chore: bump tsx to ^4.21.0 across all workspaces

[brendan-kellam]

Summary

• Bumps tsx from ^4.0.0–^4.19.2 to ^4.21.0 in all 7 workspace packages (backend, db, mcp, queryLanguage, schemas, shared, web)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated development dependencies to latest compatible versions across packages.

[github-actions]

@brendan-kellam your pull request is missing a changelog!

[coderabbitai]

Walkthrough

Updated the tsx development dependency version across seven package.json files in the monorepo from versions ranging between ^4.0.0 to ^4.19.2 to a unified version of ^4.21.0.

Changes

Cohort / File(s)	Summary
TSX Dependency Updates packages/backend/package.json, packages/db/package.json, packages/mcp/package.json, packages/queryLanguage/package.json, packages/schemas/package.json, packages/shared/package.json, packages/web/package.json	Updated tsx devDependency to ^4.21.0 across all packages for consistency.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the main change: updating the tsx dependency to ^4.21.0 across all workspace packages.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch brendan/bump-tsx

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/mcp/package.json`:
- Line 16: Revert the change that updated the "tsx" dependency in the deprecated
packages/mcp package.json: restore the original package.json entry for the "tsx"
field (undo the introduced "^4.21.0" change) and do not make any other edits to
the MCP package; instead, implement MCP feature changes under the active module
"packages/web/src/features/mcp/" if needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 28234ac1-09dc-4f5c-a123-2b246bb81971

📥 Commits

Reviewing files that changed from the base of the PR and between 55c391d and 1b66a26.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (7)

• packages/backend/package.json
• packages/db/package.json
• packages/mcp/package.json
• packages/queryLanguage/package.json
• packages/schemas/package.json
• packages/shared/package.json
• packages/web/package.json

[github-actions]

License Audit

❌ Status: FAIL

Metric	Count
Total packages	2155
Resolved (non-standard)	7
Unresolved	4
Strong copyleft	0
Weak copyleft	38

Fail Reasons

• 4 packages have unresolvable licenses: @react-grab/cli (0.1.23), @react-grab/cli (0.1.29), @react-grab/mcp (0.1.29), element-source (0.0.3)

Unresolved Packages

Package	Version	License	Reason
@react-grab/cli	0.1.23	UNKNOWN	No repository or homepage listed in package metadata; npm registry contains no license field for this version
@react-grab/cli	0.1.29	UNKNOWN	No repository or homepage listed in package metadata; npm registry contains no license field for this version
@react-grab/mcp	0.1.29	UNKNOWN	No repository or homepage listed in package metadata; npm registry contains no license field for this version
element-source	0.0.3	UNKNOWN	No repository or homepage listed in package metadata; npm registry contains no license field; package appears to have been published from a local tarball with no public source repository

Weak Copyleft Packages (informational)

Package	Version	License
@img/sharp-libvips-darwin-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm	1.0.5	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-ppc64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-riscv64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-wasm32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-wasm32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-win32-arm64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64	0.33.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
axe-core	4.10.3	MPL-2.0
lightningcss	1.32.0	MPL-2.0
lightningcss-android-arm64	1.32.0	MPL-2.0
lightningcss-darwin-arm64	1.32.0	MPL-2.0
lightningcss-darwin-x64	1.32.0	MPL-2.0
lightningcss-freebsd-x64	1.32.0	MPL-2.0
lightningcss-linux-arm-gnueabihf	1.32.0	MPL-2.0
lightningcss-linux-arm64-gnu	1.32.0	MPL-2.0
lightningcss-linux-arm64-musl	1.32.0	MPL-2.0
lightningcss-linux-x64-gnu	1.32.0	MPL-2.0
lightningcss-linux-x64-musl	1.32.0	MPL-2.0
lightningcss-win32-arm64-msvc	1.32.0	MPL-2.0
lightningcss-win32-x64-msvc	1.32.0	MPL-2.0

Resolved Packages (7)

Package	Version	Original	Resolved	Source
codemirror-lang-elixir	4.0.0	UNKNOWN	Apache-2.0	GitHub repo (livebook-dev/codemirror-lang-elixir) — GitHub license API
lezer-elixir	1.1.2	UNKNOWN	Apache-2.0	GitHub repo (livebook-dev/lezer-elixir) — GitHub license API
map-stream	0.1.0	UNKNOWN	MIT	GitHub repo (dominictarr/map-stream) — GitHub license API
memorystream	0.3.1	UNKNOWN	MIT	npm registry — licenses array: [{"type":"MIT","url":"http://github.com/JSBizon/node-memorystream/raw/master/LICENSE"}]
posthog-js	1.345.5	SEE LICENSE IN LICENSE	Apache-2.0	GitHub repo (PostHog/posthog-js) — LICENSE file text is Apache-2.0
valid-url	1.0.9	UNKNOWN	MIT	GitHub repo (ogt/valid-url) — LICENSE file text is MIT
pause-stream	0.0.11	["MIT","Apache2"]	MIT AND Apache-2.0	GitHub repo (dominictarr/pause-stream) — LICENSE file confirms dual MIT and Apache 2.0