Update dependencies

[rtbenfield]

Updates the CLI workspace and examples to current compatible dependency lines while preserving the published Node 20 runtime contract. This also folds in security-related updates for Vitest, Next.js, and the Next smoke example transitive PostCSS dependency.

Changes

• Workspace dependencies: Updates CLI runtime dependencies and tooling, including @prisma/compute-sdk, c12, magicast, commander, tsdown, typescript, vitest, and shared root dev tooling.
• Example apps: Updates examples/hello-world and examples/next-smoke dependencies, including TypeScript 6, React patch releases, Next.js 16.2.6, and a postcss override for the Next.js transitive advisory.
• Build tooling: Keeps packages/cli/tsdown.config.ts emitting dist/cli.js after the tsdown upgrade so the existing package bin contract remains valid.
• Tests: Updates affected Vitest mocks to use constructible implementations required by Vitest 4 and stabilizes the symlink escape test when temp directories contain source-root markers.

Updated Packages

• Root: skills ^1.5.7 -> ^1.5.9; tsx ^4.19.2 -> ^4.22.4.
• @prisma/cli dependencies: @clack/prompts ^1.2.0 -> ^1.5.0; @prisma/compute-sdk ^0.19.0 -> ^0.20.0; @prisma/credentials-store ^7.7.0 -> ^7.8.0; @prisma/management-api-sdk ^1.34.0 -> ^1.35.0; c12 4.0.0-beta.4 -> 4.0.0-beta.5; commander ^12.1.0 -> ^14.0.3; magicast ^0.3.5 -> ^0.5.3; string-width ^8.2.0 -> ^8.2.1.
• @prisma/cli dev dependencies: @types/node ^24.0.0 -> ^24.12.4; tsdown ^0.12.5 -> ^0.21.10; tsx ^4.19.2 -> ^4.22.4; typescript ^5.8.3 -> ^6.0.3; vitest ^3.2.4 -> ^4.1.8.
• examples/hello-world: @types/bun ^1.2.0 -> ^1.3.14; tsx ^4.19.2 -> ^4.22.4; typescript ^5.9.3 -> ^6.0.3.
• examples/next-smoke dependencies: next 16.2.3 -> 16.2.6; react 19.2.4 -> 19.2.6; react-dom 19.2.4 -> 19.2.6.
• examples/next-smoke dev dependencies: @types/node ^20 -> ^20.19.41; @types/react ^19 -> ^19.2.15; @types/react-dom ^19 -> ^19.2.3; tsx ^4.19.2 -> ^4.22.4; typescript ^5 -> ^6.0.3.
• examples/next-smoke overrides: Adds postcss override at 8.5.10 for the transitive Next.js advisory.

Why

The update takes compatible dependency lines as far as possible without raising @prisma/cli beyond its declared Node >=20 support. Security-related updates were prioritized, while dependencies requiring newer Node runtimes were intentionally held back.

Skipped Dependencies

• commander@15: requires Node >=22.12.0; @prisma/cli currently supports Node >=20.
• tsdown@0.22.x: requires Node >=22.18.0; @prisma/cli currently supports Node >=20.
• @types/node@25 in @prisma/cli: would expose Node 25 APIs while the CLI still supports lower Node versions.
• @types/node@25 in examples/next-smoke: left on the Node 20 type line to match common supported deployment runtimes.

Verification

• pnpm test
• pnpm build:cli
• pnpm lint:skills
• pnpm test:skills
• pnpm audit
• examples/hello-world: pnpm exec tsc --noEmit
• examples/hello-world: pnpm audit
• examples/next-smoke: pnpm build
• examples/next-smoke: pnpm audit

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 03ac4795-98eb-4ea9-baaa-475f3131dfd9

📥 Commits

Reviewing files that changed from the base of the PR and between 6f7a709 and fadcbfc.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• packages/cli/package.json

---

Summary by CodeRabbit

• Chores

  • Updated project dependencies across CLI packages and example projects to latest versions for improved compatibility and security
  • Enhanced build configuration for better output handling

• Tests

  • Refactored test infrastructure with reusable mock helpers to improve code maintainability and consistency across test suites

Walkthrough

Dependency versions are bumped across root, example projects, and the CLI package; tsdown build configuration is extended; test mock helpers are extracted to reduce duplication in three test suites; and a test environment setup step is added for symlink escape testing.

Changes

Dependency Updates and Test Infrastructure Improvements

Layer / File(s)	Summary
Root and example dependency updates package.json, examples/hello-world/package.json, examples/next-smoke/package.json	Root and example project dev dependencies (tsx, typescript, @types/*) updated to newer versions; example projects also bump framework and runtime versions (next, react, react-dom).
CLI package dependencies and build configuration packages/cli/package.json, packages/cli/tsdown.config.ts	CLI package dependencies bumped (@clack/prompts, Prisma SDKs, commander, magicast, string-width, c12) and dev tooling updated (@types/node, tsdown, tsx, typescript, vitest); tsdown configuration extended with fixedExtension: false option.
Test mock helper refactoring packages/cli/tests/app-bun-compat.test.ts, packages/cli/tests/app-provider.test.ts, packages/cli/tests/auth-ops.test.ts	mockBuildStrategy, mockPreviewBuildStrategy, and mockFileTokenStorage helpers introduced in each test file and used across multiple test cases to replace repeated inline vi.fn().mockImplementation(...) patterns, centralizing mock creation logic.
Test environment setup adjustment packages/cli/tests/app-build.test.ts	Symlink escape rejection test adds .git directory creation to the app path before constructing the escape target and assertion.

---

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title is overly broad and generic. While it relates to the changeset, it does not convey the specific nature of the updates or their scope.	Consider a more descriptive title such as 'Update workspace, CLI, and example dependencies to compatible versions' to better communicate the scope and intent.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description thoroughly explains the changes, rationale, skipped dependencies, and verification steps, directly relating to all aspects of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/dependency-updates

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch chore/dependency-updates

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/cli/package.json`:
- Line 57: The package is using `@types/node` "^24.12.4" while engines.node is
">=20", which allows TypeScript to compile against Node 24-only APIs; update the
dependency entry for "`@types/node`" in packages/cli/package.json to pin it to the
Node 20 major (for example a ^20.x version) so typings match the declared
runtime floor and prevent accidental usage of Node 21+/24-only APIs; ensure the
package.json dependency for "`@types/node`" is changed and run a quick TypeScript
build to validate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: f3405666-5279-435f-aff2-2e0975241a89

📥 Commits

Reviewing files that changed from the base of the PR and between c573c86 and 6f7a709.

⛔ Files ignored due to path filters (3)

• examples/hello-world/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• examples/next-smoke/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (9)

• examples/hello-world/package.json
• examples/next-smoke/package.json
• package.json
• packages/cli/package.json
• packages/cli/tests/app-build.test.ts
• packages/cli/tests/app-bun-compat.test.ts
• packages/cli/tests/app-provider.test.ts
• packages/cli/tests/auth-ops.test.ts
• packages/cli/tsdown.config.ts