Dependencies upgrade

[kentcdodds]

Upgrade dependencies across the workspace and example projects to their latest feasible versions.

This update brings the Nx stack, chromium-bidi (major bump), @modelcontextprotocol/inspector, and many other patch/minor dependencies up to date. eslint was intentionally left at 9.39.2 due to peer dependency constraints with @nx/eslint.

---

 

---

Note

Low Risk
Version-only dependency and lockfile updates with no application logic changes; main risk is upstream behavioral changes in updated packages.

Overview
Updates dependency versions across the example workspace and example/epicshop, primarily as patch/minor bumps (e.g., @epic-web/config, p-limit, @conform-to/*, @sentry/vite-plugin, dotenv, esbuild, framer-motion, msw, openid-client, ora, and TypeScript/React/Node type packages).

Lockfiles are refreshed accordingly, including metadata tweaks where several transitive packages are now marked as peer in example/package-lock.json.

^{Written by Cursor Bugbot for commit ef1b6fc. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit ef1b6fc

Command	Status	Duration	Result
nx run-many --target typecheck	✅ Succeeded	18s	View ↗
nx run-many --target build	✅ Succeeded	<1s	View ↗
nx lint	✅ Succeeded	46s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-12 20:55:28 UTC

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is ON. A Cloud Agent has been kicked off to fix the reported issue.}

[cursor]

Lockfile incorrectly marks direct dependencies as peer-only

Low Severity

The lockfile adds "peer": true to prettier, acorn, @typescript-eslint/parser, and unrs-resolver, but all four are reachable through non-peer dependency paths. Most notably, prettier is a direct devDependency in example/package.json and used by the format script. Per npm's lockfile v3 spec, "peer" must be false for packages that are a transitive dependency of a non-peer dependency. This corrupted lockfile means npm ci --omit=peer would incorrectly skip these packages. Regenerating the lockfile with a clean npm install would likely fix this.

Additional Locations (2)

• example/package-lock.json#L1128-L1129
• example/package-lock.json#L1638-L1639

 

[cursor]

⚠️ Bugbot Autofix determined this is a false positive.

The lockfile has no "peer": true markers for the referenced packages, so the reported corruption is not present.