ci: use node --run for package scripts

[thedavidweng]

This PR replaces pnpm format with node --run format in the Dependabot auto-format CI workflow. Node.js 24 supports node --run natively, removing the need for pnpm to invoke package scripts.

[greptile-apps]

Greptile Summary

This PR replaces pnpm format with node --run format in the Dependabot auto-format CI workflow, taking advantage of Node.js 24's built-in script runner. The pnpm install step still handles dependency installation; only the invocation of the format script switches to the native Node.js runner. It also includes Dependabot-driven lockfile bumps for several JS/Rust dependencies.

• Workflow change: node --run format replaces pnpm format in .github/workflows/dependabot-fmt.yml; the format script (oxfmt src/ tests/) is simple with no pre/post hooks, so behavior is identical.
• Dependency updates: pnpm-lock.yaml bumps lucide-react (1.17→1.21), i18next (26.3.1→26.3.2), @tanstack/react-virtual (3.14.2→3.14.3), vite (8.0.16→8.1.0), and @tailwindcss/vite (4.3.0→4.3.1), along with corresponding Cargo.lock updates.

Confidence Score: 5/5

Safe to merge — the workflow change is minimal and correct for Node.js 24, and the lockfile bumps are routine minor/patch updates.

The only functional change is swapping pnpm format for node --run format. Node.js 24 ships --run as a stable script runner, oxfmt is already installed by the preceding pnpm install step and is available on PATH via node_modules/.bin, and the format script has no pre/post lifecycle hooks that would be silently skipped. The dependency lockfile updates are standard Dependabot minor/patch bumps with no breaking changes.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/dependabot-fmt.yml	Replaces pnpm format with node --run format; valid for Node.js 24, no pre/post hooks affected, pnpm still used for installation.
pnpm-lock.yaml	Dependabot-generated lockfile updates for lucide-react, i18next, @tanstack/react-virtual, vite, and @tailwindcss/vite — all minor/patch bumps.
src-tauri/Cargo.lock	Routine Dependabot Rust dependency lockfile updates, no structural changes.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant GH as GitHub Actions
    participant pnpm as pnpm (setup + install)
    participant Node as Node.js 24
    participant oxfmt as oxfmt (node_modules/.bin)
    participant Rust as rustfmt

    GH->>GH: Checkout PR branch
    GH->>pnpm: pnpm/action-setup
    GH->>Node: actions/setup-node (v24, cache: pnpm)
    GH->>pnpm: pnpm install --no-frozen-lockfile
    Note over pnpm: Installs oxfmt into node_modules/.bin
    GH->>Node: node --run format
    Node->>oxfmt: Resolves via node_modules/.bin PATH
    oxfmt-->>GH: Format src/ tests/
    GH->>Rust: cargo fmt --manifest-path src-tauri/Cargo.toml
    Rust-->>GH: Rust files formatted
    GH->>GH: "git commit & push (if changes)"

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant GH as GitHub Actions
    participant pnpm as pnpm (setup + install)
    participant Node as Node.js 24
    participant oxfmt as oxfmt (node_modules/.bin)
    participant Rust as rustfmt

    GH->>GH: Checkout PR branch
    GH->>pnpm: pnpm/action-setup
    GH->>Node: actions/setup-node (v24, cache: pnpm)
    GH->>pnpm: pnpm install --no-frozen-lockfile
    Note over pnpm: Installs oxfmt into node_modules/.bin
    GH->>Node: node --run format
    Node->>oxfmt: Resolves via node_modules/.bin PATH
    oxfmt-->>GH: Format src/ tests/
    GH->>Rust: cargo fmt --manifest-path src-tauri/Cargo.toml
    Rust-->>GH: Rust files formatted
    GH->>GH: "git commit & push (if changes)"

Loading

_{Reviews (2): Last reviewed commit: "fix: resolve dependency audit vulnerabil..." | Re-trigger Greptile}