pnpm update

[RobbieTheWagner]

Summary by CodeRabbit

• Chores
  • Updated project dependencies and developer tooling across multiple packages (frameworks, build tools, UI libs, and dev utilities) to newer patch/minor versions.
  • Consistency and security/maintenance updates applied; no changes to user-facing behavior or public APIs.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
shepherd-docs	Ready	Preview, Comment	Dec 27, 2025 6:09pm

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
shepherd-landing	Skipped		Dec 27, 2025 6:09pm

[coderabbitai]

📝 Walkthrough

Walkthrough

Several package.json files across the monorepo received dependency and devDependency version bumps; one small code readability tweak in shepherd.js/src/utils/general.ts (parentheses added in a uuid expression). No functional logic or public API changes.

Changes

Cohort / File(s)	Summary
Root-level Dependencies package.json	Bumped multiple devDependencies: @babel/core, @babel/preset-env, autoprefixer, prettier-plugin-svelte, svelte (patch/minor upgrades). No scripts or runtime changes.
Landing Project landing/package.json	Upgraded astro ^5.15.9→^5.16.6, Astro plugins (@astrojs/check, @astrojs/mdx, @astrojs/rss, @astrojs/sitemap) and tooling: tailwindcss, typescript, @tailwindcss/typography, sharp, vite to newer versions.
Shepherd.js Project (manifests) shepherd.js/package.json	Bumped @floating-ui/dom and many devDependencies across Babel, Rollup, Svelte tooling, PostCSS/plugins, Prettier, TypeScript, and related build utilities.
React Package DevDeps packages/react/package.json	Upgraded test/build tooling and types: @testing-library/jest-dom, @vitejs/plugin-react, happy-dom, typescript, vite, vitest.
Small Code Tweak shepherd.js/src/utils/general.ts	Minor parenthesis added in uuid() calculation: `((d + Math.random() * 16) % 16)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I hopped through package lanes tonight,

Bumped versions gently, tidy and bright.
A parenthesis placed with care so neat,
No logic changed — just pruning the wheat.
Hooray for gardens where updates meet! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'pnpm update' is generic and vague, using a non-descriptive term that doesn't convey meaningful information about the specific dependency updates across multiple package.json files.	Consider using a more descriptive title like 'Update dependencies across landing, root, shepherd.js, and react packages' or 'Upgrade Astro, TypeScript, and build tooling dependencies' to better reflect the scope and purpose of the changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pnpm-update

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5a12ba and 38e12fa.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• packages/react/package.json
• shepherd.js/src/utils/general.ts

✅ Files skipped from review due to trivial changes (1)

• shepherd.js/src/utils/general.ts

🔇 Additional comments (1)

packages/react/package.json (1)

36-45: All package versions are valid and exist in npm registry, including TypeScript 5.9.3. No action needed for version validation.

Likely an incorrect or invalid review comment.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dcbf384 and e5a12ba.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• landing/package.json
• package.json
• shepherd.js/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Tests

🔇 Additional comments (4)

landing/package.json (2)

27-29: LGTM - DevDependency updates look good.

The devDependency updates for typography plugin, sharp, and vite are standard patch/minor updates.

---

14-24: TypeScript alignment verified and Astro configuration is compatible.

The landing package has TypeScript ^5.9.3, which aligns with the monorepo root and shepherd.js package. The astro.config.mjs correctly references all installed integrations (@astrojs/mdx, @astrojs/sitemap, @astrojs/tailwind, @astrojs/vercel), and the tsconfig.json extends Astro's strict configuration. The dependency updates are minor version changes with no evident breaking changes. Verify the build succeeds with pnpm build in the landing directory.

shepherd.js/package.json (1)

50-50: No issues with @floating-ui/dom 1.7.4 update.

This is a safe patch release containing a single fix for scrollbar-gutter: stable handling. No breaking changes.

package.json (1)

30-46: Dependency updates are safe—no breaking changes or security advisories identified.

Svelte 5.46.1 contains only patch fixes (type for currentTarget in on, skipping static optimisation for stateless deriveds after await, and preventing HMR loops) with no breaking changes. The Babel 7.28.5 packages have no known security advisories. The updates are ready to proceed.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# First, let's find the package.json and understand the repo structure
find . -name "package.json" -type f | head -20

Repository: shipshapecode/shepherd

Length of output: 237

---

🏁 Script executed:

# Check if we're in the right location and explore the structure
ls -la

Repository: shipshapecode/shepherd

Length of output: 1887

---

🏁 Script executed:

# Verify the lines in question in the shepherd.js/package.json
if [ -f "shepherd.js/package.json" ]; then
  echo "=== Lines 55-86 of shepherd.js/package.json ==="
  sed -n '55,86p' shepherd.js/package.json
else
  echo "shepherd.js/package.json not found, checking current directory"
  pwd
fi

Repository: shipshapecode/shepherd

Length of output: 1219

---

🏁 Script executed:

# Get the full shepherd.js/package.json to see the scripts
cat shepherd.js/package.json

Repository: shipshapecode/shepherd

Length of output: 3096

---

🏁 Script executed:

# Check for build configuration files
ls -la shepherd.js/ | grep -E "rollup|webpack|tsconfig|vite"

Repository: shipshapecode/shepherd

Length of output: 197

---

🏁 Script executed:

# List all files in shepherd.js to understand the structure
ls -la shepherd.js/

Repository: shipshapecode/shepherd

Length of output: 1171

---

🏁 Script executed:

# Check the rollup configuration
cat shepherd.js/rollup.config.mjs

Repository: shipshapecode/shepherd

Length of output: 4217

---

🏁 Script executed:

# Check tsconfig.json
cat shepherd.js/tsconfig.json

Repository: shipshapecode/shepherd

Length of output: 2073

---

🏁 Script executed:

# Check if there are any recent commit messages related to these changes
git log --oneline shepherd.js/package.json | head -10

Repository: shipshapecode/shepherd

Length of output: 85

---

🏁 Script executed:

# Let's verify that all the imports in rollup.config.mjs match the devDependencies
# Extract imports from rollup.config.mjs
echo "=== Imports in rollup.config.mjs ==="
grep "^import" shepherd.js/rollup.config.mjs | sed "s/.*from ['\"]\([^'\"]*\)['\"].*/\1/" | sort

echo ""
echo "=== Checking these against devDependencies ==="
# Get the list of devDependencies (just the package names, without versions)
python3 << 'EOF'
import json
import re

with open('shepherd.js/package.json', 'r') as f:
    pkg = json.load(f)
    
dev_deps = set(pkg['devDependencies'].keys())

# Imports from rollup.config.mjs
imports = [
    'autoprefixer',
    'execa',
    'cssnano',
    '@rollup/plugin-babel',
    'rollup-plugin-serve',
    'rollup-plugin-livereload',
    'rollup-plugin-filesize',
    'rollup-plugin-license',
    'rollup-plugin-postcss',
    '@rollup/plugin-replace',
    '@rollup/plugin-node-resolve',
    'svelte-preprocess',
    'rollup-plugin-svelte',
    'rollup-plugin-visualizer',
    'svelte2tsx',
    '@rollup/plugin-terser'
]

print("Checking all imports are in devDependencies:")
all_present = True
for imp in imports:
    if imp in dev_deps:
        print(f"✓ {imp}")
    else:
        print(f"✗ MISSING: {imp}")
        all_present = False

print(f"\nAll imports present: {all_present}")
EOF

Repository: shipshapecode/shepherd

Length of output: 152

---

🏁 Script executed:

# Check babel.config.cjs to ensure it's compatible
cat shepherd.js/babel.config.cjs

Repository: shipshapecode/shepherd

Length of output: 464

---

🏁 Script executed:

# Check svelte.config.js
cat shepherd.js/svelte.config.js

Repository: shipshapecode/shepherd

Length of output: 301

---

🏁 Script executed:

# Let's check if there are any CI configuration files that might show how the build is tested
find . -name ".github" -type d
ls -la .github/workflows/ | head -20

Repository: shipshapecode/shepherd

Length of output: 372

---

🏁 Script executed:

# Check for workflow files that test the build
cat .github/workflows/test.yml 2>/dev/null || cat .github/workflows/ci.yml 2>/dev/null || echo "No main CI workflow found, listing all workflows:"
ls -la .github/workflows/

Repository: shipshapecode/shepherd

Length of output: 1621

---

🏁 Script executed:

# Check the publish workflow to see if it runs the build
cat .github/workflows/publish.yml

Repository: shipshapecode/shepherd

Length of output: 1094

---

🏁 Script executed:

# Let's also check the root package.json to see if there's a workspace build script
cat package.json | grep -A 20 '"scripts"'

Repository: shipshapecode/shepherd

Length of output: 1001

---

🏁 Script executed:

# Check if there's a dist directory and build artifacts that indicate successful builds
ls -la shepherd.js/dist/ 2>/dev/null || echo "No dist directory found"

Repository: shipshapecode/shepherd

Length of output: 89

---

🏁 Script executed:

# Check the pnpm-lock.yaml to ensure it has entries for all the dependencies
grep -A 2 "@babel/core" pnpm-lock.yaml | head -5

Repository: shipshapecode/shepherd

Length of output: 184

---

🏁 Script executed:

# Check if the last commit's CI workflow passed by looking at the commit
git log --oneline --all -20

Repository: shipshapecode/shepherd

Length of output: 1066

---

🏁 Script executed:

cd shepherd.js
pnpm build
pnpm types:check

Repository: shipshapecode/shepherd

Length of output: 1171

---

🏁 Script executed:

# Install dependencies first
cd shepherd.js
pnpm install

Repository: shipshapecode/shepherd

Length of output: 8457

---

🏁 Script executed:

# Check if there's a known issue or version mismatch with rollup-plugin-postcss
grep -i "postcss" shepherd.js/package.json

Repository: shipshapecode/shepherd

Length of output: 129

---

🏁 Script executed:

# Look at the git history to see what the previous state was
git log --oneline -1 shepherd.js/package.json
git show HEAD:shepherd.js/package.json | grep -A 5 "rollup-plugin-postcss"

Repository: shipshapecode/shepherd

Length of output: 302

---

🏁 Script executed:

# Check if there are any notes in the codebase about this
grep -r "rollup-plugin-postcss" shepherd.js/

Repository: shipshapecode/shepherd

Length of output: 204

---

🌐 Web query:

rollup-plugin-postcss 4.0.2 rollup 4.54.0 compatibility

💡 Result:

Short answer: Probably not fully compatible. rollup-plugin-postcss v4.0.2 was published ~4 years ago and its README documents compatibility up to Rollup v2/v3-era behavior (no explicit support for Rollup 4). Rollup 4 introduced plugin-API changes (see Rollup 4 migration notes) that can break older plugins, so expect issues unless the plugin has been updated to handle those changes—otherwise you’ll need to test or update the plugin. [1][2]

Sources

• rollup-plugin-postcss (v4.0.2) package info / README. [1]
• Rollup 4 “Migrating to Rollup 4” / plugin API breaking changes. [2]

If you want, I can:

• check the plugin’s GitHub issues/PRs for Rollup 4 fixes, or
• suggest current maintained alternatives or forks known to support Rollup 4.

---

🌐 Web query:

rollup-plugin-postcss rollup 4 extract css

💡 Result:

Yes — rollup-plugin-postcss supports extracting CSS. Use the plugin's extract option (true or a path). Example (Rollup 4, ESM config):

• install: npm/yarn add postcss rollup-plugin-postcss --dev

• rollup.config.mjs example:

  import path from 'path'
  import postcss from 'rollup-plugin-postcss'

  export default {
  input: 'src/index.js',
  output: {
  dir: 'dist',
  format: 'es'
  },
  plugins: [
  postcss({
  // extract into dist/.css
  extract: true,

    // OR extract to a specific file:
    // extract: path.resolve('dist/my-styles.css'),
  
    plugins: [] // your PostCSS plugins
  })
  

  ]
  }

Notes:

• extract: true writes a .css next to the generated JS bundle; extract can also be a string (relative or absolute path). [1][2]

Sources:
[1] egoist/rollup-plugin-postcss README (GitHub).
[2] rollup-plugin-postcss package README (npm).

---

🏁 Script executed:

# Check the exact postcss configuration in rollup.config.mjs
grep -A 5 "postcss({" shepherd.js/rollup.config.mjs

Repository: shipshapecode/shepherd

Length of output: 207

---

🏁 Script executed:

# Look at the postcss plugin version history to see if there's a newer/compatible version
# Also check if there are any issues or workarounds documented
git log --all --oneline --grep="postcss" | head -10

Repository: shipshapecode/shepherd

Length of output: 600

---

🏁 Script executed:

# Check the last successful build commit before the pnpm update
git show e776198:shepherd.js/package.json | grep -E "rollup|postcss" | head -10

Repository: shipshapecode/shepherd

Length of output: 472

---

🏁 Script executed:

# Check if there's a newer version of rollup-plugin-postcss available
# by looking at the lock file for available versions
grep "rollup-plugin-postcss" pnpm-lock.yaml | head -20

Repository: shipshapecode/shepherd

Length of output: 171

---

🏁 Script executed:

# Verify the exact versions in the current state vs previous commit
echo "=== Current versions ==="
grep -E "rollup|postcss" shepherd.js/package.json

echo ""
echo "=== Previous versions (e776198) ==="
git show e776198:shepherd.js/package.json | grep -E "rollup|postcss"

Repository: shipshapecode/shepherd

Length of output: 1417

---

🏁 Script executed:

# Let's check if the build worked before the pnpm update by testing checkout e776198
# First, let's see if the issue is specific to rollup-plugin-postcss by checking error logs
# and looking for any known issues

# Test with the previous rollup version to see if that's the culprit
cd shepherd.js
git log --oneline --all | grep -i "postcss\|css" | head -5

Repository: shipshapecode/shepherd

Length of output: 333

---

🏁 Script executed:

# Check if there's been any recent discussion or issues about this in the repo
git log --all --oneline --grep="css\|postcss\|rollup" | head -10

Repository: shipshapecode/shepherd

Length of output: 642

---

🏁 Script executed:

# Let's check the commit that updated rollup to 4.50.2 to see if the build was passing then
git show 8c6cee7 --stat | head -20

Repository: shipshapecode/shepherd

Length of output: 834

---

🏁 Script executed:

# Look for any open issues or comments about rollup-plugin-postcss in the codebase
find . -name "*.md" -o -name "*.js" -o -name "*.mjs" | xargs grep -l "postcss" 2>/dev/null | head -5

Repository: shipshapecode/shepherd

Length of output: 389

---

Build fails with Rollup 4.54.0 due to rollup-plugin-postcss incompatibility.

The build fails with error: cp: cannot stat './tmp/js/css/shepherd.css': No such file or directory. The CSS file is not being extracted by rollup-plugin-postcss v4.0.2 when used with Rollup 4.54.0. The plugin was last updated ~4 years ago and does not support breaking changes introduced in recent Rollup 4.x versions.

Either downgrade Rollup to a compatible version (e.g., 4.50.2 which worked previously) or upgrade to a maintained fork/alternative of rollup-plugin-postcss that supports Rollup 4.54.0.

🤖 Prompt for AI Agents

In shepherd.js/package.json around lines 55 to 86 the build breaks because
rollup version 4.54.0 is incompatible with the unmaintained
rollup-plugin-postcss (v4.0.2) so the CSS asset isn’t extracted; fix by either
pinning Rollup to a working version (change the rollup dependency to "4.50.2"
and run install, then verify build) or replace rollup-plugin-postcss with a
maintained alternative that supports Rollup 4.54.0 (update package.json to the
chosen maintained fork/package, update rollup config imports/usages accordingly,
reinstall deps and verify the CSS extraction and build succeed).