Bumps [postcss](https://github.com/postcss/postcss) from 8.5.12 to
8.5.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.13</h2>
<ul>
<li>Fixed <code>postcss-scss</code> commend regression.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.13</h2>
<ul>
<li>Fixed <code>postcss-scss</code> commend regression.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af58cf1b7a"><code>af58cf1</code></a>
Release 8.5.13 version</li>
<li><a
href="f227dbd0e9"><code>f227dbd</code></a>
Temporary ignore pnpm 11 config</li>
<li><a
href="d3abd40d72"><code>d3abd40</code></a>
Update dependencies</li>
<li><a
href="dd06c3e113"><code>dd06c3e</code></a>
Revert stringifier changes because of the conflict with
postcss-scss</li>
<li><a
href="ae889c815f"><code>ae889c8</code></a>
Try to fix CI</li>
<li><a
href="e0093e49bc"><code>e0093e4</code></a>
Move to pnpm 11</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.12...8.5.13">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
17.0.4 to 17.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.6</h2>
<ul>
<li>fix: restore the v17 <code>nodesToString</code> output format
consumed by <code>i18next-cli</code>'s extractor while still rendering
<a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
correctly
<ul>
<li>17.0.5 fixed <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
by changing what <code>nodesToString</code> produced, which
inadvertently changed the extracted translation strings for keep-tags
wrapping non-keep React elements</li>
<li>The fix now lives in the renderer: indexed <code><N></code>
placeholders nested inside a keep-tag are scoped to that tag's own
original React children (matching kept tags by name and positional
occurrence at each level), so the translation string format produced by
<code>nodesToString</code> is unchanged</li>
</ul>
</li>
</ul>
<h2>17.0.5</h2>
<ul>
<li>fix: <code><Trans /></code> no longer breaks child rendering
when a kept HTML node (<code>transKeepBasicHtmlNodesFor</code>) wraps a
non-keep React element <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
— superseded by 17.0.6, which keeps the same runtime fix without
changing the <code>nodesToString</code> output</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb20d1886b"><code>cb20d18</code></a>
17.0.6</li>
<li><a
href="b8ad5e4afd"><code>b8ad5e4</code></a>
fix: scope indexed placeholders inside keep-tags at render time <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">#1919</a></li>
<li><a
href="75ce985016"><code>75ce985</code></a>
17.0.5</li>
<li><a
href="9803bb8005"><code>9803bb8</code></a>
fix: <Trans /> no longer breaks child rendering when a kept HTML
node (transK...</li>
<li><a
href="ec37a48d76"><code>ec37a48</code></a>
chore: ignore .env*, *.pem, *.key in .gitignore</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.4...v17.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.11 to
8.5.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9bc81c48f0"><code>9bc81c4</code></a>
Release 8.5.12 version</li>
<li><a
href="85c4d7dab8"><code>85c4d7d</code></a>
Another try to fix coverage</li>
<li><a
href="94484cae6d"><code>94484ca</code></a>
Try to fix coverage</li>
<li><a
href="c64b7488d2"><code>c64b748</code></a>
Load only .map source maps</li>
<li><a
href="aaec7b78b3"><code>aaec7b7</code></a>
Avoid throwing JSON parsing errors for non-JSON source maps</li>
<li><a
href="233fb264ea"><code>233fb26</code></a>
Mention original author of the solution</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.11...8.5.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.10 to
8.5.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2502f75030"><code>2502f75</code></a>
Release 8.5.11 version</li>
<li><a
href="5ca1901949"><code>5ca1901</code></a>
Speed up parsing many nested brackets</li>
<li><a
href="42b5337dd7"><code>42b5337</code></a>
Update dependencies</li>
<li><a
href="7e36e153d0"><code>7e36e15</code></a>
Cache node.raws locally in Stringifier hot methods</li>
<li><a
href="8ec62b157b"><code>8ec62b1</code></a>
Bypass MapGenerator for no-source-map stringify in LazyResult</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.10...8.5.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.7 to
26.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ea438f841"><code>3ea438f</code></a>
26.0.8</li>
<li><a
href="5176bbd7a1"><code>5176bbd</code></a>
retry version bump</li>
<li><a
href="10b48c6193"><code>10b48c6</code></a>
26.0.8</li>
<li><a
href="9fdd99a919"><code>9fdd99a</code></a>
retry version bump</li>
<li><a
href="9ee7da174d"><code>9ee7da1</code></a>
changelog</li>
<li><a
href="8ce5e268de"><code>8ce5e26</code></a>
26.0.8</li>
<li><a
href="e802567c9c"><code>e802567</code></a>
fix(types): restore <code>ExistsFunction</code> shape to keep
arrow-function wrappers as...</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.7...v26.0.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.6 to
26.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.7</h2>
<ul>
<li>fix: when a plural lookup misses, the <code>missingKey</code> debug
log now shows the actual plural-resolved key (e.g.
<code>foo.bar_many</code> for Polish <code>count: 14</code>) instead of
the base key — making it obvious which plural category was expected and
missing <a
href="https://redirect.github.com/i18next/i18next/issues/2423">2423</a></li>
<li>chore: drop <code>@babel/runtime</code> runtime dependency. The
build no longer generates any <code>@babel/runtime</code> imports, so
the package is unused by consumers. Rollup now uses <code>babelHelpers:
'bundled'</code> so any helpers that are ever needed in the future will
be inlined rather than imported externally <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
<li>chore: stop emitting <code>dist/esm/i18next.bundled.js</code>. It
was byte-identical to <code>dist/esm/i18next.js</code> because no
helpers were being imported <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce06fba2a5"><code>ce06fba</code></a>
26.0.7</li>
<li><a
href="ca33377537"><code>ca33377</code></a>
chore: drop unused <code>@babel/runtime</code> dep and redundant
bundled ESM output</li>
<li><a
href="8abe4e66ce"><code>8abe4e6</code></a>
fix: show resolved plural key in missingKey debug log</li>
<li><a
href="073eb1068a"><code>073eb10</code></a>
ts tests fix</li>
<li><a
href="a3dfb180d8"><code>a3dfb18</code></a>
security tests</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.6...v26.0.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.5 to
26.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.6</h2>
<p>Security release — all issues found via an internal audit. GHSA
advisory filed after release.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the security
docs for mitigation guidance (GHSA-TBD)</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.6</h2>
<p>Security release — all issues found via an internal audit.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the <a
href="https://www.i18next.com/translation-function/nesting#security-note-interpolated-values-inside-a-nesting-options-block">security
note in the Nesting docs</a> for the full pattern and mitigations</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d0ed9f98e"><code>9d0ed9f</code></a>
26.0.6</li>
<li><a
href="8c82564437"><code>8c82564</code></a>
security: hardening for 26.0.6 — nesting-options warning, regexEscape
unescap...</li>
<li><a
href="0cb018c363"><code>0cb018c</code></a>
chore: bump devDependencies</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.5...v26.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.41.0
to 6.41.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/view/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks)
from 7.1.0 to 7.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">eslint-plugin-react-hooks's
releases</a>.</em></p>
<blockquote>
<h2>eslint-plugin-react-hooks@7.1.1 (April 17, 2026)</h2>
<p><strong>Note:</strong> 7.1.0 accidentally removed the
<code>component-hook-factories</code> rule, causing errors for users who
referenced it in their ESLint config. This is now fixed.</p>
<ul>
<li>Add deprecated no-op <code>component-hook-factories</code> rule for
backwards compatibility. (<a
href="https://github.com/mofeiZ"><code>@mofeiZ</code></a> in <a
href="https://redirect.github.com/facebook/react/pull/36307">#36307</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md">eslint-plugin-react-hooks's
changelog</a>.</em></p>
<blockquote>
<h2>7.1.1</h2>
<p><strong>Note:</strong> 7.1.0 accidentally removed the
<code>component-hook-factories</code> rule, causing errors for users who
referenced it in their ESLint config. This is now fixed.</p>
<ul>
<li>Add deprecated no-op <code>component-hook-factories</code> rule for
backwards compatibility. (<a
href="https://github.com/mofeiZ"><code>@mofeiZ</code></a> in <a
href="https://redirect.github.com/facebook/react/pull/36307">#36307</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d1727fbf98"><code>d1727fb</code></a>
[eprh] Update changelog for 7.1.1 (<a
href="https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks/issues/36308">#36308</a>)</li>
<li><a
href="bc249804d3"><code>bc24980</code></a>
[eprh] Add back a no-op for removed component-hook-factories rule (<a
href="https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks/issues/36307">#36307</a>)</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/eslint-plugin-react-hooks@7.1.1/packages/eslint-plugin-react-hooks">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.4 to
26.0.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.5</h2>
<ul>
<li>fix: <code>cloneInstance().changeLanguage()</code> no longer fails
to update language state when the target language is not yet loaded — a
race between <code>init()</code>'s deferred <code>load()</code> and the
user's <code>changeLanguage()</code> could overwrite
<code>isLanguageChangingTo</code>, causing <code>setLngProps</code> to
be skipped <a
href="https://redirect.github.com/i18next/i18next/issues/2422">2422</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.5</h2>
<ul>
<li>fix: <code>cloneInstance().changeLanguage()</code> no longer fails
to update language state when the target language is not yet loaded — a
race between <code>init()</code>'s deferred <code>load()</code> and the
user's <code>changeLanguage()</code> could overwrite
<code>isLanguageChangingTo</code>, causing <code>setLngProps</code> to
be skipped <a
href="https://redirect.github.com/i18next/i18next/issues/2422">2422</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ab4633fee0"><code>ab4633f</code></a>
26.0.5</li>
<li><a
href="bae3b8bca9"><code>bae3b8b</code></a>
fix: <code>cloneInstance().changeLanguage()</code> no longer fails to
update language st...</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.4...v26.0.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
17.0.2 to 17.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.4</h2>
<ul>
<li>fix: avoid <code>React does not recognize the 'i18nIsDynamicList'
prop on a DOM element</code> warning <a
href="https://redirect.github.com/i18next/react-i18next/issues/1915">1915</a></li>
</ul>
<h2>17.0.3</h2>
<ul>
<li>fix: avoid invalid prop on <code>React.Fragment</code> inside
<code><Trans /></code> <a
href="https://redirect.github.com/i18next/react-i18next/issues/1914">1914</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a398b7692b"><code>a398b76</code></a>
17.0.4</li>
<li><a
href="c96f7bc219"><code>c96f7bc</code></a>
fix: avoid `React does not recognize the i18nIsDynamicList prop on a DOM
elem...</li>
<li><a
href="fe111f7518"><code>fe111f7</code></a>
17.0.3</li>
<li><a
href="e7419b8696"><code>e7419b8</code></a>
fix: avoid invalid prop on <code>React.Fragment</code> inside
<code>\<Trans /></code> <a
href="https://redirect.github.com/i18next/react-i18next/issues/1914">#1914</a></li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.2...v17.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.8
to 1.53.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.53.1...v1.53.2">1.53.2</a>
- 2026-04-14</h2>
<ul>
<li>Add <code>locale</code> and <code>namespace</code> fields to the
<code>TranslationResult</code> object passed
to the <code>afterSync</code> plugin hook, so plugins no longer need to
reverse-engineer
these values from the file path.
Relates to <a
href="https://redirect.github.com/i18next/i18next-cli/issues/237">#237</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.53.0...v1.53.1">1.53.1</a>
- 2026-04-14</h2>
<ul>
<li>Fix selector API with dynamic bracket notation (e.g.
<code>t(($) => $.table.columns[field])</code>) incorrectly treating
keys as unused
and removing them during extraction. Dynamic bracket expressions are now
resolved via the expression resolver, and function parameter type
annotations (e.g. <code>field: "name" |
"age"</code>) are captured so the resolver
can enumerate all possible key values.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.52.1...v1.53.0">1.53.0</a>
- 2026-04-14</h2>
<ul>
<li>Add optional <code>types.basePath</code> configuration to support
nested namespaces in
TypeScript type generation. When set, namespaces are derived from the
file's
path relative to <code>basePath</code> instead of just the filename, so
<code>locales/en/dashboard/user.json</code> produces namespace
<code>"dashboard/user"</code> instead
of <code>"user"</code>. When <code>basePath</code> is omitted,
existing behavior is preserved.
Contributed by <a
href="https://github.com/camerondubas"><code>@camerondubas</code></a>
in
<a
href="https://redirect.github.com/i18next/i18next-cli/pull/236">#236</a>.</li>
<li>Add a warning when <code>types.basePath</code> is misconfigured and
translation files
fall outside the specified base directory.</li>
<li>Use the internal logger instead of <code>console.warn</code> for
warnings in the type
generator.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.52.0...v1.52.1">1.52.1</a>
- 2026-04-13</h2>
<ul>
<li>Fix <code>extract --sync-all --trust-derived</code> resetting
secondary locale values
to empty strings even when the trusted derived default was already in
sync in
the primary locale. Secondary translations are now only cleared when the
primary locale would actually be updated by the sync.
Follow-up to <a
href="https://redirect.github.com/i18next/i18next-cli/issues/235">#235</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.9...v1.52.0">1.52.0</a>
- 2026-04-13</h2>
<ul>
<li>Add <code>extract --trust-derived</code> as an opt-in companion to
<code>--sync-primary</code>
and <code>--sync-all</code>. When enabled, the extractor also trusts
default values
inferred from keys, including plain key-as-text usage such as
<code>t('Hello world')</code> and <code>keyPrefix</code>-derived values,
while preserving the
existing strict sync behavior by default.
Follows up on <a
href="https://redirect.github.com/i18next/i18next-cli/issues/235">#235</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.8...v1.51.9">1.51.9</a>
- 2026-04-13</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8c44aaa42c"><code>8c44aaa</code></a>
1.53.2</li>
<li><a
href="9b74f0b433"><code>9b74f0b</code></a>
Add <code>locale</code> and <code>namespace</code> fields to the
<code>TranslationResult</code> object <a
href="https://redirect.github.com/i18next/i18next-cli/issues/237">#237</a></li>
<li><a
href="f6de82e032"><code>f6de82e</code></a>
1.53.1</li>
<li><a
href="d7c9895c87"><code>d7c9895</code></a>
improve fix for <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a></li>
<li><a
href="e6480b060e"><code>e6480b0</code></a>
1.53.0</li>
<li><a
href="145a3a84bd"><code>145a3a8</code></a>
release: feat(types): support nested namespaces in type generation <a
href="https://redirect.github.com/i18next/i18next-cli/issues/236">#236</a></li>
<li><a
href="54f474f00a"><code>54f474f</code></a>
feat(types): support nested namespaces in type generation (<a
href="https://redirect.github.com/i18next/i18next-cli/issues/236">#236</a>)</li>
<li><a
href="6e3f9d7dfa"><code>6e3f9d7</code></a>
1.52.1</li>
<li><a
href="810a724c4d"><code>810a724</code></a>
fix --trust-derived <a
href="https://redirect.github.com/i18next/i18next-cli/issues/235">#235</a></li>
<li><a
href="b898c554ad"><code>b898c55</code></a>
1.52.0</li>
<li>Additional commits viewable in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.8...v1.53.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.7
to 1.51.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.7...v1.51.8">1.51.8</a>
- 2026-04-13</h2>
<ul>
<li>Fix selector API with dynamic bracket notation (e.g.
<code>t(($) => $.table.columns[field])</code>) incorrectly treating
keys as unused
and removing them during extraction. Dynamic bracket expressions are now
resolved via the expression resolver, so typed variables
(<code>const field: "name" | "age"</code>) and
const-initialised variables
(<code>const field = "name"</code>) are correctly expanded
into all possible keys.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e479a9d44"><code>6e479a9</code></a>
1.51.8</li>
<li><a
href="3a1ced40fb"><code>3a1ced4</code></a>
ix selector API with dynamic bracket notation <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a></li>
<li>See full diff in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.7...v1.51.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pmtiles](https://github.com/protomaps/pmtiles) from 4.4.0 to
4.4.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/protomaps/pmtiles/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe88ac29c0"><code>fe88ac2</code></a>
Release 8.5.9 version</li>
<li><a
href="c551632496"><code>c551632</code></a>
Avoid RegExp when we can use simple JS</li>
<li><a
href="89a6b74406"><code>89a6b74</code></a>
Move SECURITY.txt for docs folder to keep GitHub page cleaner</li>
<li><a
href="6ceb8a46af"><code>6ceb8a4</code></a>
Create SECURITY.md</li>
<li><a
href="02ccae6bc3"><code>02ccae6</code></a>
Another way to fix CI with .ts ext in tests on old Node.js</li>
<li><a
href="2c36658c7c"><code>2c36658</code></a>
Another way to fix CI with TS on old Node.js</li>
<li><a
href="b90600361f"><code>b906003</code></a>
Another way to fix CI with old Node.js</li>
<li><a
href="04d32cdc69"><code>04d32cd</code></a>
Fix another issue with Node.js 10 on CI</li>
<li><a
href="df86cdfff0"><code>df86cdf</code></a>
Try to fix Node.js 10 on CI</li>
<li><a
href="82bec0dd8e"><code>82bec0d</code></a>
Move to oxfmt</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/postcss/compare/8.5.8...8.5.9">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.3 to
26.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.4</h2>
<ul>
<li>fix(types): inline formatting options like <code>{{price,
currency(EUR)}}</code> are now correctly resolved to their base format
type (e.g. <code>number</code> for <code>currency</code>) instead of
falling back to <code>string</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2378">2378</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.4</h2>
<ul>
<li>fix(types): inline formatting options like <code>{{price,
currency(EUR)}}</code> are now correctly resolved to their base format
type (e.g. <code>number</code> for <code>currency</code>) instead of
falling back to <code>string</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2378">2378</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9e64c7586a"><code>9e64c75</code></a>
26.0.4</li>
<li><a
href="cd1f15f70f"><code>cd1f15f</code></a>
fix(types): inline formatting options <a
href="https://redirect.github.com/i18next/i18next/issues/2378">#2378</a></li>
<li><a
href="660c785f90"><code>660c785</code></a>
ts: test todo hint</li>
<li><a
href="7d2b6383e3"><code>7d2b638</code></a>
ts repro test</li>
<li><a
href="29e07bfead"><code>29e07bf</code></a>
ts repro test</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.3...v26.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.6
to 1.51.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.6...v1.51.7">1.51.7</a>
- 2026-04-07</h2>
<ul>
<li>Fix <code>--sync-all</code> not clearing secondary locale
translations when
<code>mergeNamespaces</code> is enabled. The <code>syncAll</code> flag
was not being passed
through in the merged namespaces code path.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/233">#233</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2a1998d5e2"><code>2a1998d</code></a>
1.51.7</li>
<li><a
href="03cb9013c7"><code>03cb901</code></a>
should fix <a
href="https://redirect.github.com/i18next/i18next-cli/issues/233">#233</a></li>
<li>See full diff in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.6...v1.51.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.5
to 1.51.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.5...v1.51.6">1.51.6</a>
- 2026-04-03</h2>
<ul>
<li>Add <code>getT</code> and <code>useT</code> to the default
<code>useTranslationNames</code> so that
<code>next-i18next</code> v16 App Router hooks are recognized out of the
box.
Keys from <code>useT('ns')</code> and <code>await getT('ns')</code> are
now correctly
extracted into the specified namespace instead of falling back to
<code>defaultNS</code>.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/232">#232</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2828baf61f"><code>2828baf</code></a>
1.51.6</li>
<li><a
href="0d6e5930f6"><code>0d6e593</code></a>
ts dep update</li>
<li><a
href="0f6f5b3148"><code>0f6f5b3</code></a>
Add <code>getT</code> and <code>useT</code> to the default
<code>useTranslationNames</code> so that `next-i18n...</li>
<li><a
href="274164840f"><code>2741648</code></a>
reproduce <a
href="https://redirect.github.com/i18next/i18next-cli/issues/231">#231</a></li>
<li>See full diff in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.5...v1.51.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.40.0
to 6.41.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codemirror/view/blob/main/CHANGELOG.md"><code>@codemirror/view</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>6.41.0 (2026-04-01)</h2>
<h3>Bug fixes</h3>
<p>Fix an issue where <code>EditorView.posAtCoords</code> could
incorrectly return a position near a higher element on the line, in
mixed-font-size lines.</p>
<p>Expand the workaround for the Webkit bug that causes nonexistent
selections to stay visible to be active on non-Safari Webkit
browsers.</p>
<h3>New features</h3>
<p>The new <code>EditorView.cursorScrollMargin</code> facet can now be
used to configure the extra space used when scrolling the cursor into
view.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a0a5ed946c"><code>a0a5ed9</code></a>
Mark version 6.41.0</li>
<li><a
href="c834ebf424"><code>c834ebf</code></a>
Enable the workaround for ghost selections in all forms of Webkit</li>
<li><a
href="49d72c43f6"><code>49d72c4</code></a>
Improve posAtCoords in non-uniform height lines</li>
<li><a
href="4935d2495f"><code>4935d24</code></a>
Make the margin used when scrolling the cursor into view
configurable</li>
<li><a
href="ed7d6253a0"><code>ed7d625</code></a>
Remove duplicated slash in forum url in README</li>
<li><a
href="c3770d3f0a"><code>c3770d3</code></a>
Fix forum link in readme</li>
<li>See full diff in <a
href="https://github.com/codemirror/view/compare/6.40.0...6.41.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [slugify](https://github.com/simov/slugify) from 1.6.8 to 1.6.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/simov/slugify/blob/master/CHANGELOG.md">slugify's
changelog</a>.</em></p>
<blockquote>
<h3>v1.6.9 (2026-04-01)</h3>
<ul>
<li><a
href="https://redirect.github.com/simov/slugify/pull/171">#171</a> fix:
correct CommonJS export for "module": "node16" + ESM
(171) (<a
href="https://github.com/karlhorky"><code>@karlhorky</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/simov/slugify/commits">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~joshuakgoldberg">joshuakgoldberg</a>, a new
releaser for slugify since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]