packages/cli/src/ui/prompts.ts (1)

168-170: Remove unreachable branch and normalize input once.

Line 169 is unreachable because Line 168 already returns for the same condition. Also, whitespace-only input should be treated as empty before extension checks.

♻️ Suggested cleanup

 		validate: (value) => {
-			if (!value) return 'Value is required';
-			if (!value) return 'Please enter a path';
-			if (!value.endsWith('.css')) return 'Path must end with .css';
+			const trimmed = value.trim();
+			if (!trimmed) return 'Value is required';
+			if (!trimmed.endsWith('.css')) return 'Path must end with .css';
 			return undefined;
 		},

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/ui/prompts.ts` around lines 168 - 170, The validation
contains a duplicate unreachable branch for the same condition and doesn't
normalize whitespace; update the validator that checks the input `value` so you
trim it once up front (e.g., normalize `value = value.trim()`), remove the
redundant `if (!value) return 'Please enter a path'` branch, keep a single empty
check that returns `'Value is required'`, and then perform the extension check
using `value.endsWith('.css')` to return `'Path must end with .css'`.

apps/docs/src/pages/showcase/article.astro (1)

419-420: Consider aligning with the existing pattern in theme.css for inline code styling.

The global color-scheme: light dark is properly configured, so light-dark() will work reliably across supported browsers (~85-90% as of 2026). However, apps/docs/src/styles/theme.css styles the same code:not(pre code) selector without light-dark(), using only background: var(--void-100). For consistency, either:

• Keep the light-dark() approach here and update theme.css to match, or
• Use the simpler semantic token fallback pattern like theme.css does

This is not a breaking issue given the proper color-scheme setup, but consistency reduces cognitive load for maintainers.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/docs/src/pages/showcase/article.astro` around lines 419 - 420, The
inline code styling in apps/docs/src/pages/showcase/article.astro uses
light-dark(...) for background and color while theme.css applies the same
selector (code:not(pre code)) using a simpler semantic token (background:
var(--void-100)); update article.astro to match the existing pattern by
replacing the light-dark(...) usage with the semantic token(s) used in theme.css
(e.g., background: var(--void-100) and the corresponding color token), or
alternatively update theme.css’s code:not(pre code) rule to use light-dark(...)
so both files follow the same approach—modify whichever file contains the
differing rule (the code:not(pre code) styles in article.astro or theme.css) so
both use the same token pattern for consistency.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@apps/docs/src/pages/showcase/article.astro`:
- Around line 419-420: The inline code styling in
apps/docs/src/pages/showcase/article.astro uses light-dark(...) for background
and color while theme.css applies the same selector (code:not(pre code)) using a
simpler semantic token (background: var(--void-100)); update article.astro to
match the existing pattern by replacing the light-dark(...) usage with the
semantic token(s) used in theme.css (e.g., background: var(--void-100) and the
corresponding color token), or alternatively update theme.css’s code:not(pre
code) rule to use light-dark(...) so both files follow the same approach—modify
whichever file contains the differing rule (the code:not(pre code) styles in
article.astro or theme.css) so both use the same token pattern for consistency.

In `@packages/cli/src/ui/prompts.ts`:
- Around line 168-170: The validation contains a duplicate unreachable branch
for the same condition and doesn't normalize whitespace; update the validator
that checks the input `value` so you trim it once up front (e.g., normalize
`value = value.trim()`), remove the redundant `if (!value) return 'Please enter
a path'` branch, keep a single empty check that returns `'Value is required'`,
and then perform the extension check using `value.endsWith('.css')` to return
`'Path must end with .css'`.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 19fcf816-8096-46f9-8a90-e4b314e1793c

📥 Commits

Reviewing files that changed from the base of the PR and between 85c8310 and 7cbfeaf.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock, !bun.lock

📒 Files selected for processing (9)

• .github/workflows/ci.yml
• .github/workflows/deploy-docs.yml
• apps/docs/astro.config.mjs
• apps/docs/package.json
• apps/docs/src/pages/showcase/article.astro
• package.json
• packages/cli/package.json
• packages/cli/src/ui/prompts.ts
• packages/core/src/components/prose.css

✅ Files skipped from review due to trivial changes (4)

• .github/workflows/deploy-docs.yml
• packages/cli/package.json
• packages/core/src/components/prose.css
• apps/docs/package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json