chore(security): bumping effect to 3.20.0 because of GHSA-38f7-945m-qr2g

[tnovau]

This PR attemps to fix a high security issue described on GHSA-38f7-945m-qr2g that's related to effect npm package that's widely used in this repo.

Summary by CodeRabbit

• Chores
  • Updated the Effect library dependency to version 3.20.0 across all packages, examples, and tooling configurations.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5a8841e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

@tnovau is attempting to deploy a commit to the Ping Labs Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Summary

This PR bumps effect from 3.17.7 to 3.20.0 across all package.json files in the monorepo to address security advisory GHSA-38f7-945m-qr2g. The lockfile is also regenerated, which as a side effect picks up a Next.js canary jump from 15.4.2-canary.51 to 16.2.1-canary.43 in the playground packages (due to their floating "canary" version specifier).

Confidence Score: 5/5

Safe to merge — clean security patch with only expected lockfile drift as a side effect.

All package.json files consistently update effect to 3.20.0. The pnpm lockfile correctly reflects these updates. The Next.js canary version bump in the lockfile is expected behavior caused by the floating "canary" specifier in the playground packages and does not affect any published packages. No logic changes are introduced.

No files require special attention.

Important Files Changed

Filename	Overview
packages/shared/package.json	Bumps effect from 3.17.7 to 3.20.0 in production dependencies.
packages/uploadthing/package.json	Bumps effect from 3.17.7 to 3.20.0; @effect/platform (0.90.3) and @effect/vitest (0.25.1) remain unpinned-bumped but resolve correctly with effect@3.20.0 in the lockfile.
examples/backend-adapters/server/package.json	Bumps effect from 3.17.7 to 3.20.0 in the example server package.
playground/package.json	Bumps effect to 3.20.0; floating "next": "canary" specifier causes lockfile to resolve to Next.js 16.2.1-canary.43 (up from 15.4.2-canary.51) as a side effect.
playground-v6/package.json	Bumps effect to 3.20.0; same floating Next.js canary resolution side-effect as playground/package.json.
tooling/tsconfig/package.json	Bumps effect from 3.17.7 to 3.20.0 in the tsconfig tooling package.
pnpm-lock.yaml	Lockfile regenerated to reflect effect@3.20.0; also bumps Next.js canary from 15.x to 16.x in playgrounds due to floating "canary" specifier, and adds associated sharp@0.34.x native binaries.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["GHSA-38f7-945m-qr2g\n(Security Advisory)"] --> B["effect 3.17.7 → 3.20.0"]
    B --> C["packages/shared"]
    B --> D["packages/uploadthing"]
    B --> E["examples/backend-adapters/server"]
    B --> F["playground"]
    B --> G["playground-v6"]
    B --> H["tooling/tsconfig"]
    F -->|floating 'canary' specifier| I["pnpm-lock.yaml\nNext.js 15.4.2-canary.51\n→ 16.2.1-canary.43\n(side effect)"]
    G -->|floating 'canary' specifier| I

Loading

_{Reviews (1): Last reviewed commit: "chore: bumping effect to 3.20.0 because ..." | Re-trigger Greptile}

[coderabbitai]

Walkthrough

The effect library dependency is updated from version 3.17.7 to 3.20.0 across six package.json files in the repository. No other dependencies, scripts, or configuration entries are modified.

Changes

Cohort / File(s)	Summary
Effect Dependency Updates examples/backend-adapters/server/package.json, packages/shared/package.json, packages/uploadthing/package.json, playground-v6/package.json, playground/package.json, tooling/tsconfig/package.json	Updated effect dependency version from 3.17.7 to 3.20.0 across all package files.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately describes the main change: bumping the effect dependency to version 3.20.0 across multiple package.json files to address a security vulnerability.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}