feat: upgrade app runtime dependencies

[kentcdodds]

Summary

• merge the branch onto the latest main, including the recently merged dependency PRs for:
  • NX/workspace tooling
  • MCP/auth
  • app platform
  • Sentry
• keep the branch scoped to the assigned runtime dependency group only:
  • @mux/mux-player-react ^3.11.4 -> ^3.12.0
  • media-chrome ^4.17.2 -> ^4.19.0
  • @pierre/diffs ^1.0.11 -> ^1.1.19
  • partysocket ^1.1.13 -> ^1.1.18
  • satori ^0.19.2 -> ^0.26.0
• preserve the newer main baseline changes in packages/workshop-app/package.json, including the tooling, MCP/auth, app-platform, and Sentry dependency updates
• keep the resulting branch diff limited to the scoped workshop-app dependency bumps plus the matching lockfile updates:
  • packages/workshop-app/package.json
  • package-lock.json
  • example/epicshop/package-lock.json

Test Plan

• npm install
• npm run validate
• npm test (via the repo pre-push hook after pushing)

Conflict Review

Simple conflicts fixed

• latest main merge overlap in generated lockfiles and package manifests
• package-lock.json textual merge conflict resolved by taking latest main as baseline and regenerating with npm install

Complicated issue reported

• verified a separate Vite lockfile inconsistency remains in the latest merged dependency baseline:
  • packages/workshop-app/package.json requires vite: "8.0.10"
  • root package.json overrides vite to 8.0.10
  • a clean npm ci --ignore-scripts on the merged tree still installs root node_modules/vite@7.3.1
  • npm ls vite --all reports the install as invalid from the workspace root
• this is not a plain merge-marker conflict; it appears to be a broader app-platform dependency-resolution issue and likely requires widening scope beyond this assigned runtime-dependency PR

Notes

• I merged origin/main instead of rebasing so the branch could be updated without a force-push.
• I did not widen this PR to solve the Vite inconsistency because that appears to belong to the app-platform/tooling baseline rather than this assigned runtime dependency group.

  

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 3b69f45

Command	Status	Duration	Result
nx run-many --target typecheck	✅ Succeeded	19s	View ↗
nx run-many --target build	✅ Succeeded	52s	View ↗
nx lint	✅ Succeeded	34s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-04-28 19:16:51 UTC

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 63095d1. Configure here.}

[cursor]

Lockfile missing nested vite@8.0.10 for workshop-app workspace

Medium Severity

The diff removes the packages/workshop-app/node_modules/vite lockfile entry (previously at version 8.0.10) without a corresponding update to the root node_modules/vite (which remains at 7.3.1). The workshop-app's package.json requires exactly "vite": "8.0.10", and the root package.json has an override for "vite": "8.0.10", but the lockfile now has no resolution that satisfies this. Vite 8.x (uses rolldown) and 7.x (uses rollup) are fundamentally different. Running npm ci with this lockfile will either fail due to the inconsistency or resolve to the wrong major version.

 

^{Reviewed by Cursor Bugbot for commit 63095d1. Configure here.}