Update test dependencies with security vulnerabilites

[RawToast]

Summary by CodeRabbit

• Chores
  • Updated development dependencies and project tooling to latest versions for improved stability and performance.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates dependencies in two package.json files: turbo from 2.8.20 to 2.9.16 in the root, and bumps @effect/platform, @effect/platform-node, axios, and effect to newer versions in packages/examples.

Changes

Dependency Updates

Layer / File(s)	Summary
Dependency version updates package.json, packages/examples/package.json	Turbo build tool dev dependency upgraded from 2.8.20 to 2.9.16 in root package.json. Effect platform, axios, and effect libraries updated to newer versions in examples package.json.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• RawToast/zenko#66: Both PRs update turbo and dependency versions in the same package.json files.
• RawToast/zenko#70: Both PRs update root package.json turbo version and examples package.json effect-related dependencies.
• RawToast/zenko#76: Both PRs update the axios dependency in packages/examples/package.json.

Poem

🐰 A turbo hops to 2.9 with glee,
Effect and axios dance so free,
Dependencies spring like clover,
Zenko's gardens bloom anew! 🌱

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title mentions updating 'test dependencies with security vulnerabilities,' but the changeset updates the main turbo dependency and example package dependencies without clear evidence that these are test-only dependencies or that security vulnerabilities are the primary motivation.	Clarify whether these are test-specific dependencies and provide more context about which security vulnerabilities are being addressed to make the title more accurate and specific.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch security-warnings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.31%. Comparing base (48c0a29) to head (5a6a81e).

Additional details and impacted files

@@           Coverage Diff           @@
##           master      #79   +/-   ##
=======================================
  Coverage   97.31%   97.31%           
=======================================
  Files          20       20           
  Lines        3130     3130           
=======================================
  Hits         3046     3046           
  Misses         84       84           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 26: CI currently installs turbo globally and invokes "turbo run
build"/"turbo run coverage", which can bypass the repo's pinned
devDependencies.turbo; update the workflow so it uses the repository-local turbo
version instead of "bun install -g turbo" — e.g., remove the global install and
invoke the local binary via bunx (bunx turbo) or npx/pnpm/bun run equivalent, or
call node_modules/.bin/turbo, so the pipeline uses the pinned "turbo"
devDependency version (the devDependencies.turbo entry) for all turbo runs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8caed424-935e-405c-a863-c78e210ac0d9

📥 Commits

Reviewing files that changed from the base of the PR and between 48c0a29 and 5a6a81e.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• package.json
• packages/examples/package.json