chore(deps): consolidate safe dependency upgrades

[du2333]

Summary

Consolidates the safe Dependabot upgrade groups into one verified branch:

• Drizzle group: 119958f
• React group: def3cc5
• TanStack group: d580702
• UI group: 91cd560
• Cloudflare group: ea3b060
• Dex task state: 1b5c4d3

Supersedes Dependabot PRs #25, #106, #71, #48, and #95.

Protected Behaviors

• Published Post persistence and Public Content Snapshot behavior
• Theme Contract compatibility across default/fuwari UI surfaces
• MCP Server and OAuth Client/OAuth Scope administration paths
• Import/Export Task, Notification Event, Public Cache, and Traffic Metrics behavior
• Cloudflare Workers-only runtime, Workflows, Queues, D1, and Vitest Workers pool behavior

Verification

• bun typecheck
• bun run test:node: 6 files, 122 tests
• bun run test: 8 files, 175 tests
• bun run build
• git status --short --branch: clean except tracked dex state before this PR commit

Notes

The original Dependabot PRs are represented by this consolidated branch. If GitHub/Dependabot does not close them automatically after merge, they should be closed manually as superseded.

Summary by CodeRabbit

发布说明

• UI改进

  • 更新了社交平台链接中GitHub和X图标的视觉表现

• 依赖更新

  • 升级React、TanStack Router等核心框架和工具库至更新版本

• 路由优化

  • 调整网站路由结构以增强URL一致性

• 文档

  • 新增架构决策文档与项目术语说明，明确技术方向

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

变更概览

该 PR 实现了 Dependabot 依赖升级工作流的完整集成：升级 React、TanStack、Cloudflare 等核心依赖，迁移 Vitest 测试框架配置，重构品牌图标组件实现，更新配置服务调用方式，调整路由类型定义，并补充项目文档和任务追踪记录。

变更详情

Dependabot 依赖升级与项目调适

层 / 文件	摘要
依赖版本升级 package.json	升级 dependencies 中的 @tanstack/react-query、@tanstack/react-router、@tanstack/react-start、lucide-react、react/react-dom、tailwindcss 等，以及 devDependencies 中的 vitest (从 ~3.2.0 升至 ^4.1.0)、@cloudflare/vitest-pool-workers、wrangler 等核心工具链。
Vitest 框架与测试环境迁移 vitest.config.ts, tests/env.d.ts, tests/test-utils.ts, tests/apply-migrations.ts, tsconfig.json	从 defineWorkersConfig 迁移至 defineConfig + cloudflareTest 插件；更新 Cloudflare 命名空间下的环境类型声明；增强 ExecutionContext 管理与清理机制；在 beforeEach/afterEach 中管理迁移执行；补充 @vitest/runner 与 @vitest/snapshot 版本支持。
品牌图标组件实现 src/components/common/brand-icon.tsx, src/features/config/utils/social-platforms.tsx	新增 SimpleBrandIcon 通用组件和 GithubIcon/XIcon 导出函数；将社交平台配置中的 Github/Twitter 图标从 lucide-react 改为品牌图标组件。
主题页面图标替换 src/features/theme/themes/default/pages/auth/login/social-login.tsx, src/features/theme/themes/default/pages/home/skeleton.tsx, src/features/theme/themes/fuwari/pages/auth/login/page.tsx	在登录页面和骨架屏中将 lucide-react 的 Github 图标替换为 GithubIcon，保持相同的尺寸与描边属性。
配置服务调用方式变更 src/features/comments/comments.integration.test.ts, src/features/friend-links/friend-links.integration.test.ts	在测试用例中将系统配置写入从 ConfigRepo.upsertSystemConfig(db, ...) 改为 ConfigService.updateSystemConfig(context, ...)，跨越多个通知与权限场景的测试用例。
测试环境导入源调整 src/features/import-export/import-export.integration.test.ts, src/features/posts/posts.integration.test.ts, src/lib/durable-objects.integration.test.ts	将 env 的导入源从 cloudflare:test 改为 cloudflare:workers，对齐新的测试框架要求。
路由类型与生成文件更新 src/routeTree.gen.ts, src/lib/hono/path-manifest.generated.ts	调整 TanStack Router 类型定义为尾斜杠形式（如 '/admin/comments/'）；前置根路径正则 ^\/$ 提高匹配优先级；更新 FileRoutesByFullPath/FileRoutesByTo 等公开接口。
Vite 与 TypeScript 配置 vite.config.ts, tsconfig.json	禁用 TanStack Start 的 importProtection（enabled: false）；将 vitest-pool-workers 类型来源改为子路径 /types。
项目文档与任务追踪 .dex/tasks.jsonl, CONTEXT.md, docs/adr/*.md	新增领域术语定义与实体关系约束；新增四份 ADR 文档（Cloudflare Workers 唯一部署目标、公开内容快照分离、Theme Contract、Workflows vs Queues）；新增 Dependabot 升级工作流的 8 条任务记录与执行结果。

🎯 3 (Moderate) | ⏱️ ~25 minutes

可能相关的 PR

• du2333/flare-stack-blog#34: 主题组件中 Github 图标替换的变更涉及同一些默认主题登录页面组件的代码。
• du2333/flare-stack-blog#76: 配置写入从 ConfigRepo 改为 ConfigService 的迁移与此 PR 中的配置服务重构工作相关。

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	标题准确概括了PR的主要变更：合并多个Dependabot依赖升级分组到单一验证分支，涵盖Drizzle、React、TanStack、UI、Cloudflare等多个关键依赖包的版本升级。
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot-safe-upgrades

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}