meta: pinning dependencies based on guidelines

[ovflowd]

This PR pins dependencies to ranges based on our dependency pinning guidelines, it also updates rolldown, @node-core/ui-components and preact to latest sub-versions of their RCs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
api-docs-tooling	Ready	Preview	Feb 19, 2026 4:06pm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.62%. Comparing base (32a824c) to head (e66b14f).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #613   +/-   ##
=======================================
  Coverage   78.62%   78.62%           
=======================================
  Files         128      128           
  Lines       12461    12461           
  Branches      902      902           
=======================================
  Hits         9798     9798           
  Misses       2658     2658           
  Partials        5        5           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[MattIPv4]

I realise this is our policy currently, but I really do not see any value in this when we have a lockfile, and Dependabot will ignore this pinning anyway.

[github-actions]

orama-db Generator

File	Base	Head	Diff
orama-db.json	8.03 MB	8.03 MB	-1.78 KB (-0.02%)

web Generator

File	Base	Head	Diff
addons.html	259.25 KB	259.07 KB	-194.00 B (-0.07%)
assert.html	321.30 KB	321.11 KB	-194.00 B (-0.06%)
async_context.html	158.79 KB	158.60 KB	-194.00 B (-0.12%)
async_hooks.html	155.61 KB	155.42 KB	-194.00 B (-0.12%)
buffer.html	855.53 KB	855.34 KB	-194.00 B (-0.02%)
child_process.html	363.11 KB	362.92 KB	-194.00 B (-0.05%)
cli.html	502.93 KB	502.74 KB	-194.00 B (-0.04%)
cluster.html	192.01 KB	191.82 KB	-194.00 B (-0.10%)
console.html	141.77 KB	141.58 KB	-194.00 B (-0.13%)
crypto.html	987.57 KB	987.38 KB	-194.00 B (-0.02%)
debugger.html	54.07 KB	53.88 KB	-194.00 B (-0.35%)
deprecations.html	509.91 KB	509.72 KB	-194.00 B (-0.04%)
dgram.html	186.67 KB	186.48 KB	-194.00 B (-0.10%)
diagnostics_channel.html	219.47 KB	219.28 KB	-194.00 B (-0.09%)
dns.html	285.63 KB	285.44 KB	-194.00 B (-0.07%)
documentation.html	38.07 KB	37.88 KB	-194.00 B (-0.50%)
domain.html	102.11 KB	101.92 KB	-194.00 B (-0.19%)
embedding.html	58.88 KB	58.69 KB	-194.00 B (-0.32%)
environment_variables.html	44.02 KB	43.83 KB	-194.00 B (-0.43%)
errors.html	465.94 KB	465.75 KB	-194.00 B (-0.04%)
esm.html	152.69 KB	152.50 KB	-194.00 B (-0.12%)
events.html	438.26 KB	438.07 KB	-194.00 B (-0.04%)
fs.html	1.29 MB	1.29 MB	-194.00 B (-0.01%)
globals.html	233.02 KB	232.83 KB	-194.00 B (-0.08%)
http.html	712.70 KB	712.51 KB	-194.00 B (-0.03%)
http2.html	740.69 KB	740.50 KB	-194.00 B (-0.03%)
https.html	145.76 KB	145.57 KB	-194.00 B (-0.13%)
index.html	35.67 KB	35.48 KB	-194.00 B (-0.53%)
inspector.html	167.79 KB	167.60 KB	-194.00 B (-0.11%)
intl.html	57.62 KB	57.43 KB	-194.00 B (-0.33%)
module.html	310.90 KB	310.71 KB	-194.00 B (-0.06%)
modules.html	177.98 KB	177.79 KB	-194.00 B (-0.11%)
n-api.html	814.52 KB	814.33 KB	-194.00 B (-0.02%)
net.html	357.47 KB	357.28 KB	-194.00 B (-0.05%)
os.html	132.04 KB	131.85 KB	-194.00 B (-0.14%)
packages.html	155.45 KB	155.26 KB	-194.00 B (-0.12%)
path.html	134.30 KB	134.11 KB	-194.00 B (-0.14%)
perf_hooks.html	373.03 KB	372.84 KB	-194.00 B (-0.05%)
permissions.html	54.77 KB	54.58 KB	-194.00 B (-0.35%)
process.html	656.14 KB	655.95 KB	-194.00 B (-0.03%)
punycode.html	62.82 KB	62.63 KB	-194.00 B (-0.30%)
querystring.html	62.28 KB	62.09 KB	-194.00 B (-0.30%)
quic.html	368.40 KB	368.21 KB	-194.00 B (-0.05%)
readline.html	240.92 KB	240.73 KB	-194.00 B (-0.08%)
repl.html	176.85 KB	176.66 KB	-194.00 B (-0.11%)
report.html	173.68 KB	173.49 KB	-194.00 B (-0.11%)
single-executable-applications.html	101.24 KB	101.05 KB	-194.00 B (-0.19%)
sqlite.html	240.10 KB	239.91 KB	-194.00 B (-0.08%)
stream.html	820.30 KB	820.11 KB	-194.00 B (-0.02%)
string_decoder.html	54.29 KB	54.10 KB	-194.00 B (-0.35%)
synopsis.html	42.57 KB	42.38 KB	-194.00 B (-0.45%)
test.html	684.13 KB	683.94 KB	-194.00 B (-0.03%)
timers.html	127.13 KB	126.94 KB	-194.00 B (-0.15%)
tls.html	353.23 KB	353.04 KB	-194.00 B (-0.05%)
tracing.html	83.44 KB	83.25 KB	-194.00 B (-0.23%)
tty.html	90.61 KB	90.42 KB	-194.00 B (-0.21%)
typescript.html	53.67 KB	53.48 KB	-194.00 B (-0.35%)
url.html	333.93 KB	333.74 KB	-194.00 B (-0.06%)
util.html	655.29 KB	655.10 KB	-194.00 B (-0.03%)
v8.html	305.93 KB	305.75 KB	-194.00 B (-0.06%)
vm.html	331.32 KB	331.13 KB	-194.00 B (-0.06%)
wasi.html	67.97 KB	67.79 KB	-194.00 B (-0.28%)
webcrypto.html	528.45 KB	528.26 KB	-194.00 B (-0.04%)
webstreams.html	343.87 KB	343.68 KB	-194.00 B (-0.06%)
worker_threads.html	355.64 KB	355.46 KB	-194.00 B (-0.05%)
zlib.html	279.95 KB	279.76 KB	-194.00 B (-0.07%)
styles.css	128.14 KB	128.21 KB	+67.00 B (+0.05%)

[Copilot]

Pull request overview

This PR updates the dependency pinning strategy from exact version pinning to a mixed approach using tilde ranges (~) for production dependencies and type definitions, and exact versions for development tools. It also updates several packages including rolldown (from rc.2 to rc.5), @node-core/rehype-shiki (from 1.4.0 to 1.4.1), and attempts to update preact to beta.1.

Changes:

• Changed dependency version ranges from ^ (caret) to ~ (tilde) for most dependencies and exact versions for dev tools
• Updated rolldown from 1.0.0-rc.2 to 1.0.0-rc.5
• Updated @node-core/rehype-shiki from 1.4.0 to 1.4.1

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 4 comments.

File	Description
package.json	Updated dependency pinning strategy from caret/exact to tilde/exact; updated rolldown, @node-core/rehype-shiki, and attempted preact update
npm-shrinkwrap.json	Lockfile updated to reflect new version ranges and updated package versions, but contains critical errors with peer dependency flags

Files not reviewed (1)

• npm-shrinkwrap.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ovflowd]

I realise this is our policy currently, but I really do not see any value in this when we have a lockfile, and Dependabot will ignore this pinning anyway.

Yes, Dependabot will update, and that's fine. The policy is more about ranges, local installations, if lockfile gets corrupted and many other reasons. Look, there are real reasons, real history behind this. I'd appreciate if you could research on that :)

[araujogui]

LGTM but something went wrong https://github.com/nodejs/doc-kit/actions/runs/22147151515/job/64027578100?pr=613

[ovflowd]

cc @araujogui