chore: fixes dependabot warnings about packages

[pandeymangg]

Overrides certain packages using pnpm to fix dependabot security issues:

  "pnpm": {
    "overrides": {
      "glob": ">=11.1.0",
      "node-forge": ">=1.3.2",
      "js-yaml": ">=4.1.1"
    }
  }

Also updates some other package versions like expo, react and react-native

[coderabbitai]

Walkthrough

This pull request updates dependency versions across multiple package.json files, extends pnpm overrides with additional package entries, and updates dev tooling versions. The exported Vite config function return type was changed from UserConfig to ViteUserConfig. Several tests were refactored to replace arrow-function mock implementations with traditional function implementations. No exported or public API declarations were altered.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: addressing dependabot security warnings through package overrides and version updates.
Description check	✅ Passed	The description is directly related to the changeset, explaining the pnpm overrides added to fix security issues and mentioning other package version updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 27b2fb9 and 72bc636.

📒 Files selected for processing (2)

• packages/react-native/src/lib/environment/tests/state.test.ts (7 hunks)
• packages/react-native/src/lib/user/tests/update.test.ts (7 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

packages/react-native/src/lib/environment/tests/state.test.ts (1)

packages/react-native/src/lib/common/api.ts (1)

• ApiClient (58-110)

🔇 Additional comments (2)

packages/react-native/src/lib/user/tests/update.test.ts (1)

36-38: Question the necessity of this refactoring in a dependency update PR.

Similar to the state.test.ts file, all mock implementations were changed from arrow functions to traditional function syntax. These changes appear unrelated to fixing Dependabot warnings and add noise to the PR.

Refer to the verification request in state.test.ts regarding vitest 4.0.15 compatibility.

Also applies to: 59-61, 84-95, 118-124, 170-172, 191-195

packages/react-native/src/lib/environment/tests/state.test.ts (1)

25-27: This refactoring is necessary for vitest 4.0.15 compatibility.

Vitest 4 introduced a breaking change: arrow functions cannot be used in mockImplementation for mocks that act as constructors. ApiClient is instantiated with the new keyword in production code and tests, which requires plain function syntax in mock implementations. Using arrow functions would throw the error: "<anonymous> is not a constructor". This is not a discretionary refactoring but a mandatory fix for the vitest upgrade.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 72bc636 and dc3bd3f.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• packages/react-native/package.json (1 hunks)
• packages/react-native/src/lib/user/tests/update.test.ts (7 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

packages/react-native/src/lib/user/tests/update.test.ts (5)

packages/react-native/src/lib/common/api.ts (1)

• ApiClient (58-110)

packages/react-native/src/lib/user/tests/__mocks__/update.mock.ts (2)

• mockUserId (1-1)
• mockAttributes (4-7)

packages/react-native/src/lib/user/tests/__mocks__/update-queue.mock.ts (1)

• mockAttributes (3-6)

packages/react-native/src/types/config.ts (1)

• TUpdates (109-112)

packages/react-native/src/lib/user/update.ts (1)

• sendUpdates (68-127)

🔇 Additional comments (3)

packages/react-native/src/lib/user/tests/update.test.ts (2)

36-38: ApiClient mocks now consistently return createOrUpdateUser and are aligned across tests

Using function () { … } for all mockImplementation calls while always returning an object with createOrUpdateUser keeps the mocked constructor consistent with the real ApiClient API and avoids the earlier name mismatch; behavior of the tests is preserved.

Also applies to: 59-61, 84-95, 118-124, 170-172, 191-195, 208-214

---

71-74: Assertions correctly validate success payload and wrapped error message

The success test checks the unwrapped state.data structure, and the network‑error test asserts the higher‑level "Error updating user with userId user_123" message rather than the raw transport error, which matches the intended behavior of sendUpdatesToBackend.

Also applies to: 106-108

packages/react-native/package.json (1)

48-56: Dev tooling and React/React Native version bumps look coherent; please re‑verify tests and build

The updated devDependencies form a consistent toolchain (React 19.1.x, RN 0.81.x, Vite/Vitest 7.x/4.x, terser 5.44.x). No issues stand out in the manifest itself; just make sure the workspace compiles and all tests still pass with these versions.