Update ui deps sync (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@rollup/plugin-alias (source)	^5.1.1 → ^6.0.0
@rollup/plugin-commonjs (source)	^28.0.8 → ^29.0.0
ava (source)	^6.4.1 → ^7.0.0
openai	5.23.2 → 6.25.0
openai	5.23.2 → 6.25.0
svelte-check	^3.8.6 → ^4.4.4
svelte-preprocess	^5.1.4 → ^6.0.3
tailwindcss (source)	^3.4.18 → ^4.2.1

---

Release Notes

rollup/plugins (@​rollup/plugin-alias)

v6.0.0

2025-10-28

Breaking Changes

• feat!: ESM only. Update Node and Rollup minimum versions (#​1926)

rollup/plugins (@​rollup/plugin-commonjs)

v29.0.0

2025-10-30

Breaking Changes

• feat!: revert #​1909 and add requireNodeBuiltins option (#​1937)

v28.0.9

2025-10-24

Bugfixes

• fix: handle node: builtins with strictRequires: auto (#​1930)

avajs/ava (ava)

v7.0.0

Compare Source

What's Changed

• Replace strip-ansi with node:util.stripVTControlCharacters by @​fisker in #​3403
• Remove support for Node.js 18 and 23; require 20.19 or newer, 22.20 or newer or 24,12 or newer; update dependencies including transitive glob by @​novemberborn in #​3416

Full Changelog: avajs/ava@v6.4.1...v7.0.0

openai/openai-node (openai)

v6.25.0

Compare Source

Full Changelog: v6.24.0...v6.25.0

Features

• api: add phase (e32b853)

Bug Fixes

• api: fix phase enum (2ffe1be)
• api: phase docs (7fdfa38)

Chores

• internal: refactor sse event parsing (0ea2380)

v6.24.0

Compare Source

Full Changelog: v6.24.0...v6.25.0

Features

• api: add phase (e32b853)

Bug Fixes

• api: fix phase enum (2ffe1be)
• api: phase docs (7fdfa38)

Chores

• internal: refactor sse event parsing (0ea2380)

v6.23.0

Compare Source

Full Changelog: v6.23.0...v6.24.0

Features

• api: add gpt-realtime-1.5 and gpt-audio-1.5 models to realtime (75875bf)

v6.22.0

Compare Source

Full Changelog: v6.21.0...v6.22.0

Features

• api: container network_policy and skills (65c1482)

Bug Fixes

• docs: restore helper methods in API reference (3a4c189)
• webhooks: restore webhook type exports (49bbf46)

Chores

• internal: avoid type checking errors with ts-reset (4b0d1f2)

Documentation

• split api.md by standalone resources (48e07d6)
• update comment (e3a1ea0)

v6.21.0

Compare Source

Full Changelog: v6.21.0...v6.22.0

Features

• api: container network_policy and skills (65c1482)

Bug Fixes

• docs: restore helper methods in API reference (3a4c189)
• webhooks: restore webhook type exports (49bbf46)

Chores

• internal: avoid type checking errors with ts-reset (4b0d1f2)

Documentation

• split api.md by standalone resources (48e07d6)
• update comment (e3a1ea0)

v6.20.0

Compare Source

Full Changelog: v6.20.0...v6.21.0

Features

• api: support for images in batch api (017ba1c)

v6.19.0

Compare Source

Full Changelog: v6.19.0...v6.20.0

Features

• api: skills and hosted shell (e4bdd62)

v6.18.0

Compare Source

Full Changelog: v6.17.0...v6.18.0

Features

• api: image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (d373c32)

Bug Fixes

• client: avoid memory leak with abort signals (b449f36)
• client: avoid removing abort listener too early (1c045f7)
• client: undo change to web search Find action (8259b45)
• client: update type for find_in_page action (9aa8d98)

Chores

• client: do not parse responses with empty content-length (4a118fa)
• client: restructure abort controller binding (a4d7151)
• internal: fix pagination internals not accepting option promises (6677905)

v6.17.0

Compare Source

Full Changelog: v6.16.0...v6.17.0

Features

• api: add shell_call_output status field (edf9590)
• api: api update (6a2eb80)
• api: api updates (19ca100)

Bug Fixes

• api: mark assistants as deprecated (3ae2a14)

Chores

• ci: upgrade actions/github-script (4ea73d3)
• internal: update actions/checkout version (f163b77)
• internal: upgrade babel, qs, js-yaml (2e2f3c6)

v6.16.0

Compare Source

Full Changelog: v6.15.0...v6.16.0

Features

• api: add new Response completed_at prop (ca40534)
• ci: add breaking change detection workflow (a6f3dea)

Chores

• break long lines in snippets into multiline (80dee2f)
• internal: codegen related update (b2fac3e)

v6.15.0

Compare Source

Full Changelog: v6.14.0...v6.15.0

Bug Fixes

• rebuild (5627b41)

v6.14.0

Compare Source

Full Changelog: v6.14.0...v6.15.0

Bug Fixes

• rebuild (5627b41)

v6.13.0

Compare Source

Full Changelog: v6.13.0...v6.14.0

Features

• api: gpt-image-1.5 (6c1ac1d)

v6.10.0

Compare Source

Full Changelog: v6.9.1...v6.10.0

Features

• api: gpt-5.1-codex-max and responses/compact (935f79e)

Chores

• client: fix logger property type (fdc671f)
• internal: upgrade eslint (9de0f90)

v6.9.1

Compare Source

Full Changelog: v6.9.0...v6.9.1

Bug Fixes

• api: align types of input items / output items for typescript (99adaa7)

v6.9.0

Compare Source

Full Changelog: v6.9.0...v6.9.1

Bug Fixes

• api: align types of input items / output items for typescript (99adaa7)

v6.8.1

Compare Source

Full Changelog: v6.8.0...v6.8.1

Bug Fixes

• api: fix nullability of logprobs (40a403c)

v6.8.0

Compare Source

Full Changelog: v6.7.0...v6.8.0

Features

• api: Realtime API token_limits, Hybrid searching ranking options (6a5b48c)
• api: remove InputAudio from ResponseInputContent (9909fef)

Chores

• internal: codegen related update (3ad52aa)

v6.7.0

Compare Source

Full Changelog: v6.6.0...v6.7.0

Features

• add support for zod@​4 schemas (#​1666) (10ef7ff)

Bug Fixes

• api: docs updates (2591c21)

v6.6.0

Compare Source

Full Changelog: v6.6.0...v6.7.0

Features

• add support for zod@​4 schemas (#​1666) (10ef7ff)

Bug Fixes

• api: docs updates (2591c21)

v6.5.0

Compare Source

Full Changelog: v6.5.0...v6.6.0

Features

• api: Add responses.input_tokens.count (520c8a9)

Bug Fixes

• api: internal openapi updates (d4aaef9)

v6.4.0

Compare Source

Full Changelog: v6.4.0...v6.5.0

Features

• api: api update (4d21af3)

v6.3.0

Compare Source

Full Changelog: v6.3.0...v6.4.0

Features

• api: Add support for gpt-4o-transcribe-diarize on audio/transcriptions endpoint (2d27392)

v6.2.0

Compare Source

Full Changelog: v6.2.0...v6.3.0

Features

• api: comparison filter in/not in (1a733c6)

Chores

• internal: use npm pack for build uploads (a532410)

v6.1.0

Compare Source

Full Changelog: v6.1.0...v6.2.0

Features

• api: dev day 2025 launches (f2816db)

Chores

• internal: codegen related update (b6f64b7)
• jsdoc: fix @​link annotations to refer only to parts of the package‘s public interface (73e465d)

v6.0.1

Compare Source

Full Changelog: v6.0.1...v6.1.0

Features

• api: add support for realtime calls (5de9585)

v6.0.0

Compare Source

Full Changelog: v6.0.0...v6.0.1

Bug Fixes

• api: add status, approval_request_id to MCP tool call (498c6a5)

sveltejs/language-tools (svelte-check)

v4.4.4

Compare Source

Patch Changes

• fix: more robust detection of lang="ts" attribute (#​2957)

• fix: pass filename to warningFilter (#​2959)

• fix: resolve svelte files under path alias in --incremental/tsgo mode (#​2955)

v4.4.3

Compare Source

Patch Changes

• fix: respect @ts-ignore etc comments within tags (#​2950)

v4.4.2

Compare Source

Patch Changes

• fix: resolve shims correctly in --incremental/tsgo mode (cd1ff2f)

• fix: include references in generated tsconfig.json in --incremental/tsgo mode (1990f74)

v4.4.1

Compare Source

Patch Changes

• fix: handle relative imports reaching outside working directory when using --incremental/--tsgo flags (#​2942)

• fix: support SvelteKit zero types in svelte-check --incremental (#​2939)

v4.4.0

Compare Source

Minor Changes

• feat: provide --incremental and --tsgo flags (#​2932)

Patch Changes

• fix: ignore Unix domain sockets in file watcher to prevent crashes (#​2931)

• fix: properly use machine output by default for Claude Code (e9f58d2)

v4.3.6

Compare Source

Patch Changes

• fix: don't hoist type/snippet referencing $store (#​2926)

v4.3.5

Compare Source

Patch Changes

• fix: ensure await-block type is preserved in the latest Svelte version (#​2895)

v4.3.4

Compare Source

Patch Changes

• chore: use machine format when run by Claude Code (#​2870)

v4.3.3

Compare Source

Patch Changes

• fix: prevent file watcher issue (#​2859)

• fix: allow undefined and null values for #each in Svelte 5 (#​2863)

• perf: check if file content changed in tsconfig file watch (#​2859)

v4.3.2

Compare Source

Patch Changes

• perf: tweak some snapshot hot paths (#​2852)

• perf: more precise module cache invalidation (#​2853)

• fix: properly handle runes={false} in <svelte:options> (#​2847)

See https://github.com/sveltejs/language-tools/releases

v4.3.1

Compare Source

fix: handle object literal in MustacheTag (#​2805)

v4.3.0

Compare Source

• feat: zero types for params (#​2795)
• feat: add await support (#​2799)
• fix: strip doctype using AST instead of regex (#​2798)
• chore: make human output more concise and readable (#​2748)

v4.2.2

Compare Source

• fix: invalidate project file cache and handle watcher race condition (#​2779)
• fix: prevent error with bind:this={get, set} (#​2781)
• fix: don't treat derived imported from svelte/store as a potential store (#​2780)
• fix: key block can have its own block scope (#​2768)

v4.2.1

Compare Source

• feat: support generics on snippets (#​2761)

v4.2.0

Compare Source

• feat: support attachments (#​2760)
• fix: deduplicate definition for rune-mode components (#​2759)

v4.1.7

Compare Source

• fix: robustify hoisting logic around prop types (#​2740)
• fix: ensure typed exports are marked as used (#​2746)
• chore: bump vscode-html/css-language-service (#​2752)
• fix: ensure eligible snippets can be referenced in module script (#​2753)
• fix: prevent error with unclosed tag followed by LF or end of file (#​2750)

v4.1.6

Compare Source

• fix: prevent unused variable error for bindable
• fix: ensure exports in runes mode are marked as used
• fix: add color CLI options

v4.1.5

Compare Source

• fix: take other snippets into account when checking for hoistability (#​2668)
• fix: disambiguate render in module script (#​2667)
• fix: properly transform $props.id when $props is assigned to props (#​2694)
• fix: handle booleanish popover (#​2702)
• chore: bump vscode-html/css-language-service (#​2677)
• fix: use referenced project's compiler option to get resolution mode (#​2676)

v4.1.4

Compare Source

• fix: don't hoist types/snippets referencing stores or destructured variables (#​2661)

v4.1.3

Compare Source

• fix: move snippets to correct place when only module script present

v4.1.2

Compare Source

• feat: support generics attribute for JSDoc (#​2624)
• fix: better snippet/interface hoistability analysis (#​2655)
• chore: TypeScript 5.7 support (#​2585)

v4.1.1

Compare Source

• fix: support each without as (#​2615)

v4.1.0

Compare Source

• fix: don't move appended content from previous node while hoisting interface (#​2596)
• fix: ensure hoisted interfaces are moved after hoisted imports (#​2597)
• fix: preserve bind:... mapping on elements for better source maps
• feat: prepare for some upcoming features of Svelte 5

v4.0.9

Compare Source

• fix: detect shadowed variables/types during type hoisting (#​2590)

v4.0.8

Compare Source

• fix: fall back to any instead of unknown for untyped $props (#​2582)
• fix: robustify and fix file writing (#​2584)
• fix: hoist types related to $props rune if possible (#​2571)

v4.0.7

Compare Source

• fix: $props: infer types for $bindable, infer function type from arrow function

v4.0.6

Compare Source

• chore: autotype const load = ... declarations (#​2540)
• chore: provide component instance type in Svelte 5 (#​2553)
• chore: support typescript 5.6 (#​2545)
• fix: infer object and array shapes from fallback types (#​2562)

v4.0.5

Compare Source

• fix: include named exports in svelte 5 type (#​2528)

v4.0.4

Compare Source

• fix: relax component constructor type (#​2524)

v4.0.3

Compare Source

• breaking(svelte5): only generate function component shape in runes mode (#​2517). This means you can no longer just do Component in type positions. Instead you need to prepend it with typeof. Here's how you do it:
  • ...when typing a component instance: Before: let x: Component. After: let x: ReturnType<typeof Component>
  • ...when typing a component constructor/function: Before let x: typeof Component. After let x: typeof Component (no change)
• fix: revert additional two-way-binding checks as they were causing bugs (#​2508)
• fix: include files indirectly belonging to a project into correct project (#​2488)
• fix: check project files update more aggressively before assigning service (#​2518)
• chore: upgrade to chokidar 4 (#​2502)

v4.0.2

Compare Source

• fix: ensure components typed through Svelte 5's Component interface get proper intellisense

v4.0.1

Compare Source

• fix: remove ancient process augmentation from internal d.ts file

v4.0.0

Compare Source

• chore: bump magic-string (#​2476)
• chore: switch from fast-glob to fdir (#​2433)
• fix: detect <script module> tag (#​2482)
• feat: better type checking for bindings in Svelte 5 (#​2477)
• feat: replace svelte-preprocess with barebones TS preprocessor (#​2452)
• feat: project reference support (#​2463)

Breaking changes

• require Svelte 4 or later (#​2453)
• make TypeScript a peer dependency, require TS 5 or later (#​2453)
• require node 18 or later (#​2453)
• process augmentation (declaring a process.browser field) was removed
• slight changes to how files are assigned to which tsconfig.json (#​1234, #​2463)
• slight changes to how Svelte module resolution works; .svelte files now take precedence over .svelte.js/ts files (if both exist) (#​2481)
• language-server now forces fewer TypeScript options. Most notably skipLibCheck is no longer forced to true, which may result in d.ts files now being checked in your project, which they were not before, revealing type errors. Either fix those or add "skipLibCheck": true to your tsconfig.json (#​1976, #​2463)

sveltejs/svelte-preprocess (svelte-preprocess)

v6.0.3

Compare Source

Bug Fixes

• add pug mixins to support svelte-5 syntax (#​654) (9d49f3d)
• ignore sass deprecation warning (#​657) (9b54325), closes #​656

v6.0.2

Compare Source

Bug Fixes

• remove customConditions tsconfig option (#​648) (afb80ae), closes #​646

v6.0.1

Compare Source

Bug Fixes

• deprecate default export in favor of named export (#​641) (a43de10), closes #​591

v6.0.0

Compare Source

BREAKING CHANGES

• remove TS mixed imports support, require TS 5.0 or higher
• remove preserve option as it's unnecessary
• require Svelte 4+, Node 18+
• add exports map

Bug Fixes

• adjust globalifySelector to not split selectors with parentheses. (#​632) (c435ebd), closes #​501
• fix: allow TS filename to be undefined, fixes #​488
• fix: adjust Svelte compiler type import
• fix: remove pug types and magic-string from dependencies
• chore: bump peer deps, fixes #​553

5.1.4 (2024-04-16)

Bug Fixes

• remove pnpm version restriction (#​629) (2713b82)

5.1.3 (2023-12-18)

Bug Fixes

• sass dependency list referencing source file in win32 (#​621) (209312f)

5.1.2 (2023-12-12)

• chore: mark postcss-load-config 5 as supported (3b5b1f0)

5.1.1 (2023-11-21)

Bug Fixes

• force module(resolution) (66d3cf9)

tailwindlabs/tailwindcss (tailwindcss)

v4.2.1

Compare Source

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#​19696)
• Properly detect classes containing . characters within curly braces in MDX files (#​19711)

v4.2.0

Compare Source

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#​19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#​19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#​19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#​19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#​19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#​19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#​19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#​19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#​19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#​19613)
• Add font-features-* utility for font-feature-settings (#​19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#​19450)
• Allow whitespace around @source inline() argument (#​19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#​19447)
• Detect utilities containing capital letters followed by numbers (#​19465)
• Fix class extraction for Rails' strict locals (#​19525)
• Align @utility name validation with Oxide scanner rules (#​19524)
• Fix infinite loop when using @variant inside @custom-variant (#​19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#​19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#​19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#​19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#​19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#​19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#​19675)
• Add .jj to default ignored content directories (#​19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#​19613)

v4.1.18

Compare Source

Fixed

• Ensure validation of source(…) happens relative to the file it is in (#​19274)
• Include filename and line numbers in CSS parse errors (#​19282)
• Skip comments in Ruby files when checking for class names (#​19243)
• Skip over arbitrary property utilities with a top-level ! in the value (#​19243)
• Support environment API in @tailwindcss/vite (#​18970)
• Preserve case of th

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Walkthrough

This PR upgrades dependencies in the UI package. The OpenAI dependency is bumped from 5.23.2 to 6.5.0 in both the import map and package.json. Additional devDependencies are also updated: svelte-check, svelte-preprocess, and tailwindcss to newer minor and patch versions.

Changes

Cohort / File(s)	Summary
UI package dependency updates packages/ui/import_map.json, packages/ui/package.json	Upgraded openai from 5.23.2 to 6.5.0; upgraded svelte-check from ^3.8.6 to ^4.3.3; upgraded svelte-preprocess from ^5.1.4 to ^6.0.3; upgraded tailwindcss from ^3.4.18 to ^4.1.14

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Renovate update import and package #674: Adds Renovate rules to ensure coordinated updates between import_map.json and packages/ui/package.json for dependency consistency.

Suggested reviewers

• ericglau
• collins-w

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "Update ui deps sync (major)" is directly related to the changeset, which consists of major version updates to four UI package dependencies (openai, svelte-check, svelte-preprocess, and tailwindcss). The title clearly conveys the primary change—updating UI dependencies to major versions—and would allow a teammate scanning the commit history to quickly understand the PR's purpose. While the term "sync" is somewhat informal compared to "update," the "(major)" notation effectively emphasizes the significant nature of these version bumps.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Description check	✅ Passed	The PR description clearly details dependency updates including version changes and comprehensive release notes for each package.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/major-ui-deps-sync

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/ui/package.json (1)

15-45: Critical: Tailwind v4 migration incomplete—build will fail due to missing configuration updates.

The upgrade to Tailwind v4 requires configuration and CSS syntax changes that are not present in this PR:

1. Missing required dependency: @tailwindcss/postcss not in package.json. Tailwind v4 moved the PostCSS plugin to a separate package; your postcss.config.js requires 'tailwindcss' which no longer exists as a plugin.

2. Outdated CSS directives:

   • packages/ui/src/common/styles/global.css: Change @tailwind utilities; to @import "tailwindcss";
   • packages/ui/src/common/styles/standalone.css: Likely needs same update

3. Incompatible preprocessor config: packages/ui/svelte.config.js has postcss: true which will fail when PostCSS can't load the tailwindcss plugin.

Required changes before merge:

• Add "@tailwindcss/postcss": "next" to devDependencies (or use CSS-first approach by removing postcss config entirely)
• Update all CSS files from @tailwind directives to @import "tailwindcss"
• Run npm run build and npm run validate to verify the build succeeds
• Confirm svelte-check passes with Svelte v3.55.0 + svelte-check v4.3.3

The OpenAI SDK upgrade (v5.23.2→6.5.0) appears compatible with your usage patterns.

🧹 Nitpick comments (1)

packages/ui/package.json (1)

29-29: Consider using a caret range for OpenAI to allow patch/minor updates.

The version is pinned to an exact semver (6.5.0) rather than using a caret range (^6.5.0). While pinning prevents accidental upgrades, it also blocks security patches and minor updates. Most projects use caret ranges for npm dependencies to balance safety and flexibility. If exact pinning is intentional, please document the rationale.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8073313 and 9c27729.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• packages/ui/import_map.json (1 hunks)
• packages/ui/package.json (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: boostsecurity - boostsecurityio/semgrep-pro
• GitHub Check: check
• GitHub Check: build (cairo, default)
• GitHub Check: build (solidity, default)
• GitHub Check: build (stellar, default)
• GitHub Check: build (stellar, compile)
• GitHub Check: build (stylus, default)
• GitHub Check: format-lint
• GitHub Check: mcp
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (2)

packages/ui/import_map.json (1)

4-4: Verify OpenAI SDK v6 compatibility—significant API migration required.

The OpenAI SDK v6 migrated from node-fetch to builtin fetch, which represents a breaking change. Before merging, you must verify that:

1. All application code consuming the OpenAI SDK has been updated to work with v6's API (e.g., method signatures, response shapes)
2. The application builds successfully with the new version
3. Existing tests pass with v6

Since the PR context shows no code changes related to OpenAI usage, there's a risk that dependent code is incompatible with v6.

packages/ui/package.json (1)

39-40: Verify Svelte ecosystem upgrade—ensure build tools meet minimum requirements.

Svelte 4 is mainly a maintenance release that increases the minimum version requirements, with Node.js 16 now the minimum version and TypeScript 5+ recommended. The package.json shows TypeScript ^5.9.3 (line 44), which satisfies requirements.

However, verify that:

1. The application builds successfully with svelte-check ^4.3.3
2. If using SvelteKit, it's version 1.20.4 or newer (check if applicable)
3. The validate script at line 12 (svelte-check) runs without errors

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

⚠️ Tailwind CSS v4 requires significant configuration and CSS file updates—verify migration is complete.

Tailwind CSS v4.0 is a major version with necessary updates required from v3 to v4. This update introduces breaking changes that are NOT evident in this PR:

1. CSS imports: In v4 you import Tailwind using a regular CSS @import statement, not using the @tailwind directives
2. Preprocessor incompatibility: Tailwind CSS v4.0 is not designed to be used with CSS preprocessors like Sass, Less, or Stylus, and it is not possible to use Sass for <style> blocks in Svelte
3. Browser support: Tailwind CSS v4.0 is designed for Safari 16.4+, Chrome 111+, and Firefox 128+. If you need to support older browsers, stick with v3.4
4. Configuration: CSS-first config replaces JavaScript-based tailwind.config.js

The PR shows no corresponding updates to CSS files, Tailwind config, or SCSS/Sass removal. The upgrade tool will handle most of these changes automatically, but there's no evidence it was used. Without these changes, the build will likely fail or styles will break.

Verify the following before merging:

• All CSS files have been updated to use @import "tailwindcss" instead of @tailwind directives
• tailwind.config.js has been updated to CSS-first format (or removed if no custom config needed)
• Any SCSS/Sass files have been converted to plain CSS or removed
• The build completes successfully and styles render correctly

Run the following verification script:

---

🏁 Script executed:

#!/bin/bash
# Find and list Tailwind-related config and CSS files

echo "=== Tailwind Config Files ==="
find . -name "tailwind.config.*" -o -name "tailwind.css" -o -name "global.css" | grep -v node_modules

echo ""
echo "=== SCSS/Sass Files (may be incompatible with Tailwind v4) ==="
find . -name "*.scss" -o -name "*.sass" | grep -v node_modules | head -20

echo ""
echo "=== CSS Files Mentioning @tailwind ==="
rg -t css "@tailwind" --no-heading

echo ""
echo "=== SVG/Vue/Svelte Files with Style Blocks Using @tailwind ==="
rg -t svelte -A2 "<style" | grep -A2 "@tailwind"

Length of output: 418

---

CSS files must be updated to use Tailwind v4 syntax—@tailwind directives are no longer supported.

In v4 you import Tailwind using a regular CSS @import statement, not using the @tailwind directives you used in v3. The PR updates tailwindcss to v4.1.14 but contains two CSS files that still use the deprecated v3 syntax:

• packages/ui/src/standalone.css:@tailwind utilities;
• packages/ui/src/common/styles/global.css:@tailwind utilities;

These files must be updated before this PR can be merged. Change @tailwind utilities; to @import "tailwindcss"; in both files.

Additional items to verify:

• If tailwind.config.js contains custom configuration, it must be explicitly loaded with @config "../../tailwind.config.js"; at the top of your CSS file (or migrated to CSS-first format using @theme)
• Ensure tailwind.config.js is no longer auto-detected in v4 and add the @config directive if needed
• If any .svelte, .vue, or other component files use <style> blocks with Tailwind, verify they reference the updated CSS or use the new v4 syntax

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​fhevm/​solidity@​0.9.1
	@​fhevm/​hardhat-plugin@​0.3.0-1

View full report