chore: update conversion and packages

[mfts]

Summary by CodeRabbit

• Chores

  • Updated multiple dependencies to newer stable versions, including email rendering and PDF processing libraries.

• Bug Fixes

  • Adjusted PDF conversion rendering to avoid a tiling/visual glitch with certain library versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
papermark	Ready	Preview	Comment	Nov 30, 2025 1:53pm

[coderabbitai]

Walkthrough

Updated many runtime and dev dependency versions in package.json; changed MuPDF page-conversion default scale for small widths from 3 to 2.95 to avoid a MuPDF 1.26.4 tiling bug; switched a framer-motion import to motion/react in a UI component.

Changes

Cohort / File(s)	Summary
Dependency version updates package.json	Bumped ~24 dependencies and devDependencies (examples: @aws-sdk/* ^3.93x → ^3.94x, @react-email/* updates, react-email ^4.3.2 → ^5.0.5, mupdf ^1.3.6 → ^1.26.4, prettier ^3.6.2 → ^3.7.3, etc.). No additions or removals of top-level dependency keys.
MuPDF scale adjustment pages/api/mupdf/convert-page.ts	Changed default scale factor for smaller-width documents from 3 → 2.95 and updated the related log message to avoid a MuPDF 1.26.4 tiling rendering bug; 1600+ branch remains scale 2.
Motion import update components/ui/bar-list.tsx	Swapped framer-motion import to motion/react (import source changed; no other logic changes).

Possibly related PRs

• fix: conversion scaling for long documents #1824: Modifies pages/api/mupdf/convert-page.ts scaling logic — implements memory-aware dynamic scaling and fallbacks related to the same conversion behavior.
• chore: update dependencies #1884: Overlapping package.json dependency version bumps (several same packages updated, e.g., AWS SDKs, react-email, shiki).

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: update conversion and packages' accurately describes the changeset, which includes dependency version updates and a conversion logic adjustment for mupdf.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3abb360 and 0961b22.

📒 Files selected for processing (1)

• components/ui/bar-list.tsx (1 hunks)

🔇 Additional comments (1)

components/ui/bar-list.tsx (1)

3-3: Motion import migration looks correct; ensure dependency alignment

Switching to import { motion } from "motion/react"; is consistent with the newer motion package entrypoints and keeps the existing <motion.div> usage intact. Please confirm that:

• motion (v12.x) is installed and framer-motion is no longer relied on here, and
• Other components are also migrated to motion/react for consistency and to avoid pulling both packages.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​vercel/​functions@​3.3.3 ⏵ 3.3.4				+1
	@​sindresorhus/​slugify@​2.2.1 ⏵ 3.0.0	+1		+1
	js-cookie@​3.0.5
	@​react-email/​render@​1.4.0 ⏵ 2.0.0	+1			+1
	@​react-email/​components@​0.5.7 ⏵ 1.0.1			+1
	jsonwebtoken@​9.0.2
	@​aws-sdk/​lib-storage@​3.937.0 ⏵ 3.940.0
	@​react-email/​preview-server@​4.3.2 ⏵ 5.0.5	-3		+1	+1
	@​vercel/​blob@​1.1.1 ⏵ 2.0.0			+1	-5
	@​trivago/​prettier-plugin-sort-imports@​5.2.2 ⏵ 6.0.0
	@​aws-sdk/​client-lambda@​3.938.0 ⏵ 3.940.0
	@​aws-sdk/​s3-request-presigner@​3.937.0 ⏵ 3.940.0
	@​aws-sdk/​client-s3@​3.937.0 ⏵ 3.940.0
	@​upstash/​redis@​1.35.6 ⏵ 1.35.7				+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @react-email/preview-server is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package-lock.json → npm/@react-email/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-email/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pages/api/mupdf/convert-page.ts (1)

97-99: Centralize the default scale factor to avoid future drift

The workaround for the mupdf 1.26.4 tiling bug looks good, but the initial default and the log message duplicate the same ternary. If the threshold or defaults change in the future, they could get out of sync.

You can DRY this slightly and keep the log accurate:

-      // Note: Avoid scale factor 3 exactly due to mupdf 1.26.4 rendering bug with tiling patterns
-      let scaleFactor = width >= 1600 ? 2 : 2.95;
+      // Note: Avoid scale factor 3 exactly due to mupdf 1.26.4 rendering bug with tiling patterns
+      const defaultScaleFactor = width >= 1600 ? 2 : 2.95;
+      let scaleFactor = defaultScaleFactor;
@@
-        console.log(
-          `Large document detected. Reduced scale factor from ${width >= 1600 ? 2 : 2.95} to ${scaleFactor}`,
-        );
+        console.log(
+          `Large document detected. Reduced scale factor from ${defaultScaleFactor} to ${scaleFactor}`,
+        );

Also applies to: 125-127

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de9561a and 3abb360.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• package.json (7 hunks)
• pages/api/mupdf/convert-page.ts (2 hunks)

🔇 Additional comments (1)

package.json (1)

23-176: Major dependency bumps may require behavioral changes—please validate call sites and tooling

Several upgrades here are potentially breaking (e.g., @react-email/components, @react-email/render, react-email, @react-email/preview-server, @sindresorhus/slugify, @vercel/blob, @trivago/prettier-plugin-sort-imports, and the large jump in mupdf). The mupdf change is partially covered by the new scale-factor workaround, but other APIs or behaviors may also have shifted.

Recommend:

• Re-running the full test suite and type-checks.
• Manually verifying critical paths:
  • Email rendering + preview flows.
  • Any slug generation that relies on @sindresorhus/slugify.
  • Blob storage usage via @vercel/blob.
  • Formatting behavior after prettier / sort-imports plugin changes.
• Double-checking each library’s changelog for migration notes.