chore(deps): 의존성 업데이트 및 빌드 설정 정리

[Sh031224]

변경 사항

의존성 업데이트

• pnpm update --recursive로 range 내 패키지 최신화
• lerna 8 → 9 (transitive로 nx 20 → 22 함께 업데이트, lerna repair로 nx config 마이그레이션)
• next-mdx-remote 5 → 6 (serialize()에 blockJS: false 추가하여 기존 동작 유지)
• vite를 root devDependency로 추가하여 peer 버전 고정
• @modelcontextprotocol/sdk, axios, esbuild 등 직접 의존성 버전 업데이트

빌드 설정

• .github/actions/generate-mobile-docs, jsx-tracking 두 action을 ESM 빌드로 전환
  • glob 11.x의 transitive 의존성이 top-level await를 사용해 CJS 빌드 불가
  • esbuild banner로 createRequire polyfill 주입하여 Node.js CJS 호환성 유지
  • dist/index.js → dist/index.mjs

Nx 마이그레이션

• nx.json: deprecated tasksRunnerOptions → targetDefaults.cache 형식으로 자동 변환

검증

• pnpm build 9개 패키지 빌드 성공
• pnpm test:unit 166 tests passed
• pnpm -F generate-mobile-docs build / pnpm -F jsx-tracking build 성공 및 smoke test 통과

🤖 Generated with Claude Code

Summary by CodeRabbit

릴리스 노트

• Chores
  • 전체 프로젝트 의존성 및 개발 도구 업데이트(여러 패키지 및 빌드/테스트 도구 포함)
  • GitHub Actions 런타임을 CommonJS에서 ESM으로 전환
  • Nx 빌드 캐싱 설정 최적화 및 기본 타겟 캐시 활성화
  • 형식/무시 설정 업데이트(.gitignore 및 .prettierignore 항목 추가)
  • 문서용 MDX 직렬화 옵션 일부 조정

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b6fd1588-924a-48a5-911c-d89a09933b85

📥 Commits

Reviewing files that changed from the base of the PR and between d1768d0 and 5c2e314.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/actions/generate-mobile-docs/package.json
• .github/actions/jsx-tracking/package.json
• lerna.json
• nx.json
• packages/wds-mcp/package.json

✅ Files skipped from review due to trivial changes (2)

• lerna.json
• packages/wds-mcp/package.json

🚧 Files skipped from review as they are similar to previous changes (3)

• .github/actions/jsx-tracking/package.json
• .github/actions/generate-mobile-docs/package.json
• nx.json

---

Walkthrough

여러 GitHub Action의 빌드 출력을 ESM(.mjs)로 전환하고 esbuild 빌드 스크립트와 의존성을 업데이트했으며, Nx 캐시 설정을 재구성하고 여러 패키지·문서 관련 의존성 버전들을 일괄 업데이트하고 일부 설정 파일을 수정했습니다.

Changes

Cohort / File(s)	Summary
GitHub Actions ESM 마이그레이션 .github/actions/generate-mobile-docs/action.yml, .github/actions/generate-mobile-docs/package.json, .github/actions/jsx-tracking/action.yml, .github/actions/jsx-tracking/package.json	Actions 진입점을 dist/index.js → dist/index.mjs로 변경하고 esbuild 빌드 스크립트를 ESM(--format=esm) 출력으로 전환, require shims 배너를 추가하고 관련 종속성 버전을 업그레이드했습니다.
Nx 및 루트 구성 변경 nx.json, .gitignore, .prettierignore, package.json, lerna.json	tasksRunnerOptions.default 제거 후 targetDefaults에 캐시 설정 추가(build, lint, lint:fix에 cache:true), .claude 및 Nx 캐시 디렉토리 무시 규칙 추가, 루트 의존성·devDependencies 버전 업그레이드, lerna.json 스키마 URL 업데이트.
문서 의존성 및 MDX 설정 docs/package.json, docs/src/features/docs/helpers/mdx.ts	문서 관련 패키지(예: CodeMirror, TanStack, next 등) 버전 업데이트 및 MDX 직렬화에서 blockJS: false를 명시적으로 설정함.
핵심 패키지 의존성 업데이트 packages/wds/package.json, packages/wds-engine/package.json, packages/wds-lottie/package.json, packages/wds-mcp/package.json, packages/wds-nextjs/package.json	Radix, Emotion, csstype, lottie, ModelContextProtocol 등 주요 런타임/프론트엔드 의존성들의 버전 범위가 상향 조정됨.
도구·스크립트·테스트 의존성 업데이트 packages/eslint-plugin-wds/package.json, scripts/api-generator/package.json, scripts/design-docs-sync/package.json, tests/tree-shaking/package.json	ESLint 관련 패키지, tsx, axios, Vite/롤업 플러그인 및 테스트 관련 패키지들 버전 업그레이드.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	제목은 변경사항의 주요 내용을 정확히 반영하고 있습니다. 의존성 업데이트와 빌드 설정 정리라는 PR의 핵심을 명확하게 표현하고 있으며, raw_summary에서 확인된 package.json 업데이트, 액션 설정 변경(ESM 빌드 전환), nx.json 마이그레이션 등이 모두 제목에 포함된 범주에 해당합니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/sh031224/security

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

size-limit report 📦

Path	Size
wds	2.37 KB (0%)
wds-icon	5 KB (0%)
wds-lottie	83 B (0%)
wds-theme	144 B (0%)
wds-engine	332 B (0%)
wds-nextjs	165 B (0%)

[github-actions]

🚀 Preview

Last commit	82e0584
Preview URL	https://dev-montage.wanted.co.kr/82e0584

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (4)

packages/wds/package.json (1)

57-57: 버전 범위 지정 방식이 일관되지 않습니다.

@radix-ui/react-scroll-area만 정확한 버전(1.2.0)을 사용하고, 다른 radix-ui 패키지들은 캐럿 범위(^1.x.x)를 사용합니다. 의도적인 고정이 아니라면 일관성을 위해 캐럿 범위로 변경하는 것을 권장합니다.

♻️ 제안된 수정

-    "@radix-ui/react-scroll-area": "1.2.0",
+    "@radix-ui/react-scroll-area": "^1.2.0",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/wds/package.json` at line 57, The dependency entry
"@radix-ui/react-scroll-area" is pinned to "1.2.0" while other radix-ui packages
use caret ranges; change the version spec for "@radix-ui/react-scroll-area" to
use a caret range (for example "^1.2.0") to match the project's versioning
convention and ensure consistent dependency resolution across packages.

.github/actions/jsx-tracking/package.json (1)

4-4: main 필드가 실제 빌드 출력과 일치하지 않습니다.

main 필드가 여전히 dist/index.js를 가리키고 있지만, 빌드 스크립트는 dist/index.mjs로 출력합니다. private GitHub Action이므로 실제 동작에는 영향을 주지 않지만, 일관성을 위해 수정을 권장합니다.

♻️ 제안된 수정

-  "main": "dist/index.js",
+  "main": "dist/index.mjs",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/jsx-tracking/package.json at line 4, Update the package.json
"main" field to match the build output: change the current "main":
"dist/index.js" to point to the built module file "dist/index.mjs" so the
package metadata matches the build artifacts (edit the "main" property in
package.json).

.github/actions/generate-mobile-docs/package.json (2)

19-19: createRequire 배너가 불필요할 수 있습니다.

관련 코드 스니펫(.github/actions/generate-mobile-docs/src/modules/base.ts:1-8)을 보면, 이 액션은 순수 ESM 패키지들(glob, @actions/core, @actions/exec, gray-matter)만 import합니다. jsx-tracking과 달리 CJS 전용 의존성이 없으므로 createRequire 배너는 방어적 코드입니다.

현재 동작에 문제는 없지만, 향후 유지보수 시 참고하시기 바랍니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/generate-mobile-docs/package.json at line 19, The build
script's injected banner that defines createRequire (the
"--banner:js=\"import{createRequire}from'module';const
require=createRequire(import.meta.url);\"" portion of the "build" npm script) is
unnecessary because this action only imports pure ESM dependencies; remove that
banner from the "build" script so esbuild bundles without injecting the
createRequire shim and keep the rest of the script (--platform=node --bundle
--format=esm --outfile=dist/index.mjs) unchanged.

---

4-4: main 필드가 실제 빌드 출력과 일치하지 않습니다.

jsx-tracking과 동일하게 main 필드가 dist/index.js를 가리키고 있지만, 빌드 출력은 dist/index.mjs입니다.

♻️ 제안된 수정

-  "main": "dist/index.js",
+  "main": "dist/index.mjs",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/generate-mobile-docs/package.json at line 4, The
package.json "main" field currently points to "dist/index.js" but the build
emits "dist/index.mjs"; update the "main" entry in package.json to
"dist/index.mjs" (or alternatively adjust the build output to produce
dist/index.js) so the package's entrypoint matches the actual build artifact;
reference the "main" field and the produced file "dist/index.mjs" to locate and
fix the mismatch.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/src/features/docs/helpers/mdx.ts`:
- Line 113: The MDX config currently sets blockJS: false which enables MDX JS
expressions; change it to blockJS: true to disable inline JS expressions (in the
MDX options object where blockJS is defined) to reduce attack surface, and if
you actually need JS expressions keep blockJS: false but explicitly add
blockDangerousJS: true in the same options object to make the protection intent
explicit (look for the MDX options or the variable that contains blockJS in
docs/src/features/docs/helpers/mdx.ts).

In `@nx.json`:
- Around line 7-10: The "watch" target currently has "cache": true which is
incorrect for long-running watch processes; open the nx.json target definition
for the "watch" target and remove the "cache" property (or set it to false) so
that the watch target no longer uses Nx caching; keep the existing "dependsOn":
["^watch"] behavior intact and ensure any watch scripts (e.g., tsup --watch,
tsdown --watch) remain unaffected.

In `@package.json`:
- Line 68: package.json was updated to "lerna": "9.0.7" but lerna.json still
points to the old schema; update the "$schema" field in lerna.json to
"https://unpkg.com/lerna@9.0.7/schemas/lerna-schema.json" so the schema version
matches the lerna dependency (locate the "$schema" key in lerna.json and replace
the URL accordingly).

In `@packages/wds-mcp/package.json`:
- Line 5: The dependency "@modelcontextprotocol/sdk" is currently pinned with a
caret (^1.29.0) which allows minor upgrades that have previously broken
compatibility; update the package.json dependency entry for
"@modelcontextprotocol/sdk" to an exact version "1.29.0" (or at minimum change
to a patch-only range "~1.29.0") so only known-compatible releases are
installed, then run npm/yarn install and verify build/tests that involve any
code using the SDK (references: the dependency name
"@modelcontextprotocol/sdk").

---

Nitpick comments:
In @.github/actions/generate-mobile-docs/package.json:
- Line 19: The build script's injected banner that defines createRequire (the
"--banner:js=\"import{createRequire}from'module';const
require=createRequire(import.meta.url);\"" portion of the "build" npm script) is
unnecessary because this action only imports pure ESM dependencies; remove that
banner from the "build" script so esbuild bundles without injecting the
createRequire shim and keep the rest of the script (--platform=node --bundle
--format=esm --outfile=dist/index.mjs) unchanged.
- Line 4: The package.json "main" field currently points to "dist/index.js" but
the build emits "dist/index.mjs"; update the "main" entry in package.json to
"dist/index.mjs" (or alternatively adjust the build output to produce
dist/index.js) so the package's entrypoint matches the actual build artifact;
reference the "main" field and the produced file "dist/index.mjs" to locate and
fix the mismatch.

In @.github/actions/jsx-tracking/package.json:
- Line 4: Update the package.json "main" field to match the build output: change
the current "main": "dist/index.js" to point to the built module file
"dist/index.mjs" so the package metadata matches the build artifacts (edit the
"main" property in package.json).

In `@packages/wds/package.json`:
- Line 57: The dependency entry "@radix-ui/react-scroll-area" is pinned to
"1.2.0" while other radix-ui packages use caret ranges; change the version spec
for "@radix-ui/react-scroll-area" to use a caret range (for example "^1.2.0") to
match the project's versioning convention and ensure consistent dependency
resolution across packages.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 135d3d71-dc87-486a-a80c-e00d98bc3750

📥 Commits

Reviewing files that changed from the base of the PR and between 391818a and d1768d0.

⛔ Files ignored due to path filters (3)

• .github/actions/generate-mobile-docs/dist/index.mjs is excluded by !**/dist/**
• .github/actions/jsx-tracking/dist/index.mjs is excluded by !**/dist/**
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (19)

• .github/actions/generate-mobile-docs/action.yml
• .github/actions/generate-mobile-docs/package.json
• .github/actions/jsx-tracking/action.yml
• .github/actions/jsx-tracking/package.json
• .gitignore
• .prettierignore
• docs/package.json
• docs/src/features/docs/helpers/mdx.ts
• nx.json
• package.json
• packages/eslint-plugin-wds/package.json
• packages/wds-engine/package.json
• packages/wds-lottie/package.json
• packages/wds-mcp/package.json
• packages/wds-nextjs/package.json
• packages/wds/package.json
• scripts/api-generator/package.json
• scripts/design-docs-sync/package.json
• tests/tree-shaking/package.json