Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.38.6
to 6.38.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codemirror/view/blob/main/CHANGELOG.md"><code>@codemirror/view</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>6.38.7 (2025-11-14)</h2>
<h3>Bug fixes</h3>
<p>Make detection of transformed tooltip parent elements (forcing
absolute positioning) more robust on current browsers.</p>
<p>Avoid an issue where on Chrome and Safari, typing over a cross-line
selection can replace widgets on the line after the selection with their
plain text content.</p>
<p>Fix a bug that broke insertion of composed input at multiple cursors
when the IME keeps the selection at the start of the composed text.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07b660ccd8"><code>07b660c</code></a>
Mark version 6.38.7</li>
<li><a
href="4672fa1959"><code>4672fa1</code></a>
Fix application of composition to multiple cursors</li>
<li><a
href="6727e32d2b"><code>6727e32</code></a>
Fix broken sentence in doc comment</li>
<li><a
href="076450d0be"><code>076450d</code></a>
Override cross-line replacements when the line after has a widget</li>
<li><a
href="3b0c3b9aff"><code>3b0c3b9</code></a>
Fix doc comment markup for outerDecorations</li>
<li><a
href="2f398e6ece"><code>2f398e6</code></a>
Simplify transformed-fixed-tooltip detection</li>
<li>See full diff in <a
href="https://github.com/codemirror/view/compare/6.38.6...6.38.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom)
from 19.2.2 to 19.2.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
See maplibre/maputnik#910
As per the issue, test the hostname of the for a localhost URL, by
1. Domain - localhost
2. IPv4 localhost subnet - 127.0.0.1/8
3. IPv6 localhost - [::1]
## Launch Checklist
<!-- Thanks for the PR! Feel free to add or remove items from the
checklist. -->
- [x] Briefly describe the changes in this PR.
- [x] Link to related issues.
- [x] Include before/after visuals or gifs if this PR includes visual
changes.
- [x] Write tests for all new functionality.
- [x] Add an entry to `CHANGELOG.md` under the `## main` section.
---------
Co-authored-by: zstadler <zeev.stadler@gmail.com>
Co-authored-by: Harel M <harel.mazor@gmail.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
## Launch Checklist
- Fixes#1492
This adds the relevant selection and scroll intoview parameters that
were previously missing as part of the migration to code mirror 6.
It fixes the replace part as described in the bug.
- [x] Briefly describe the changes in this PR.
- [x] Link to related issues.
While I think tests are needed here, I'm not sure there's an easy way to
actually test this because testing the code mirror editor is hard, and
even harder when there's key pressing (ctrl +F on windows and meta + F
on mac) involved...
Bumps [eslint](https://github.com/eslint/eslint) from 9.39.0 to 9.39.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eslint/eslint/releases">eslint's
releases</a>.</em></p>
<blockquote>
<h2>v9.39.1</h2>
<h2>Bug Fixes</h2>
<ul>
<li><a
href="650753ee39"><code>650753e</code></a>
fix: Only pass node to JS lang visitor methods (<a
href="https://redirect.github.com/eslint/eslint/issues/20283">#20283</a>)
(Nicholas C. Zakas)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li><a
href="51b51f4f1c"><code>51b51f4</code></a>
docs: add a section on when to use extends vs cascading (<a
href="https://redirect.github.com/eslint/eslint/issues/20268">#20268</a>)
(Tanuj Kanti)</li>
<li><a
href="b44d42699d"><code>b44d426</code></a>
docs: Update README (GitHub Actions Bot)</li>
</ul>
<h2>Chores</h2>
<ul>
<li><a
href="92db329211"><code>92db329</code></a>
chore: update <code>@eslint/js</code> version to 9.39.1 (<a
href="https://redirect.github.com/eslint/eslint/issues/20284">#20284</a>)
(Francesco Trotta)</li>
<li><a
href="c7ebefc9ea"><code>c7ebefc</code></a>
chore: package.json update for <code>@eslint/js</code> release
(Jenkins)</li>
<li><a
href="61778f6ca3"><code>61778f6</code></a>
chore: update eslint-config-eslint dependency <code>@eslint/js</code>
to ^9.39.0 (<a
href="https://redirect.github.com/eslint/eslint/issues/20275">#20275</a>)
(renovate[bot])</li>
<li><a
href="d9ca2fcd9a"><code>d9ca2fc</code></a>
ci: Add rangeStrategy to eslint group in renovate config (<a
href="https://redirect.github.com/eslint/eslint/issues/20266">#20266</a>)
(唯然)</li>
<li><a
href="009e5076ff"><code>009e507</code></a>
test: fix version tests for ESLint v10 (<a
href="https://redirect.github.com/eslint/eslint/issues/20274">#20274</a>)
(Milos Djermanovic)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e2772811a8"><code>e277281</code></a>
9.39.1</li>
<li><a
href="4cdf397b30"><code>4cdf397</code></a>
Build: changelog update for 9.39.1</li>
<li><a
href="92db329211"><code>92db329</code></a>
chore: update <code>@eslint/js</code> version to 9.39.1 (<a
href="https://redirect.github.com/eslint/eslint/issues/20284">#20284</a>)</li>
<li><a
href="c7ebefc9ea"><code>c7ebefc</code></a>
chore: package.json update for <code>@eslint/js</code> release</li>
<li><a
href="650753ee39"><code>650753e</code></a>
fix: Only pass node to JS lang visitor methods (<a
href="https://redirect.github.com/eslint/eslint/issues/20283">#20283</a>)</li>
<li><a
href="51b51f4f1c"><code>51b51f4</code></a>
docs: add a section on when to use extends vs cascading (<a
href="https://redirect.github.com/eslint/eslint/issues/20268">#20268</a>)</li>
<li><a
href="61778f6ca3"><code>61778f6</code></a>
chore: update eslint-config-eslint dependency <code>@eslint/js</code>
to ^9.39.0 (<a
href="https://redirect.github.com/eslint/eslint/issues/20275">#20275</a>)</li>
<li><a
href="d9ca2fcd9a"><code>d9ca2fc</code></a>
ci: Add rangeStrategy to eslint group in renovate config (<a
href="https://redirect.github.com/eslint/eslint/issues/20266">#20266</a>)</li>
<li><a
href="009e5076ff"><code>009e507</code></a>
test: fix version tests for ESLint v10 (<a
href="https://redirect.github.com/eslint/eslint/issues/20274">#20274</a>)</li>
<li><a
href="b44d42699d"><code>b44d426</code></a>
docs: Update README</li>
<li>See full diff in <a
href="https://github.com/eslint/eslint/compare/v9.39.0...v9.39.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [min-document](https://github.com/Raynos/min-document) from 2.19.0
to 2.19.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4490b40cbb"><code>4490b40</code></a>
2.19.1</li>
<li><a
href="2cd5871537"><code>2cd5871</code></a>
update ignore</li>
<li><a
href="fe32e8da46"><code>fe32e8d</code></a>
Merge pull request <a
href="https://redirect.github.com/Raynos/min-document/issues/55">#55</a>
from jameswassink/fix/prototype-pollution-removeAttrib...</li>
<li><a
href="6c5f31aa57"><code>6c5f31a</code></a>
Better prototype pollution fix</li>
<li><a
href="0d4e8192ef"><code>0d4e819</code></a>
Fix prototype pollution in removeAttributeNS</li>
<li><a
href="bf7b69130a"><code>bf7b691</code></a>
Update package.json</li>
<li><a
href="1b5402dcd5"><code>1b5402d</code></a>
Merge pull request <a
href="https://redirect.github.com/Raynos/min-document/issues/49">#49</a>
from PixnBits/patch-1</li>
<li><a
href="1db88fb7bd"><code>1db88fb</code></a>
Update license metadata</li>
<li>See full diff in <a
href="https://github.com/Raynos/min-document/compare/v2.19.0...v2.19.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/maplibre/maputnik/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/lint](https://github.com/codemirror/lint) from 6.9.1
to 6.9.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codemirror/lint/blob/main/CHANGELOG.md"><code>@codemirror/lint</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>6.9.2 (2025-11-03)</h2>
<h3>Bug fixes</h3>
<p>Fix an infinite loop that would occur when a diagnostic pointed
beyond the end of the document.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a9991d6394"><code>a9991d6</code></a>
Mark version 6.9.2</li>
<li><a
href="ae65ecc6b8"><code>ae65ecc</code></a>
Avoid infinite loop when a diagnostic points after the end of the
document</li>
<li>See full diff in <a
href="https://github.com/codemirror/lint/compare/6.9.1...6.9.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js)
from 9.39.0 to 9.39.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eslint/eslint/releases"><code>@eslint/js</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v9.39.1</h2>
<h2>Bug Fixes</h2>
<ul>
<li><a
href="650753ee39"><code>650753e</code></a>
fix: Only pass node to JS lang visitor methods (<a
href="https://github.com/eslint/eslint/tree/HEAD/packages/js/issues/20283">#20283</a>)
(Nicholas C. Zakas)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li><a
href="51b51f4f1c"><code>51b51f4</code></a>
docs: add a section on when to use extends vs cascading (<a
href="https://github.com/eslint/eslint/tree/HEAD/packages/js/issues/20268">#20268</a>)
(Tanuj Kanti)</li>
<li><a
href="b44d42699d"><code>b44d426</code></a>
docs: Update README (GitHub Actions Bot)</li>
</ul>
<h2>Chores</h2>
<ul>
<li><a
href="92db329211"><code>92db329</code></a>
chore: update <code>@eslint/js</code> version to 9.39.1 (<a
href="https://github.com/eslint/eslint/tree/HEAD/packages/js/issues/20284">#20284</a>)
(Francesco Trotta)</li>
<li><a
href="c7ebefc9ea"><code>c7ebefc</code></a>
chore: package.json update for <code>@eslint/js</code> release
(Jenkins)</li>
<li><a
href="61778f6ca3"><code>61778f6</code></a>
chore: update eslint-config-eslint dependency <code>@eslint/js</code>
to ^9.39.0 (<a
href="https://github.com/eslint/eslint/tree/HEAD/packages/js/issues/20275">#20275</a>)
(renovate[bot])</li>
<li><a
href="d9ca2fcd9a"><code>d9ca2fc</code></a>
ci: Add rangeStrategy to eslint group in renovate config (<a
href="https://github.com/eslint/eslint/tree/HEAD/packages/js/issues/20266">#20266</a>)
(唯然)</li>
<li><a
href="009e5076ff"><code>009e507</code></a>
test: fix version tests for ESLint v10 (<a
href="https://github.com/eslint/eslint/tree/HEAD/packages/js/issues/20274">#20274</a>)
(Milos Djermanovic)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c7ebefc9ea"><code>c7ebefc</code></a>
chore: package.json update for <code>@eslint/js</code> release</li>
<li>See full diff in <a
href="https://github.com/eslint/eslint/commits/v9.39.1/packages/js">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
16.2.3 to 16.2.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h3>16.2.4</h3>
<ul>
<li>try to fix "Trans component do not render anymore children as
default value in test environment" <a
href="https://redirect.github.com/i18next/react-i18next/issues/1883">1883</a>
by also respecting <a
href="https://redirect.github.com/i18next/react-i18next/issues/1876">1876</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ef82835198"><code>ef82835</code></a>
16.2.4</li>
<li><a
href="72e1a0011b"><code>72e1a00</code></a>
try to fix "Trans component do not render anymore children as
default value i...</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v16.2.3...v16.2.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Launch Checklist
This fixes the position of the autocomplete list - CSS fix mostly.
It also changes the loading of the metadata to be using promises instead
of callbacks.
I couldn't reproduce the following issue, so I'll be closing it for now.
- Fixes#945
Before:
<img width="563" height="577" alt="image"
src="https://github.com/user-attachments/assets/6ea264e1-cb85-4a8a-8df5-ab50e7815333"
/>
After:
<img width="563" height="577" alt="image"
src="https://github.com/user-attachments/assets/27fa2901-dd96-44fd-9774-363fd4c5ed98"
/>
- [x] Briefly describe the changes in this PR.
- [x] Link to related issues.
- [x] Include before/after visuals or gifs if this PR includes visual
changes.
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
## Launch Checklist
- Fixes#1302
When a sprite object is used, the current settings modal does not
present it well and does not allow editing.
This changes the input from a string to json.
It does make the editing a bit more cumbersome as you need to type `"`
now instead of just placing the address, but if you click the info
button you should be able to understand that this is a special field.
The fact that it looks like a code editor should also help guide users
to place different input there.
Before:
<img width="710" height="297" alt="image"
src="https://github.com/user-attachments/assets/a615dddd-6c06-45fb-b5a9-1820e6a5c077"
/>
After:
<img width="710" height="297" alt="image"
src="https://github.com/user-attachments/assets/fdb89ada-91ca-4bf4-8380-ce3c25373b41"
/>
- [x] Briefly describe the changes in this PR.
- [x] Link to related issues.
- [x] Include before/after visuals or gifs if this PR includes visual
changes.
- [x] Write tests for all new functionality.
- [ ] Add an entry to `CHANGELOG.md` under the `## main` section.
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.31.0 to 4.31.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.31.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.2 - 30 Oct 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.2/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.1</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.1 - 30 Oct 2025</h2>
<ul>
<li>The <code>add-snippets</code> input has been removed from the
<code>analyze</code> action. This input has been deprecated since CodeQL
Action 3.26.4 in August 2024 when this removal was announced.</li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.1/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.31.2 - 30 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.1 - 30 Oct 2025</h2>
<ul>
<li>The <code>add-snippets</code> input has been removed from the
<code>analyze</code> action. This input has been deprecated since CodeQL
Action 3.26.4 in August 2024 when this removal was announced.</li>
</ul>
<h2>4.31.0 - 24 Oct 2025</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li>
<li>When SARIF files are uploaded by the <code>analyze</code> or
<code>upload-sarif</code> actions, the CodeQL Action automatically
performs post-processing steps to prepare the data for the upload.
Previously, these post-processing steps were only performed before an
upload took place. We are now changing this so that the post-processing
steps will always be performed, even when the SARIF files are not
uploaded. This does not change anything for the
<code>upload-sarif</code> action. For <code>analyze</code>, this may
affect Advanced Setup for CodeQL users who specify a value other than
<code>always</code> for the <code>upload</code> input. <a
href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li>
</ul>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0499de31b9"><code>0499de3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3261">#3261</a>
from github/henrymercer/setup-python</li>
<li><a
href="3b96745d2b"><code>3b96745</code></a>
Set up Python in mergeback workflow</li>
<li><a
href="8a06050a8c"><code>8a06050</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3259">#3259</a>
from github/update-v4.31.2-9576b5cbe</li>
<li><a
href="752a642cb2"><code>752a642</code></a>
Update changelog for v4.31.2</li>
<li><a
href="9576b5cbe8"><code>9576b5c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3258">#3258</a>
from github/mbg/enablement-errors/case-insensitive</li>
<li><a
href="cc8843728c"><code>cc88437</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3257">#3257</a>
from github/henrymercer/ubuntu-slim</li>
<li><a
href="f0e9bf07f4"><code>f0e9bf0</code></a>
Make <code>isEnablementError</code> case-insensitive</li>
<li><a
href="2a3599c520"><code>2a3599c</code></a>
Run lightweight workflows on <code>ubuntu-slim</code></li>
<li><a
href="514ff4d116"><code>514ff4d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3256">#3256</a>
from github/henrymercer/resolve-bad-merge</li>
<li><a
href="aab1c2f931"><code>aab1c2f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3253">#3253</a>
from github/mergeback/v4.31.1-to-main-5fe9434c</li>
<li>Additional commits viewable in <a
href="4e94bd11f7...0499de31b9">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/codemirror](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/codemirror)
from 5.60.16 to 5.60.17.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/codemirror">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@shellygo/cypress-test-utils](https://github.com/shellyDCMS/cypress-test-utils)
from 6.0.1 to 6.0.4.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/shellyDCMS/cypress-test-utils/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@cypress/code-coverage](https://github.com/cypress-io/code-coverage)
from 3.14.6 to 3.14.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cypress-io/code-coverage/releases"><code>@cypress/code-coverage</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v3.14.7</h2>
<h2><a
href="https://github.com/cypress-io/code-coverage/compare/v3.14.6...v3.14.7">3.14.7</a>
(2025-10-08)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> switch to tinyglobby (<a
href="https://redirect.github.com/cypress-io/code-coverage/issues/960">#960</a>)
(<a
href="41d9b3db0e">41d9b3d</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41d9b3db0e"><code>41d9b3d</code></a>
fix(deps): switch to tinyglobby (<a
href="https://redirect.github.com/cypress-io/code-coverage/issues/960">#960</a>)</li>
<li>See full diff in <a
href="https://github.com/cypress-io/code-coverage/compare/v3.14.6...v3.14.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.30.9 to 4.31.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.31.0</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.0 - 24 Oct 2025</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li>
<li>When SARIF files are uploaded by the <code>analyze</code> or
<code>upload-sarif</code> actions, the CodeQL Action automatically
performs post-processing steps to prepare the data for the upload.
Previously, these post-processing steps were only performed before an
upload took place. We are now changing this so that the post-processing
steps will always be performed, even when the SARIF files are not
uploaded. This does not change anything for the
<code>upload-sarif</code> action. For <code>analyze</code>, this may
affect Advanced Setup for CodeQL users who specify a value other than
<code>always</code> for the <code>upload</code> input. <a
href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.0/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.31.0 - 24 Oct 2025</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li>
<li>When SARIF files are uploaded by the <code>analyze</code> or
<code>upload-sarif</code> actions, the CodeQL Action automatically
performs post-processing steps to prepare the data for the upload.
Previously, these post-processing steps were only performed before an
upload took place. We are now changing this so that the post-processing
steps will always be performed, even when the SARIF files are not
uploaded. This does not change anything for the
<code>upload-sarif</code> action. For <code>analyze</code>, this may
affect Advanced Setup for CodeQL users who specify a value other than
<code>always</code> for the <code>upload</code> input. <a
href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li>
</ul>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e94bd11f7"><code>4e94bd1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3235">#3235</a>
from github/update-v4.31.0-1d36546c1</li>
<li><a
href="8f11182164"><code>8f11182</code></a>
Update changelog for v4.31.0</li>
<li><a
href="1d36546c14"><code>1d36546</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3234">#3234</a>
from github/mbg/changelog/post-processing</li>
<li><a
href="08ada26e6a"><code>08ada26</code></a>
Add changelog entry for post-processing change</li>
<li><a
href="b843cbeed0"><code>b843cbe</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3233">#3233</a>
from github/mbg/getOptionalEnvVar</li>
<li><a
href="1ecd563919"><code>1ecd563</code></a>
Use <code>getOptionalEnvVar</code> in
<code>writePostProcessedFiles</code></li>
<li><a
href="e576807920"><code>e576807</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3223">#3223</a>
from github/henrymercer/bump-minimum</li>
<li><a
href="ad35676669"><code>ad35676</code></a>
Add <code>getOptionalEnvVar</code> function</li>
<li><a
href="d75645b13f"><code>d75645b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3222">#3222</a>
from github/mbg/upload-lib/post-process</li>
<li><a
href="710606cc35"><code>710606c</code></a>
Check that <code>outputPath</code> is non-empty</li>
<li>Additional commits viewable in <a
href="16140ae1a1...4e94bd11f7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/lint](https://github.com/codemirror/lint) from 6.9.0
to 6.9.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codemirror/lint/blob/main/CHANGELOG.md"><code>@codemirror/lint</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>6.9.1 (2025-10-23)</h2>
<h3>Bug fixes</h3>
<p>Properly display diagnostics that just cover multiple newlines as
widgets.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="818aedfef7"><code>818aedf</code></a>
Mark version 6.9.1</li>
<li><a
href="66732d258c"><code>66732d2</code></a>
Improve logic for when to show a decoration as a widget</li>
<li>See full diff in <a
href="https://github.com/codemirror/lint/compare/6.9.0...6.9.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
16.0.0 to 16.2.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h3>16.2.0</h3>
<ul>
<li>try to address: useTranslation hook violates React's rules of hooks
by conditionally calling inner hooks <a
href="https://redirect.github.com/i18next/react-i18next/issues/1863">1863</a></li>
</ul>
<h3>16.1.6</h3>
<ul>
<li>fix: fix: handle spread props for inner components in Trans (icu) <a
href="https://redirect.github.com/i18next/react-i18next/pull/1877">1877</a></li>
</ul>
<h3>16.1.5</h3>
<ul>
<li>fix: Incosistent behaviour of Trans and t. Trans set defaultValue
when t call doesn't set the field. <a
href="https://redirect.github.com/i18next/react-i18next/issues/1876">1876</a></li>
<li>Trans: use also defaultValue via tOptions as fallback</li>
</ul>
<h3>16.1.4</h3>
<ul>
<li>fix: detect pre-transformation use of interpolation like
number/date/etc. <a
href="https://redirect.github.com/i18next/react-i18next/pull/1875">1875</a></li>
</ul>
<h3>16.1.3</h3>
<ul>
<li>fix: ensure invalid identifiers are quoted in the props object <a
href="https://redirect.github.com/i18next/react-i18next/pull/1874">1874</a></li>
</ul>
<h3>16.1.2</h3>
<ul>
<li>missing.js extensions for Icu imports</li>
</ul>
<h3>16.1.1</h3>
<ul>
<li>exports for <code>IcuTrans</code> component <a
href="https://redirect.github.com/i18next/react-i18next/pull/1873">1873</a></li>
</ul>
<h3>16.1.0</h3>
<ul>
<li>Introduce <code>IcuTrans</code> component <a
href="https://redirect.github.com/i18next/react-i18next/issues/1869">1869</a></li>
</ul>
<h3>16.0.1</h3>
<ul>
<li>fix: Using <!-- raw HTML omitted --> component with named tags
throws error when Selector API is enabled <a
href="https://redirect.github.com/i18next/react-i18next/issues/1867">1867</a>
with <a
href="https://redirect.github.com/i18next/react-i18next/pull/1868">1868</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aa66a897a3"><code>aa66a89</code></a>
16.2.0</li>
<li><a
href="a080c76bb5"><code>a080c76</code></a>
address <a
href="https://redirect.github.com/i18next/react-i18next/issues/1863">#1863</a>
with Option 2</li>
<li><a
href="0c33e69f98"><code>0c33e69</code></a>
Merge branch 'try-fix-react-violation-2'</li>
<li><a
href="3bf5c853a4"><code>3bf5c85</code></a>
use use-sync-external-store shim for useSyncExternalStore</li>
<li><a
href="4dab58cfb8"><code>4dab58c</code></a>
16.1.6</li>
<li><a
href="d692624d2b"><code>d692624</code></a>
release</li>
<li><a
href="94278a712b"><code>94278a7</code></a>
fix: handle spread props for inner components in Trans (<a
href="https://redirect.github.com/i18next/react-i18next/issues/1869">#1869</a>)
(<a
href="https://redirect.github.com/i18next/react-i18next/issues/1877">#1877</a>)</li>
<li><a
href="a5287b5be6"><code>a5287b5</code></a>
16.1.5</li>
<li><a
href="f22d478718"><code>f22d478</code></a>
try to address <a
href="https://redirect.github.com/i18next/react-i18next/issues/1876">#1876</a>
and use also defaultValue via tOptions as fallback</li>
<li><a
href="619fa599d6"><code>619fa59</code></a>
16.1.4</li>
<li>Additional commits viewable in <a
href="https://github.com/i18next/react-i18next/compare/v16.0.0...v16.2.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)
from 8.46.1 to 8.46.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's
releases</a>.</em></p>
<blockquote>
<h2>v8.46.2</h2>
<h2>8.46.2 (2025-10-20)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>eslint-plugin:</strong> [prefer-optional-chain] skip
optional chaining when it could change the result (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11702">#11702</a>)</li>
<li><strong>typescript-estree:</strong> forbid invalid modifiers in
object methods (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11689">#11689</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>fisker Cheung <a
href="https://github.com/fisker"><code>@fisker</code></a></li>
<li>mdm317</li>
</ul>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's
changelog</a>.</em></p>
<blockquote>
<h2>8.46.2 (2025-10-20)</h2>
<p>This was a version bump only for typescript-eslint to align it with
other projects, there were no code changes.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="55ca033ee8"><code>55ca033</code></a>
chore(release): publish 8.46.2</li>
<li>See full diff in <a
href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.2/packages/typescript-eslint">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.30.8 to 4.30.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.30.9</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="16140ae1a1"><code>16140ae</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3213">#3213</a>
from github/update-v4.30.9-70205d3d1</li>
<li><a
href="30db5fee08"><code>30db5fe</code></a>
Update changelog for v4.30.9</li>
<li><a
href="70205d3d12"><code>70205d3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3211">#3211</a>
from github/mbg/init/starting-partial-config</li>
<li><a
href="697c209bfc"><code>697c209</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/init/starting-partial-config</li>
<li><a
href="1bd53ba38c"><code>1bd53ba</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3205">#3205</a>
from github/update-bundle/codeql-bundle-v2.23.3</li>
<li><a
href="cac4df0c79"><code>cac4df0</code></a>
Rebuild</li>
<li><a
href="77e5c0d0a2"><code>77e5c0d</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.3</li>
<li><a
href="97a4f751be"><code>97a4f75</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3204">#3204</a>
from github/mbg/setup-codeql</li>
<li><a
href="2d5512b361"><code>2d5512b</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/init/starting-partial-config</li>
<li><a
href="fa7bdf0559"><code>fa7bdf0</code></a>
Call <code>getAnalysisKinds</code> a second time, and ignore exceptions
thrown during th...</li>
<li>Additional commits viewable in <a
href="f443b600d9...16140ae1a1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks)
from 6.1.1 to 7.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md">eslint-plugin-react-hooks's
changelog</a>.</em></p>
<blockquote>
<h2>7.0.0</h2>
<p>This release slims down presets to just 2 configurations
(<code>recommended</code> and <code>recommended-latest</code>), and all
compiler rules are enabled by default.</p>
<ul>
<li><strong>Breaking:</strong> Removed
<code>recommended-latest-legacy</code> and <code>flat/recommended</code>
configs. The plugin now provides <code>recommended</code> (legacy and
flat configs with all recommended rules), and
<code>recommended-latest</code> (legacy and flat configs with all
recommended rules plus new bleeding edge experimental compiler rules).
(<a href="https://github.com/poteto"><code>@poteto</code></a> in <a
href="https://redirect.github.com/facebook/react/pull/34757">#34757</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/HEAD/packages/eslint-plugin-react-hooks">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom)
from 19.2.0 to 19.2.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.38.4
to 6.38.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codemirror/view/blob/main/CHANGELOG.md"><code>@codemirror/view</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>6.38.6 (2025-10-13)</h2>
<h3>Bug fixes</h3>
<p>Work around a regression in Safari 26 that causes fragments of old
selections to remain visible.</p>
<h2>6.38.5 (2025-10-07)</h2>
<h3>Bug fixes</h3>
<p>Avoid firing text changes that cover unchanged text on Android.</p>
<p>Fix an issue where the editor could, in some circumstances, insert a
stray newline when typing over a document that ended in a block
widget.</p>
<p>Work around an issue in Safari 26 that causes inappropriate scrolling
on focus in some circumstances.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="05e9b6633b"><code>05e9b66</code></a>
Mark version 6.38.6</li>
<li><a
href="10020cdac9"><code>10020cd</code></a>
Also enable selection drawing glitch workaround on desktop Safari</li>
<li><a
href="3c11a40a66"><code>3c11a40</code></a>
Mark version 6.38.5</li>
<li><a
href="b4a5a0261f"><code>b4a5a02</code></a>
Work around broken focus/preventScroll support in Safari 26</li>
<li><a
href="45268f0eb6"><code>45268f0</code></a>
Fix an edge case in DOMReader when there's a widget at the end of the
content</li>
<li><a
href="90d7ec68fd"><code>90d7ec6</code></a>
Shrink EditContext changes down to the minimum text change</li>
<li><a
href="b7bf9d592b"><code>b7bf9d5</code></a>
Handle synthetic events even during composition</li>
<li><a
href="eb004313af"><code>eb00431</code></a>
Fix indentation in applyDOMChangeInner</li>
<li>See full diff in <a
href="https://github.com/codemirror/view/compare/6.38.4...6.38.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]
John Bayly
Harel M
Jere Suikkila
Frank Elsinga