chore(deps): upgrade polar

[mezotv]

Summary by CodeRabbit

• Chores
  • Updated CMS dependencies to newer releases for improved stability and compatibility.
  • Enabled stricter type-checking across the CMS to catch issues earlier.
  • Switched the CMS authentication runtime to a smaller, minimal build to reduce bundle size and surface impact.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
marble-api	Error			Dec 9, 2025 4:39pm
marble-app	Error			Dec 9, 2025 4:39pm
marble-web	Ready	Preview	Comment	Dec 9, 2025 4:39pm

[coderabbitai]

Walkthrough

Bumped three dependencies in apps/cms/package.json, enabled strict type-checking by adding "strict": true to apps/cms/tsconfig.json, and changed the Better-Auth import to the minimal runtime in apps/cms/src/lib/auth/auth.ts.

Changes

Cohort / File(s)	Summary
Dependency Version Updates apps/cms/package.json	Bumped @polar-sh/better-auth ^1.1.0 → ^1.6.0, @polar-sh/sdk ^0.41.1 → ^0.41.5, and better-auth 1.3.34 → 1.4.6.
TypeScript Configuration apps/cms/tsconfig.json	Added "strict": true to compilerOptions.
Auth import change apps/cms/src/lib/auth/auth.ts	Switched Better-Auth import from "better-auth" to "better-auth/minimal"; usage unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Check for new strict-mode type errors across apps/cms.
• Verify compatibility for bumped packages and update lockfile.
• Inspect auth.ts to ensure minimal runtime import covers required features.

Possibly related PRs

• update better-auth and polar packages #70 — Also updates apps/cms/package.json dependency entries for @polar-sh/better-auth, @polar-sh/sdk, and better-auth.

Poem

🐰 I hopped through package lanes today,

Swapped imports light and tightened the fray,
Dependencies nudged and types set to true,
A nimble little runtime — that's what I do,
🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is completely missing. No description, motivation, testing instructions, or change type selection was provided by the author.	Add a comprehensive description following the template, including: what changes were made (dependency updates and tsconfig), why these changes are needed, testing instructions, and mark the appropriate change type checkbox.
Title check	❓ Inconclusive	The title 'chore(deps): upgrade polar' is vague and does not clearly describe the specific changes. While it mentions upgrading dependencies, it doesn't indicate what was actually changed (version updates, tsconfig additions, import modifications).	Make the title more specific to capture the main changes, such as 'chore(deps): upgrade polar packages and enable strict TypeScript checking' to better convey what was modified.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/upgrade-polar

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	marble-api	6fd476b	Dec 09 2025, 03:22 PM

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe35bb5 and 2c094a7.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• apps/cms/package.json (2 hunks)

🔇 Additional comments (1)

apps/cms/package.json (1)

52-52: Confirm intent of pinned better-auth version.

The better-auth dependency is pinned to 1.4.0 (without a caret ^), unlike other dependencies. This is more restrictive and prevents automatic patch/minor updates. Confirm whether this intentional pinning is necessary or if it should use ^1.4.0 for consistency and to receive security patches.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6fd476b and adcbbea.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• apps/cms/package.json (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-20T06:18:34.131Z

Learnt from: brandonmcconnell
Repo: usemarble/marble PR: 113
File: apps/cms/src/components/nav/page-header.tsx:0-0
Timestamp: 2025-08-20T06:18:34.131Z
Learning: When verifying Tailwind CSS syntax changes during upgrades, especially in large PRs, search more comprehensively across the entire codebase including packages/ directories, not just immediate files, as shared UI components may define group contexts and data attributes used across multiple applications.

Applied to files:

• apps/cms/package.json

🔇 Additional comments (1)

apps/cms/package.json (1)

27-27: Version is current and valid.

@polar-sh/sdk v0.41.5 is the latest version. ✓

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

@polar-sh/better-auth version 1.6.0 does not exist—use 1.5.0 instead.

The latest published version of @polar-sh/better-auth is 1.5.0, not 1.6.0. This will cause npm install to fail with a version resolution error. Correct this to "^1.5.0".

🤖 Prompt for AI Agents

In apps/cms/package.json around line 26, the dependency "@polar-sh/better-auth":
"^1.6.0" references a non-existent version; change it to "^1.5.0" in the
dependencies block, save the file, and then run npm install (and update the
lockfile/commit the updated package-lock.json or yarn.lock) so the project can
resolve the correct published version.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/cms/src/lib/auth/auth.ts (1)

231-231: Replace console.error with the project’s logger

There’s a direct console.error call in the error path for sending welcome emails; this conflicts with the shared TS/JS guideline to avoid console in application code. Consider routing this through your centralized logging/observability mechanism instead (e.g. logger.error or similar), so logs are structured and consistently captured.

As per coding guidelines, avoid console usage in TypeScript/JavaScript files.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cca2e0f and 92c32f3.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• apps/cms/package.json (2 hunks)
• apps/cms/src/lib/auth/auth.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/cms/package.json

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{ts,tsx,js,jsx}: Don't use accessKey attribute on any HTML element
Don't set aria-hidden="true" on focusable elements
Don't add ARIA roles, states, and properties to elements that don't support them
Don't use distracting elements like <marquee> or <blink>
Only use the scope prop on <th> elements
Don't assign non-interactive ARIA roles to interactive HTML elements
Make sure label elements have text content and are associated with an input
Don't assign interactive ARIA roles to non-interactive HTML elements
Don't assign tabIndex to non-interactive HTML elements
Don't use positive integers for tabIndex property
Don't include "image", "picture", or "photo" in img alt prop
Don't use explicit role property that's the same as the implicit/default role
Make static elements with click handlers use a valid role attribute
Always include a title element for SVG elements
Give all elements requiring alt text meaningful information for screen readers
Make sure anchors have content that's accessible to screen readers
Assign tabIndex to non-interactive HTML elements with aria-activedescendant
Include all required ARIA attributes for elements with ARIA roles
Make sure ARIA properties are valid for the element's supported roles
Always include a type attribute for button elements
Make elements with interactive roles and handlers focusable
Give heading elements content that's accessible to screen readers (not hidden with aria-hidden)
Always include a lang attribute on the html element
Always include a title attribute for iframe elements
Accompany onClick with at least one of: onKeyUp, onKeyDown, or onKeyPress
Accompany onMouseOver/onMouseOut with onFocus/onBlur
Include caption tracks for audio and video elements
Use semantic elements instead of role attributes in JSX
Make sure all anchors are valid and navigable
Ensure all ARIA properties (aria-*) are valid
Use valid, non-abstract ARIA roles for elements with ARIA roles
Use valid AR...

Files:

• apps/cms/src/lib/auth/auth.ts

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
Repo: usemarble/marble PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-24T22:28:24.947Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `node:assert/strict` over `node:assert`

Learnt from: CR
Repo: usemarble/marble PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-24T22:28:24.947Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Make sure all dependencies are correctly specified in React hooks

Learnt from: CR
Repo: usemarble/marble PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-24T22:28:24.947Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Ensure maximum type safety through strict configuration

Learnt from: CR
Repo: usemarble/marble PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-24T22:28:24.947Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Enforce strict type safety using Ultracite's linter and formatter

🔇 Additional comments (1)

apps/cms/src/lib/auth/auth.ts (1)

12-12: Import from better-auth/minimal is safe

The switch to better-auth/minimal is verified as safe. The codebase has three remaining imports from "better-auth", but all are type-only imports (import type { User }), which don't affect runtime bundle size or tree-shaking. No runtime imports from the non-minimal entrypoint remain.