Commit Graph

2745 Commits

Author SHA1 Message Date
HarelM 60ed80651c Improve abstraction 2026-07-09 15:05:18 +03:00
HarelM c642ec5325 Remove comments 2026-07-09 15:05:18 +03:00
pre-commit-ci[bot] 0c98378243 [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
2026-07-09 11:44:08 +00:00
HarelM 95ba3c4428 Remove cypress related comments. 2026-07-09 14:43:58 +03:00
HarelM b112c6a2bf Split dirver and helper 2026-07-09 14:40:06 +03:00
HarelM a251faf8f7 improve abstraction 2026-07-09 14:27:33 +03:00
HarelM 8580499ec3 Fix incorrect quotes 2026-07-09 14:19:47 +03:00
HarelM 56a9840def Remove unused page 2026-07-09 14:19:23 +03:00
HarelM 3d1919738b Improve test readability 2026-07-09 14:16:12 +03:00
HarelM cc317c20a1 Move fill local storage to driver 2026-07-09 14:11:49 +03:00
HarelM a9c3da0f40 Remove hack from modal driver 2026-07-09 13:59:55 +03:00
HarelM dc5d6dd77d Remove unneeded comments. 2026-07-09 13:50:16 +03:00
HarelM 95d87ad7ef Remove export for a method that isn't used outside the file. 2026-07-09 13:41:51 +03:00
HarelM 09efbb5cd6 Fix utils path 2026-07-09 13:40:45 +03:00
HarelM 4f046cb83e Fix build 2026-07-09 13:38:54 +03:00
HarelM fb00dea285 Move playwrite stuff to utils folder 2026-07-09 13:33:29 +03:00
HarelM c00395ee11 Remove coverage file and have everything inside the fixtures.ts file. 2026-07-09 13:29:42 +03:00
pre-commit-ci[bot] 5092a924aa [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
2026-07-09 10:27:14 +00:00
HarelM 7d80dccb81 Remote test related entries. 2026-07-09 13:26:24 +03:00
HarelM a93fe4d78b Fix test for regexp 2026-07-09 12:35:29 +03:00
Harel M 603a30cba8 Potential fix for pull request finding 'CodeQL / Incomplete regular expression for hostnames'
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-07-09 12:19:45 +03:00
HarelM 6f55fda7d4 Remove docker coverage upload. 2026-07-09 11:47:40 +03:00
HarelM 8f0ee898ff Merge branch 'main' into replace-cypress-with-playwright 2026-07-09 11:43:28 +03:00
Harel M be9456d11b Relocate e2e tests (#1989)
## Launch Checklist

Renames the e2e test and reduces changes as a preparation step from
playwright in the following PR:
- #1988

This is to keep as much history as possible.
<img width="1907" height="933" alt="image"
src="https://github.com/user-attachments/assets/b52075b3-eb3b-45dc-93dc-8c5e9cfd35dd"
/>

 - [x] Briefly describe the changes in this PR.

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-09 11:38:59 +03:00
HarelM 3896c4c187 Merge branch 'relocate-e2e-tests' into replace-cypress-with-playwright 2026-07-08 22:44:19 +03:00
HarelM c0f1a72d80 Fix failing unit tests in CI 2026-07-08 22:43:34 +03:00
HarelM ac9186e7f8 test: instantiate MaputnikDriver once per describe block
Make the driver page-lazy (it resolves the running test's page on demand via
an auto fixture) so it can be created a single time at describe scope and
reused across the block's tests, matching the pre-migration ergonomics:

  const { given, get, when, then } = new MaputnikDriver();

instead of pulling `driver` out of a fixture and destructuring it in every
test. Coverage collection and dialog handling move into the auto fixture.

Also inject a bare invalid token ("zzz") in the json-editor parse-error test:
CodeMirror auto-closes brackets/quotes, so " {" no longer reliably breaks the
JSON.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-08 17:48:44 +03:00
Harel M 8c86607100 Add alias for 'it' as 'test' in layers list spec 2026-07-08 15:35:34 +03:00
HarelM 7c5e5358cb Merge branch 'relocate-e2e-tests' into replace-cypress-with-playwright 2026-07-08 15:17:09 +03:00
HarelM 18b34d3ecd Fix lint 2026-07-08 15:16:28 +03:00
HarelM 08ebca266c Merge branch 'relocate-e2e-tests' into replace-cypress-with-playwright 2026-07-08 15:15:39 +03:00
HarelM 8344a30f5d Move things back to where this will still work. 2026-07-08 15:05:35 +03:00
Harel M 4249e9beb9 Merge branch 'main' into relocate-e2e-tests 2026-07-08 14:32:25 +03:00
HarelM c3dd253737 test: migrate e2e to Playwright and component test to Vitest browser mode
Replace Cypress with Playwright for the end-to-end suite and drop
@shellygo/cypress-test-utils in favour of a hand-written MaputnikDriver
page object that keeps the fluent then(...).shouldX() assertion style
(now async). The InputAutocomplete component test moves to Vitest browser
mode using the Playwright provider.

- e2e/maputnik-driver.ts: driver + MaputnikAssertable over Playwright
- e2e/{fixtures,coverage,global-setup,global-teardown}.ts: test fixture,
  istanbul coverage collection, and nyc report generation
- playwright.config.ts / vitest.config.ts
- Code coverage preserved: dev server is istanbul-instrumented, per-test
  window.__coverage__ is merged via nyc into coverage/coverage-final.json
- CI: Cypress jobs replaced with Playwright; docker e2e runs against the
  container via E2E_NO_WEBSERVER
- Remove Cypress deps, config and support files; update docs and .nycrc

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-08 12:42:32 +03:00
HarelM f7b48139a4 test: adopt Playwright test()/test.describe() naming in e2e specs
Mechanical rename of it() -> test() and describe() -> test.describe() so the
subsequent Playwright migration diff only touches test bodies, not the
suite/case wrappers.
2026-07-08 12:42:13 +03:00
HarelM 8af1cfd5f8 test: relocate Cypress e2e suite to e2e/ ahead of Playwright migration
Pure file moves (no content changes) so git records them as renames and
history/blame is preserved through the migration that follows:
  cypress/e2e/*.cy.ts        -> e2e/*.spec.ts
  cypress/e2e/*-driver.ts    -> e2e/*-driver.ts
  cypress/fixtures/          -> e2e/fixtures/
  cypress.config.ts          -> playwright.config.ts
  InputAutocomplete.cy.tsx   -> InputAutocomplete.browser.test.tsx

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-08 12:24:03 +03:00
dependabot[bot] a87a4d8df8 chore(deps-dev): Bump i18next-cli from 1.53.2 to 1.65.0 (#1979)
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.53.2
to 1.65.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2>1.65.0</h2>
<ul>
<li>fix(extract): respect <code>fallbackNS</code> — keys already
translated in a fallback
namespace are no longer duplicated into the requesting namespace's file
(<a
href="https://redirect.github.com/i18next/i18next-cli/issues/272">#272</a>).
<ul>
<li>Such keys are now attributed to the fallback namespace instead, so
<code>removeUnusedKeys</code> no longer prunes them from the fallback
file (previously
a key like <code>cancel</code> living only in the fallback namespace was
<strong>deleted</strong>
there and re-created in every namespace that used it).</li>
<li>A key that already has a non-empty value in the requesting
namespace's own
file is treated as an intentional per-namespace override and keeps being
extracted there, mirroring the i18next runtime lookup order (requested
namespace first, then the fallback chain). Empty-string placeholders
left
behind by previous extract runs are cleaned up.</li>
<li>Keys not found in any fallback namespace are still added to the
requesting
namespace, like the i18next <code>saveMissing</code> behavior.</li>
</ul>
</li>
<li>feat(extract): <code>fallbackNS</code> now also accepts an array of
namespaces (looked
up in order, like the i18next runtime option) — supported by
<code>extract</code>,
<code>status</code>, and the TypeScript types generator.</li>
</ul>
<h2>1.64.2</h2>
<ul>
<li>fix(status): scope the pass/fail result to the requested locale
(<a
href="https://redirect.github.com/i18next/i18next-cli/issues/271">#271</a>).
<ul>
<li><code>status &lt;locale&gt;</code> now exits based on <strong>that
locale only</strong>, instead of always
evaluating every secondary language. Previously, running e.g.
<code>status en-AU</code> on a fully-translated primary could print
&quot;🎉 All keys
present&quot; and still exit <code>1</code> because an unrelated
secondary (e.g. an empty
<code>de-DE</code>) was incomplete — a summary that contradicted the
exit code.</li>
<li>When the requested locale is the primary, the check still fails only
on
<em>absent</em> keys (empty placeholders are tolerated); for a secondary
it fails
on any untranslated/absent key. The global view (<code>status</code>
with no locale)
is unchanged.</li>
<li>The failure message now names the locale when scoped
(<code>Error: Incomplete translations detected for
&quot;de-DE&quot;.</code>) so the reason is
no longer hidden.</li>
</ul>
</li>
</ul>
<h2>1.64.1</h2>
<ul>
<li>fix(status): align plural reporting with the i18next runtime
(<a
href="https://redirect.github.com/i18next/i18next-cli/issues/270">#270</a>).
<ul>
<li>Plural categories that <code>Intl.PluralRules</code> only selects
for out-of-range
values (e.g. French <code>_many</code>, which fires only for counts ≥
1,000,000) are
now treated as <strong>optional</strong>: a missing or empty variant is
shown as a soft
&quot;optional plural form&quot; note instead of a hard &quot;missing
key&quot; error, so it no
longer fails the check. Categories reachable by typical counts
(including
decimals, e.g. Polish/Russian <code>other</code>) remain required.</li>
<li>With <code>disablePlurals: true</code>, a key used with
<code>count</code> is now considered
satisfied when either its plural variants
(<code>_one</code>/<code>_other</code>) <strong>or</strong> the bare
key exist — mirroring the runtime's <code>key + suffix → key</code>
resolution chain —</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/i18next/i18next-cli/commit/9497126db21489514db6c2d181ccb667af977281"><code>9497126</code></a>
1.65.0</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/cebfb66b646ce72d93f888c8438082698f35af6c"><code>cebfb66</code></a>
fix(extract): respect fallbackNS and stop duplicating keys into
namespace fil...</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/4af3b5b767ba144773419d13d045240ebace36d0"><code>4af3b5b</code></a>
1.64.2</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/59e5c157b8e6263a7686aa83189169eef4947230"><code>59e5c15</code></a>
fix(status): scope pass/fail to the requested locale <a
href="https://redirect.github.com/i18next/i18next-cli/issues/271">#271</a></li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/58e96acf4d779a60dd49555cfbe7125d370918dd"><code>58e96ac</code></a>
1.64.1</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/90fb64de7c9973cc2bb93074489a114b3c214a43"><code>90fb64d</code></a>
fix(status): align plural reporting with the i18next runtime <a
href="https://redirect.github.com/i18next/i18next-cli/issues/270">#270</a></li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/4f32c051a6b330e5480bea9c5f1e06bfc057b016"><code>4f32c05</code></a>
1.64.0</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/9ab66af4796228060d05bda6de5ff7dea92e9c89"><code>9ab66af</code></a>
feat(extract): support trailing wildcards in functions (e.g.
'tProps.*')</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/3f40d0b904b01546fe86ae14d2e6f54b39ccba78"><code>3f40d0b</code></a>
1.63.1</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/eac231da589c9690a3bcc1aaf05f10572ae395cb"><code>eac231d</code></a>
fix(init): pin <code>@​inlang/plugin-i18next</code><a
href="https://github.com/6"><code>@​6</code></a>.2.1 (restores Sherlock
annotations)</li>
<li>Additional commits viewable in <a
href="https://github.com/i18next/i18next-cli/compare/v1.53.2...v1.65.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 20:46:33 +00:00
dependabot[bot] 89d583715f chore(deps): Bump the react group across 1 directory with 7 updates (#1976)
Bumps the react group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) |
`19.2.4` | `19.2.7` |
|
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
| `19.2.14` | `19.2.17` |
|
[react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom)
| `19.2.4` | `19.2.7` |
| [react-i18next](https://github.com/i18next/react-i18next) | `17.0.7` |
`17.0.8` |
| [react-icons](https://github.com/react-icons/react-icons) | `5.6.0` |
`5.7.0` |
|
[@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react)
| `5.1.4` | `6.0.3` |
|
[eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh)
| `0.5.2` | `0.5.3` |


Updates `react` from 19.2.4 to 19.2.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react's
releases</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1st, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6
(<a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>
by <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.6 (May 6th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Type hardening and performance improvements
(<a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/react/react/blob/main/CHANGELOG.md">react's
changelog</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6 (<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>)</li>
</ul>
<h2>19.2.6 (May 6, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Type hardening and performance improvements (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>)</li>
</ul>
<h2>19.2.5 (March 18, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Add more cycle protections (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/react/react/commit/6117d7cca4906492c51fe6a03381e35adfd86e7d"><code>6117d7c</code></a>
Version 19.2.7 (<a
href="https://github.com/facebook/react/tree/HEAD/packages/react/issues/36591">#36591</a>)</li>
<li><a
href="https://github.com/react/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a>
Version 19.2.6</li>
<li><a
href="https://github.com/react/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea"><code>23f4f9f</code></a>
19.2.5</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.7/packages/react">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for react since your current version.</p>
</details>
<br />

Updates `@types/react` from 19.2.14 to 19.2.17
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-dom` from 19.2.4 to 19.2.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react-dom's
releases</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1st, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6
(<a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>
by <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.6 (May 6th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Type hardening and performance improvements
(<a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/react/react/blob/main/CHANGELOG.md">react-dom's
changelog</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6 (<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>)</li>
</ul>
<h2>19.2.6 (May 6, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Type hardening and performance improvements (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>)</li>
</ul>
<h2>19.2.5 (March 18, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Add more cycle protections (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/react/react/commit/6117d7cca4906492c51fe6a03381e35adfd86e7d"><code>6117d7c</code></a>
Version 19.2.7 (<a
href="https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/36591">#36591</a>)</li>
<li><a
href="https://github.com/react/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a>
Version 19.2.6</li>
<li><a
href="https://github.com/react/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea"><code>23f4f9f</code></a>
19.2.5</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.7/packages/react-dom">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for react-dom since your current version.</p>
</details>
<br />

Updates `react-i18next` from 17.0.7 to 17.0.8
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.8</h2>
<ul>
<li>fix(types): <code>&lt;Trans i18nKey={$ =&gt; ...}&gt;</code> now
typechecks under <code>enableSelector: 'strict'</code>. The
<code>Trans</code> component's conditional type was gated on
<code>_EnableSelector extends true | 'optimize'</code>, excluding
<code>'strict'</code> and falling back to the legacy string-key
signature. Runtime was already correct (it calls
<code>keyFromSelector(i18nKey)</code> whenever <code>typeof i18nKey ===
'function'</code>); this is a type-only fix that widens the conditional
to include <code>'strict'</code>. Thanks <a
href="https://github.com/Faithfinder"><code>@​Faithfinder</code></a> (<a
href="https://redirect.github.com/i18next/react-i18next/pull/1921">#1921</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/i18next/react-i18next/commit/a46ad23ad07f1a3440d03cce80d0cab7ad23e2f0"><code>a46ad23</code></a>
17.0.8</li>
<li><a
href="https://github.com/i18next/react-i18next/commit/f715031fd7d90542bacd15d50e57235763527271"><code>f715031</code></a>
update i18next dep</li>
<li><a
href="https://github.com/i18next/react-i18next/commit/a515d5b767366e2b48704d219a3b7e4744e7ce72"><code>a515d5b</code></a>
changelog: 17.0.8 entry for <a
href="https://redirect.github.com/i18next/react-i18next/issues/1921">#1921</a></li>
<li><a
href="https://github.com/i18next/react-i18next/commit/d5ab7c82e93b4cb4b64b298b407745f3dbb235a1"><code>d5ab7c8</code></a>
fix(types): accept selector i18nKey on &lt;Trans&gt; under
enableSelector: 'strict'...</li>
<li><a
href="https://github.com/i18next/react-i18next/commit/b91ba362800ca7af2461306b900731eaad1de19a"><code>b91ba36</code></a>
Add Locize advice section near the top of README</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.7...v17.0.8">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-icons` from 5.6.0 to 5.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/react-icons/react-icons/releases">react-icons's
releases</a>.</em></p>
<blockquote>
<h2>v5.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>update packages by <a
href="https://github.com/kamijin-fanta"><code>@​kamijin-fanta</code></a>
in <a
href="https://redirect.github.com/react-icons/react-icons/pull/1153">react-icons/react-icons#1153</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/react-icons/react-icons/compare/v5.6.0...v5.7.0">https://github.com/react-icons/react-icons/compare/v5.6.0...v5.7.0</a></p>
<table>
<thead>
<tr>
<th>Icon Library</th>
<th>License</th>
<th>Version</th>
<th align="right">Count</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://circumicons.com/">Circum Icons</a></td>
<td><a
href="https://github.com/Klarr-Agency/Circum-Icons/blob/main/LICENSE">MPL-2.0
license</a></td>
<td>1.0.0</td>
<td align="right">288</td>
</tr>
<tr>
<td><a href="https://fontawesome.com/">Font Awesome 5</a></td>
<td><a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0
License</a></td>
<td>5.15.4-3-gafecf2a</td>
<td align="right">1612</td>
</tr>
<tr>
<td><a href="https://fontawesome.com/">Font Awesome 6</a></td>
<td><a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0
License</a></td>
<td>6.7.2-1-g840c215</td>
<td align="right">2060</td>
</tr>
<tr>
<td><a href="https://ionicons.com/">Ionicons 4</a></td>
<td><a
href="https://github.com/ionic-team/ionicons/blob/master/LICENSE">MIT</a></td>
<td>4.6.3</td>
<td align="right">696</td>
</tr>
<tr>
<td><a href="https://ionicons.com/">Ionicons 5</a></td>
<td><a
href="https://github.com/ionic-team/ionicons/blob/master/LICENSE">MIT</a></td>
<td>5.5.4</td>
<td align="right">1332</td>
</tr>
<tr>
<td><a href="http://google.github.io/material-design-icons/">Material
Design icons</a></td>
<td><a
href="https://github.com/google/material-design-icons/blob/master/LICENSE">Apache
License Version 2.0</a></td>
<td>4.0.0-161-gf3fb4442b2</td>
<td align="right">4341</td>
</tr>
<tr>
<td><a href="http://s-ings.com/typicons/">Typicons</a></td>
<td><a href="https://creativecommons.org/licenses/by-sa/3.0/">CC BY-SA
3.0</a></td>
<td>2.1.2</td>
<td align="right">336</td>
</tr>
<tr>
<td><a href="https://octicons.github.com/">Github Octicons
icons</a></td>
<td><a
href="https://github.com/primer/octicons/blob/master/LICENSE">MIT</a></td>
<td>18.3.0</td>
<td align="right">264</td>
</tr>
<tr>
<td><a href="https://feathericons.com/">Feather</a></td>
<td><a
href="https://github.com/feathericons/feather/blob/master/LICENSE">MIT</a></td>
<td>4.29.2</td>
<td align="right">287</td>
</tr>
<tr>
<td><a href="https://lucide.dev/">Lucide</a></td>
<td><a
href="https://github.com/lucide-icons/lucide/blob/main/LICENSE">ISC</a></td>
<td>0.462.0</td>
<td align="right">1541</td>
</tr>
<tr>
<td><a href="https://game-icons.net/">Game Icons</a></td>
<td><a href="https://creativecommons.org/licenses/by/3.0/">CC BY
3.0</a></td>
<td>12920d6565588f0512542a3cb0cdfd36a497f910</td>
<td align="right">4040</td>
</tr>
<tr>
<td><a href="https://erikflowers.github.io/weather-icons/">Weather
Icons</a></td>
<td><a href="http://scripts.sil.org/OFL">SIL OFL 1.1</a></td>
<td>2.0.12</td>
<td align="right">219</td>
</tr>
<tr>
<td><a href="https://vorillaz.github.io/devicons/">Devicons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.8.0</td>
<td align="right">192</td>
</tr>
<tr>
<td><a href="https://github.com/ant-design/ant-design-icons">Ant Design
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>4.4.2</td>
<td align="right">831</td>
</tr>
<tr>
<td><a href="https://github.com/twbs/icons">Bootstrap Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.13.1</td>
<td align="right">2754</td>
</tr>
<tr>
<td><a href="https://github.com/Remix-Design/RemixIcon">Remix
Icon</a></td>
<td><a href="http://www.apache.org/licenses/">Apache License Version
2.0</a></td>
<td>4.9.1</td>
<td align="right">3229</td>
</tr>
<tr>
<td><a href="https://github.com/icons8/flat-color-icons">Flat Color
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.0.2</td>
<td align="right">329</td>
</tr>
<tr>
<td><a
href="https://github.com/grommet/grommet-icons">Grommet-Icons</a></td>
<td><a href="http://www.apache.org/licenses/">Apache License Version
2.0</a></td>
<td>4.14.0</td>
<td align="right">637</td>
</tr>
<tr>
<td><a
href="https://github.com/tailwindlabs/heroicons">Heroicons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.0.6</td>
<td align="right">460</td>
</tr>
<tr>
<td><a href="https://github.com/tailwindlabs/heroicons">Heroicons
2</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>2.2.0</td>
<td align="right">972</td>
</tr>
<tr>
<td><a href="https://simpleicons.org/">Simple Icons</a></td>
<td><a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0
Universal</a></td>
<td>16.24.0</td>
<td align="right">3446</td>
</tr>
<tr>
<td><a href="https://thesabbir.github.io/simple-line-icons/">Simple Line
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>2.5.5</td>
<td align="right">189</td>
</tr>
<tr>
<td><a href="https://github.com/Keyamoon/IcoMoon-Free">IcoMoon
Free</a></td>
<td><a
href="https://github.com/Keyamoon/IcoMoon-Free/blob/master/License.txt">CC
BY 4.0 License</a></td>
<td>d006795ede82361e1bac1ee76f215cf1dc51e4ca</td>
<td align="right">491</td>
</tr>
<tr>
<td><a href="https://github.com/atisawd/boxicons">BoxIcons</a></td>
<td><a
href="https://github.com/atisawd/boxicons/blob/master/LICENSE">MIT</a></td>
<td>2.1.4</td>
<td align="right">1634</td>
</tr>
<tr>
<td><a href="https://github.com/astrit/css.gg">css.gg</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>2.1.4</td>
<td align="right">704</td>
</tr>
<tr>
<td><a href="https://github.com/microsoft/vscode-codicons">VS Code
Icons</a></td>
<td><a href="https://creativecommons.org/licenses/by/4.0/">CC BY
4.0</a></td>
<td>0.0.0</td>
<td align="right">612</td>
</tr>
<tr>
<td><a href="https://github.com/tabler/tabler-icons">Tabler
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>3.44.0</td>
<td align="right">6146</td>
</tr>
<tr>
<td><a href="https://github.com/lykmapipo/themify-icons">Themify
Icons</a></td>
<td><a
href="https://github.com/thecreation/standard-icons/blob/master/modules/themify-icons/LICENSE">MIT</a></td>
<td>v0.1.2-2-g9600186</td>
<td align="right">352</td>
</tr>
<tr>
<td><a href="https://icons.radix-ui.com">Radix Icons</a></td>
<td><a
href="https://github.com/radix-ui/icons/blob/master/LICENSE">MIT</a></td>
<td><code>@​radix-ui/react-icons</code><a
href="https://github.com/1"><code>@​1</code></a>.3.2-35-g112af91</td>
<td align="right">332</td>
</tr>
<tr>
<td><a href="https://github.com/phosphor-icons/core">Phosphor
Icons</a></td>
<td><a
href="https://github.com/phosphor-icons/core/blob/main/LICENSE">MIT</a></td>
<td>2.1.1</td>
<td align="right">9072</td>
</tr>
<tr>
<td><a href="https://icons8.com/line-awesome">Icons8 Line
Awesome</a></td>
<td><a
href="https://github.com/icons8/line-awesome/blob/master/LICENSE.md">MIT</a></td>
<td>1.3.1</td>
<td align="right">1544</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/react-icons/react-icons/commit/87470d588c5624bf3e291f17527c3ecd1419c8ae"><code>87470d5</code></a>
v5.7.0</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/e1cb06116df395109208fa4786b5e6ae4cc20187"><code>e1cb061</code></a>
fix ci publish</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/bffaab7c0f90d78b240bd06be1c40953be89a992"><code>bffaab7</code></a>
Revert &quot;v5.7.0&quot;</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/2cde989e0d3637fa39471e3f24df99ffb88cb1d1"><code>2cde989</code></a>
v5.7.0</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/dac95ccf8126f41dc068f17fb09573fd86b6a0e9"><code>dac95cc</code></a>
update npm in ci workflow</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/21fcd0452250a30cde4827b83bff3e086b106369"><code>21fcd04</code></a>
Revert &quot;v5.7.0&quot;</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/3a05518a3b8b1fe147c915aea1ca6db6cd212ae8"><code>3a05518</code></a>
v5.7.0</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/c8b5050f417e08a270fc74393d36a7ea844a1977"><code>c8b5050</code></a>
fix github pages deploy</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/2f78ae43254f217c132078956848f257b72ec6cb"><code>2f78ae4</code></a>
Update CI actions, Pages deploy, and staged npm publishing</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/11f5a06ff937287537590bd165ccbd24e9f800e4"><code>11f5a06</code></a>
update packages (<a
href="https://redirect.github.com/react-icons/react-icons/issues/1153">#1153</a>)</li>
<li>See full diff in <a
href="https://github.com/react-icons/react-icons/compare/v5.6.0...v5.7.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for react-icons since your current version.</p>
</details>
<br />

Updates `@types/react` from 19.2.14 to 19.2.17
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@vitejs/plugin-react` from 5.1.4 to 6.0.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/releases">@​vitejs/plugin-react's
releases</a>.</em></p>
<blockquote>
<h2>plugin-react@6.0.3</h2>
<p>No release notes provided.</p>
<h2>plugin-react@6.0.2</h2>
<h3>Allow all options in reactCompilerPreset (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3>
<p>This is a type only change. Only <code>compilationMode</code> and
<code>target</code> options were available for
<code>reactCompilerPreset</code>.</p>
<h2>plugin-react@6.0.1</h2>
<h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3>
<p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to
include <code>^0.2.0</code>.</p>
<h2>plugin-react@6.0.0</h2>
<h3>Remove Babel Related Features (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3>
<p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need
Babel for it. With that, there are no transform applied that requires
Babel. To reduce the installation size of this plugin, babel is no
longer a dependency of this plugin and the related features are
removed.</p>
<p>If you are using Babel, you can use
<code>@rolldown/plugin-babel</code> together with this plugin:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
<p>export default defineConfig({
plugins: [</p>
<ul>
<li>
<pre><code>react({
</code></pre>
</li>
<li>
<pre><code>  babel: {
</code></pre>
</li>
<li>
<pre><code>    plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>  },
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
</li>
</ul>
<ul>
<li>
<pre><code>react(),
</code></pre>
</li>
<li>
<pre><code>babel({
</code></pre>
</li>
<li>
<pre><code>  plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
]
})
</code></pre></li>
</ul>
<p>For React compiler users, you can use
<code>reactCompilerPreset</code> for easier setup with preconfigured
filter to improve build performance:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
<p>export default defineConfig({
plugins: [
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md">@​vitejs/plugin-react's
changelog</a>.</em></p>
<blockquote>
<h2>6.0.3 (2026-06-23)</h2>
<h2>6.0.2 (2026-05-14)</h2>
<h3>Allow all options in reactCompilerPreset (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3>
<p>This is a type only change. Only <code>compilationMode</code> and
<code>target</code> options were available for
<code>reactCompilerPreset</code>.</p>
<h2>6.0.1 (2026-03-13)</h2>
<h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3>
<p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to
include <code>^0.2.0</code>.</p>
<h2>6.0.0 (2026-03-12)</h2>
<h2>6.0.0-beta.0 (2026-03-03)</h2>
<h3>Remove Babel Related Features (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3>
<p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need
Babel for it. With that, there are no transform applied that requires
Babel. To reduce the installation size of this plugin, babel is no
longer a dependency of this plugin and the related features are
removed.</p>
<p>If you are using Babel, you can use
<code>@rolldown/plugin-babel</code> together with this plugin:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
<p>export default defineConfig({
plugins: [</p>
<ul>
<li>
<pre><code>react({
</code></pre>
</li>
<li>
<pre><code>  babel: {
</code></pre>
</li>
<li>
<pre><code>    plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>  },
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
</li>
</ul>
<ul>
<li>
<pre><code>react(),
</code></pre>
</li>
<li>
<pre><code>babel({
</code></pre>
</li>
<li>
<pre><code>  plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
]
})
</code></pre></li>
</ul>
<p>For React compiler users, you can use
<code>reactCompilerPreset</code> for easier setup with preconfigured
filter to improve build performance:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/640fd358a0e82393acfce4e92e19a6ac6e1641a7"><code>640fd35</code></a>
release: plugin-react@6.0.3</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/889efb02cdc4ec978a5e177a37e0213cfded38a4"><code>889efb0</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1249">#1249</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/6c57dd4c5d71075b48039df2532804e72880da21"><code>6c57dd4</code></a>
fix(plugin-react): use '/' base in bundledDev preamble to fix non-root
base p...</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/3cc33a703636b558a1c1c99e787ddc6bd64aab2d"><code>3cc33a7</code></a>
fix(deps): update react-related dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1245">#1245</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/c0f7c7ff709dc9d88bc1f29f1b27c1b3e2bfcfca"><code>c0f7c7f</code></a>
docs: mention the Biome rule in the &quot;Consistent components
exports&quot; section (...</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/cd80f0f7b2b750f6e8f719f9c3dbe4f22ddd94db"><code>cd80f0f</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1241">#1241</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/e38accafea0c7c84f7fc72fd69d9cec731fa7600"><code>e38acca</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1227">#1227</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/9a9bb26c23b966dceed47ff9ec257faeb0e777d9"><code>9a9bb26</code></a>
perf(react): improve react compiler preset so that slightly more modules
are ...</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/6535b55e956b425e6650ffc2cc98fd23cca1d231"><code>6535b55</code></a>
release: plugin-react@6.0.2</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/bf0e43b756e3be81f8572d59727c218311f431ef"><code>bf0e43b</code></a>
feat(react): whitelist debugging-options (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1189">#1189</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react">compare
view</a></li>
</ul>
</details>
<br />

Updates `eslint-plugin-react-refresh` from 0.5.2 to 0.5.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases">eslint-plugin-react-refresh's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.3</h2>
<ul>
<li>Fix check for non component class exported via <code>export {
}</code> <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/pull/110">#110</a>
(fixes <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/issues/109">#109</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md">eslint-plugin-react-refresh's
changelog</a>.</em></p>
<blockquote>
<h2>0.5.3</h2>
<ul>
<li>Fix check for non component class exported via <code>export {
}</code> <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/pull/110">#110</a>
(fixes <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/issues/109">#109</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/commit/00818e991486da1e4b76f510f5f9113271549944"><code>00818e9</code></a>
v0.5.3 [publish]</li>
<li><a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/commit/202fc4a8bddcfb442a317ad604693d8436c3d3ea"><code>202fc4a</code></a>
Fix PascalCase class exported via <code>export { Name }</code>
incorrectly treated as Re...</li>
<li>See full diff in <a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/compare/v0.5.2...v0.5.3">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarelM <harel.mazor@gmail.com>
2026-07-07 20:38:05 +00:00
Harel M fadf01a51d Remove jsonlint build hack (#1987)
## Launch Checklist

This removes the jsonlint build hack that was used for a long time due
to json lint part of the style spec package that was missing a fix.
This is now no longer needed with the latest style spec package.

 - [x] Briefly describe the changes in this PR.
2026-07-07 20:27:43 +00:00
dependabot[bot] 251fe40fde chore(deps): Bump actions/setup-go from 6.4.0 to 6.5.0 (#1960)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.4.0
to 6.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.5.0</h2>
<h2>What's Changed</h2>
<h3>Dependency update</h3>
<ul>
<li>Upgrade actions dependencies by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/744">actions/setup-go#744</a></li>
<li>Upgrade <code>@​types/node</code> and typescript-eslint dependencies
to resolve npm audit findings by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/755">actions/setup-go#755</a></li>
<li>Upgrade <code>@​actions/cache</code> to 5.1.0, log cache write
denied by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/758">actions/setup-go#758</a></li>
<li>Upgrade version to 6.5.0 in package.json and package-lock.json by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/762">actions/setup-go#762</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/744">actions/setup-go#744</a></li>
<li><a href="https://github.com/jasongin"><code>@​jasongin</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/758">actions/setup-go#758</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.5.0">https://github.com/actions/setup-go/compare/v6...v6.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/924ae3a1cded613372ab5595356fb5720e22ba16"><code>924ae3a</code></a>
chore: bump version to 6.5.0 in package.json and package-lock.json (<a
href="https://redirect.github.com/actions/setup-go/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/e91cc3bfe0c3efd0b2d1dc3a51269c9038deb4f1"><code>e91cc3b</code></a>
Bump <code>@​actions/cache</code> to 5.1.0, log cache write denied (<a
href="https://redirect.github.com/actions/setup-go/issues/758">#758</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/4a2405e6aebff6aabd8e43618539aa35cf90ac92"><code>4a2405e</code></a>
chore: update <code>@​types/node</code> and <a
href="https://github.com/typescript-eslint"><code>@​typescript-eslint</code></a>
dependencies to latest versi...</li>
<li><a
href="https://github.com/actions/setup-go/commit/78961f6f84d799cd858575bb931c3e51d3b13290"><code>78961f6</code></a>
chore: update <a
href="https://github.com/actions"><code>@​actions</code></a>
dependencies and refresh license cache (<a
href="https://redirect.github.com/actions/setup-go/issues/744">#744</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/4a3601121dd01d1626a1e23e37211e3254c1c06c...924ae3a1cded613372ab5595356fb5720e22ba16">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=6.4.0&new-version=6.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 22:54:04 +03:00
dependabot[bot] f175749fb7 chore(deps): Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#1938)
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
6.0.1 to 7.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<p>⚠️ Due to migration issues with keybase, we are unable to update our
keys under the <code>codecovsecurity</code> account. We have deleted the
account and are using <code>codecovsecops</code> with the original gpg
key</p>
<h2>What's Changed</h2>
<ul>
<li>ci: remove Enforce License Compliance workflow by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1950">codecov/codecov-action#1950</a></li>
<li>chore(release): 7.0.0 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1957">codecov/codecov-action#1957</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0">https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0</a></p>
<h2>v6.0.2</h2>
<p>This is a copy of the <code>v7.0.0</code> release to make updates
easier</p>
<h2>What's Changed</h2>
<ul>
<li>ci: remove Enforce License Compliance workflow by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1950">codecov/codecov-action#1950</a></li>
<li>chore(release): 7.0.0 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1957">codecov/codecov-action#1957</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2">https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>v5.5.2</h2>
<h3>What's Changed</h3>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2">https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2</a></p>
<h2>v5.5.1</h2>
<h3>What's Changed</h3>
<ul>
<li>fix: overwrite pr number on fork by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1871">codecov/codecov-action#1871</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1868">codecov/codecov-action#1868</a></li>
<li>build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1867">codecov/codecov-action#1867</a></li>
<li>fix: update to use local app/ dir by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1872">codecov/codecov-action#1872</a></li>
<li>docs: fix typo in README by <a
href="https://github.com/datalater"><code>@​datalater</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1866">codecov/codecov-action#1866</a></li>
<li>Document a <code>codecov-cli</code> version reference example by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1774">codecov/codecov-action#1774</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1861">codecov/codecov-action#1861</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1833">codecov/codecov-action#1833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1">https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1</a></p>
<h2>v5.5.0</h2>
<h3>What's Changed</h3>
<ul>
<li>feat: upgrade wrapper to 0.2.4 by <a
href="https://github.com/jviall"><code>@​jviall</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1864">codecov/codecov-action#1864</a></li>
<li>Pin actions/github-script by Git SHA by <a
href="https://github.com/martincostello"><code>@​martincostello</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1859">codecov/codecov-action#1859</a></li>
<li>fix: check reqs exist by <a
href="https://github.com/joseph-sentry"><code>@​joseph-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1835">codecov/codecov-action#1835</a></li>
<li>fix: Typo in README by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1838">codecov/codecov-action#1838</a></li>
<li>docs: Refine OIDC docs by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1837">codecov/codecov-action#1837</a></li>
<li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1829">codecov/codecov-action#1829</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0">https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0</a></p>
<h2>v5.4.3</h2>
<h3>What's Changed</h3>
<ul>
<li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1822">codecov/codecov-action#1822</a></li>
<li>fix: OIDC on forks by <a
href="https://github.com/joseph-sentry"><code>@​joseph-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1823">codecov/codecov-action#1823</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3">https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3</a></p>
<h2>v5.4.2</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/codecov/codecov-action/commit/fb8b3582c8e4def4969c97caa2f19720cb33a72f"><code>fb8b358</code></a>
chore(release): 7.0.0 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1957">#1957</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/ca0a928a4cb3911011e868128a5cd90437c12db1"><code>ca0a928</code></a>
ci: remove Enforce License Compliance workflow (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1950">#1950</a>)</li>
<li>See full diff in <a
href="https://github.com/codecov/codecov-action/compare/e79a6962e0d4c0c17b229090214935d2e33f8354...fb8b3582c8e4def4969c97caa2f19720cb33a72f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=6.0.1&new-version=7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 22:53:49 +03:00
dependabot[bot] f9219c3c83 chore(deps): Bump github/codeql-action/autobuild from 4.36.2 to 4.36.3 (#1986)
Bumps
[github/codeql-action/autobuild](https://github.com/github/codeql-action)
from 4.36.2 to 4.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/autobuild's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.3</h2>
<p>No user facing changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/autobuild's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a>
from github/update-v4.36.3-1f34ec164</li>
<li><a
href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a>
Trigger checks</li>
<li><a
href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a>
Update changelog for v4.36.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a>
from github/mbg/repo-props/ff-for-config-file-prop</li>
<li><a
href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a>
Log when repository property has a value but is ignored</li>
<li><a
href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a>
Add test for when the FF is off</li>
<li><a
href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a>
Use FF</li>
<li><a
href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a>
Add FF for config file repo property</li>
<li><a
href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a>
from github/henrymercer/overlay-db-cleanup-size-tele...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a>
Add clarifying comments</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action/autobuild&package-manager=github_actions&previous-version=4.36.2&new-version=4.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 13:53:51 +00:00
dependabot[bot] f78b9ccaaa chore(deps): Bump @codemirror/view from 6.43.4 to 6.43.5 (#1985)
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.43.4
to 6.43.5.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/view/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@codemirror/view&package-manager=npm_and_yarn&previous-version=6.43.4&new-version=6.43.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 13:51:35 +00:00
dependabot[bot] bb73a2b1e8 chore(deps): Bump github/codeql-action/analyze from 4.36.2 to 4.36.3 (#1982)
Bumps
[github/codeql-action/analyze](https://github.com/github/codeql-action)
from 4.36.2 to 4.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/analyze's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.3</h2>
<p>No user facing changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/analyze's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a>
from github/update-v4.36.3-1f34ec164</li>
<li><a
href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a>
Trigger checks</li>
<li><a
href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a>
Update changelog for v4.36.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a>
from github/mbg/repo-props/ff-for-config-file-prop</li>
<li><a
href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a>
Log when repository property has a value but is ignored</li>
<li><a
href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a>
Add test for when the FF is off</li>
<li><a
href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a>
Use FF</li>
<li><a
href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a>
Add FF for config file repo property</li>
<li><a
href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a>
from github/henrymercer/overlay-db-cleanup-size-tele...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a>
Add clarifying comments</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action/analyze&package-manager=github_actions&previous-version=4.36.2&new-version=4.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 15:24:39 +03:00
dependabot[bot] a4da75d722 chore(deps): Bump docker/login-action from 4.2.0 to 4.4.0 (#1983)
Bumps [docker/login-action](https://github.com/docker/login-action) from
4.2.0 to 4.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<ul>
<li>Skip empty <code>registry-auth</code> secret mask by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/1035">docker/login-action#1035</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1077.0 <a
href="https://redirect.github.com/docker/login-action/pull/1034">docker/login-action#1034</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.3.0...v4.4.0">https://github.com/docker/login-action/compare/v4.3.0...v4.4.0</a></p>
<h2>v4.3.0</h2>
<ul>
<li>Preserve names in esbuild bundle by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/1022">docker/login-action#1022</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1076.0 <a
href="https://redirect.github.com/docker/login-action/pull/999">docker/login-action#999</a>
<a
href="https://redirect.github.com/docker/login-action/pull/1030">docker/login-action#1030</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.90.0 to 0.92.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/1004">docker/login-action#1004</a>
<a
href="https://redirect.github.com/docker/login-action/pull/1027">docker/login-action#1027</a></li>
<li>Bump <code>@​sigstore/core</code> from 3.1.0 to 3.2.1 in <a
href="https://redirect.github.com/docker/login-action/pull/1023">docker/login-action#1023</a></li>
<li>Bump <code>@​sigstore/verify</code> from 3.1.0 to 3.1.1 in <a
href="https://redirect.github.com/docker/login-action/pull/1029">docker/login-action#1029</a></li>
<li>Bump http-proxy-agent and https-proxy-agent to 9.1.0 in <a
href="https://redirect.github.com/docker/login-action/pull/1017">docker/login-action#1017</a></li>
<li>Bump js-yaml from 4.1.1 to 5.2.0 in <a
href="https://redirect.github.com/docker/login-action/pull/1028">docker/login-action#1028</a></li>
<li>Bump sigstore from 4.1.0 to 4.1.1 in <a
href="https://redirect.github.com/docker/login-action/pull/1031">docker/login-action#1031</a></li>
<li>Bump tmp from 0.2.5 to 0.2.7 in <a
href="https://redirect.github.com/docker/login-action/pull/1002">docker/login-action#1002</a></li>
<li>Bump undici from 6.24.1 to 6.27.0 in <a
href="https://redirect.github.com/docker/login-action/pull/1020">docker/login-action#1020</a></li>
<li>Bump vite from 7.3.3 to 7.3.6 in <a
href="https://redirect.github.com/docker/login-action/pull/1019">docker/login-action#1019</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.2.0...v4.3.0">https://github.com/docker/login-action/compare/v4.2.0...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/af1e73f918a031802d376d3c8bbc3fe56130a9b0"><code>af1e73f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1034">#1034</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependen...</li>
<li><a
href="https://github.com/docker/login-action/commit/da722bde43bacb027adfc67d42dbaa4c0f9e550b"><code>da722bd</code></a>
[dependabot skip] chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/2916ad60bd5cb72f07aa54c69fdcc61749c09b7a"><code>2916ad6</code></a>
build(deps): bump the aws-sdk-dependencies group across 1 directory with
2 up...</li>
<li><a
href="https://github.com/docker/login-action/commit/ca0a662f786e4cfddce972005bd68f3dafc3a903"><code>ca0a662</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1035">#1035</a>
from crazy-max/fix-registry-auth-empty-mask</li>
<li><a
href="https://github.com/docker/login-action/commit/c455755a579833bf0d2e4e54e3beb413ef10cc80"><code>c455755</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/48351901f89581a7c12870c787d3f06d1f498438"><code>4835190</code></a>
skip empty registry-auth secret mask</li>
<li><a
href="https://github.com/docker/login-action/commit/992421c6e6806a7f6df609d1bfff374f9eca3004"><code>992421c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1033">#1033</a>
from docker/dependabot/github_actions/docker/bake-ac...</li>
<li><a
href="https://github.com/docker/login-action/commit/b249b43765525dd7951068267a34cf63f22ab4f0"><code>b249b43</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1032">#1032</a>
from docker/dependabot/github_actions/docker/bake-ac...</li>
<li><a
href="https://github.com/docker/login-action/commit/1b67977736863551a88ff218642a2d7628b10520"><code>1b67977</code></a>
build(deps): bump docker/bake-action from 7.2.0 to 7.3.0</li>
<li><a
href="https://github.com/docker/login-action/commit/9d49d6a3234c78daa10c3c12183ef7b6caa8e69e"><code>9d49d6a</code></a>
build(deps): bump docker/bake-action/subaction/matrix</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/650006c6eb7dba73a995cc03b0b2d7f5ca915bee...af1e73f918a031802d376d3c8bbc3fe56130a9b0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=4.2.0&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-06 13:53:39 +00:00
dependabot[bot] 1b314b11b9 chore(deps): Bump github/codeql-action/init from 4.36.2 to 4.36.3 (#1981)
Bumps
[github/codeql-action/init](https://github.com/github/codeql-action)
from 4.36.2 to 4.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/init's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.3</h2>
<p>No user facing changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/init's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a>
from github/update-v4.36.3-1f34ec164</li>
<li><a
href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a>
Trigger checks</li>
<li><a
href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a>
Update changelog for v4.36.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a>
from github/mbg/repo-props/ff-for-config-file-prop</li>
<li><a
href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a>
Log when repository property has a value but is ignored</li>
<li><a
href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a>
Add test for when the FF is off</li>
<li><a
href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a>
Use FF</li>
<li><a
href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a>
Add FF for config file repo property</li>
<li><a
href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a>
from github/henrymercer/overlay-db-cleanup-size-tele...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a>
Add clarifying comments</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action/init&package-manager=github_actions&previous-version=4.36.2&new-version=4.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-06 13:52:12 +00:00
github-actions[bot] 66377f5dcf Bump version to 3.1.0 (#1978)
Automated changes by
[create-pull-request](https://github.com/peter-evans/create-pull-request)
GitHub action

Co-authored-by: HarelM <3269297+HarelM@users.noreply.github.com>
v3.1.0
2026-07-06 15:28:36 +03:00
dependabot[bot] fc4a7c5ab9 chore(deps-dev): Bump eslint from 10.5.0 to 10.6.0 (#1969)
Bumps [eslint](https://github.com/eslint/eslint) from 10.5.0 to 10.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eslint/eslint/releases">eslint's
releases</a>.</em></p>
<blockquote>
<h2>v10.6.0</h2>
<h2>Features</h2>
<ul>
<li><a
href="https://github.com/eslint/eslint/commit/b1f910628e29a018c860e2352bc14cd07c853d67"><code>b1f9106</code></a>
feat: detect Symbol() and BigInt() in no-constant-binary-expression (<a
href="https://redirect.github.com/eslint/eslint/issues/20981">#20981</a>)
(Taejin Kim)</li>
<li><a
href="https://github.com/eslint/eslint/commit/f291007cb73f55c09cf3c2aa3a405df379a5c594"><code>f291007</code></a>
feat: add checkRelationalComparisons to no-constant-binary-expression
(<a
href="https://redirect.github.com/eslint/eslint/issues/20948">#20948</a>)
(sethamus)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li><a
href="https://github.com/eslint/eslint/commit/6b05784eb271ac98ca3e1e2a48c4b14bb588c786"><code>6b05784</code></a>
fix: prefer-exponentiation-operator invalid autofix at statement start
(<a
href="https://redirect.github.com/eslint/eslint/issues/20997">#20997</a>)
(Milos Djermanovic)</li>
<li><a
href="https://github.com/eslint/eslint/commit/bb9eb2ab28daf6e6dafc62daa6b5daf9c2b7046c"><code>bb9eb2a</code></a>
fix: account for shadowed <code>Boolean</code> in
<code>no-extra-boolean-cast</code> (<a
href="https://redirect.github.com/eslint/eslint/issues/21013">#21013</a>)
(den$)</li>
<li><a
href="https://github.com/eslint/eslint/commit/8fd8741009a3ed7845c89bfe2fb3eaa2119b2d15"><code>8fd8741</code></a>
fix: don't report shadowed undefined in <code>radix</code> rule (<a
href="https://redirect.github.com/eslint/eslint/issues/21011">#21011</a>)
(Pixel)</li>
<li><a
href="https://github.com/eslint/eslint/commit/5784980ce8ba99556db98907895d82ef49cd0a27"><code>5784980</code></a>
fix: don't report shadowed undefined in no-throw-literal (<a
href="https://redirect.github.com/eslint/eslint/issues/21010">#21010</a>)
(Pixel)</li>
<li><a
href="https://github.com/eslint/eslint/commit/9cd1e6de5bad487a9c713bdc9fda5af7ea0babcd"><code>9cd1e6d</code></a>
fix: suppress invalid class suggestion in no-promise-executor-return (<a
href="https://redirect.github.com/eslint/eslint/issues/21008">#21008</a>)
(Pixel)</li>
<li><a
href="https://github.com/eslint/eslint/commit/d4eb2dc95f17cdf491edca91b7d9caf05b86253f"><code>d4eb2dc</code></a>
fix: don't report shadowed undefined in prefer-promise-reject-errors (<a
href="https://redirect.github.com/eslint/eslint/issues/21006">#21006</a>)
(Pixel)</li>
<li><a
href="https://github.com/eslint/eslint/commit/23604646db6d987d01edb8aa5f4d2a88bd4c01d0"><code>2360464</code></a>
fix: prefer-promise-reject-errors false positives for shadowed Promise
(<a
href="https://redirect.github.com/eslint/eslint/issues/21003">#21003</a>)
(den$)</li>
<li><a
href="https://github.com/eslint/eslint/commit/63d52d28de705ec46f328d18166e8b7170b3f024"><code>63d52d2</code></a>
fix: restore max-classes-per-file report range (<a
href="https://redirect.github.com/eslint/eslint/issues/21002">#21002</a>)
(Pixel)</li>
<li><a
href="https://github.com/eslint/eslint/commit/7feaff0cfb8d6a6260d3ea56887c9161daf8c700"><code>7feaff0</code></a>
fix: callback detection logic for IIFEs in max-nested-callbacks (<a
href="https://redirect.github.com/eslint/eslint/issues/20979">#20979</a>)
(fnx)</li>
<li><a
href="https://github.com/eslint/eslint/commit/399a2ec81bcbcff2c67920db51d9276b20ac1025"><code>399a2ec</code></a>
fix: don't report inner non-callbacks in
<code>max-nested-callbacks</code> (<a
href="https://redirect.github.com/eslint/eslint/issues/20995">#20995</a>)
(Milos Djermanovic)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li><a
href="https://github.com/eslint/eslint/commit/a83683db1c27193c2ad333fc5c0aedcc8a293db7"><code>a83683d</code></a>
docs: Update README (GitHub Actions Bot)</li>
<li><a
href="https://github.com/eslint/eslint/commit/f5449f96c2caabbc1a28b15211873e2f672f5ae5"><code>f5449f9</code></a>
docs: document userland patterns for global assertionOptions in RuleT…
(<a
href="https://redirect.github.com/eslint/eslint/issues/20986">#20986</a>)
(playgirl)</li>
<li><a
href="https://github.com/eslint/eslint/commit/bea49f7b2899ebf708482f977ef2ada41fd2c3f0"><code>bea49f7</code></a>
docs: Update README (GitHub Actions Bot)</li>
<li><a
href="https://github.com/eslint/eslint/commit/e5f70f9b06683a887dd0d6dc1cc91a9c9bea816d"><code>e5f70f9</code></a>
docs: update code-path diagrams (<a
href="https://redirect.github.com/eslint/eslint/issues/20984">#20984</a>)
(Tanuj Kanti)</li>
<li><a
href="https://github.com/eslint/eslint/commit/8890c2d40880b195b9167735c24ec0cc5de5eb96"><code>8890c2d</code></a>
docs: add TypeScript config guidance for MCP server (<a
href="https://redirect.github.com/eslint/eslint/issues/20796">#20796</a>)
(Pierluigi Lenoci)</li>
<li><a
href="https://github.com/eslint/eslint/commit/3eb3d9b1b5edecc3fcae0519ddba0e3745e889e3"><code>3eb3d9b</code></a>
docs: Update README (GitHub Actions Bot)</li>
<li><a
href="https://github.com/eslint/eslint/commit/c5bb59cf613dabafd550227b6adaa9327b1095f5"><code>c5bb59c</code></a>
docs: Update README (GitHub Actions Bot)</li>
<li><a
href="https://github.com/eslint/eslint/commit/eb3c97c776731ce11b28cc99f0271f41b9994701"><code>eb3c97c</code></a>
docs: fix grammar in prefer-const rule description (<a
href="https://redirect.github.com/eslint/eslint/issues/20983">#20983</a>)
(lumir)</li>
</ul>
<h2>Chores</h2>
<ul>
<li><a
href="https://github.com/eslint/eslint/commit/6a42034a57a816b0a313720b3b9df09455bd0b5e"><code>6a42034</code></a>
ci: run ecosystem tests on main branch (<a
href="https://redirect.github.com/eslint/eslint/issues/20891">#20891</a>)
(sethamus)</li>
<li><a
href="https://github.com/eslint/eslint/commit/3dbacdbb31673c87ca86ecafbb18712d8d1daed8"><code>3dbacdb</code></a>
ci: bump actions/checkout from 6 to 7 (<a
href="https://redirect.github.com/eslint/eslint/issues/21014">#21014</a>)
(dependabot[bot])</li>
<li><a
href="https://github.com/eslint/eslint/commit/c3abfca7c96cc9a244f54eeb66e9971c59280354"><code>c3abfca</code></a>
chore: correct JSDoc param types in html formatter (<a
href="https://redirect.github.com/eslint/eslint/issues/21018">#21018</a>)
(Minseon Kim)</li>
<li><a
href="https://github.com/eslint/eslint/commit/a8323209cdbefefd540c5beeaa51418d8ec40f9e"><code>a832320</code></a>
ci: split ecosystem tests into separate jobs (<a
href="https://redirect.github.com/eslint/eslint/issues/21001">#21001</a>)
(xbinaryx)</li>
<li><a
href="https://github.com/eslint/eslint/commit/27166e78511db526688afc34bbfab1a458405f3f"><code>27166e7</code></a>
chore: update ecosystem plugins (<a
href="https://redirect.github.com/eslint/eslint/issues/21005">#21005</a>)
(ESLint Bot)</li>
<li><a
href="https://github.com/eslint/eslint/commit/865d76e40107d4fa10a17fc3203b303eb8a88dc3"><code>865d76e</code></a>
ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (<a
href="https://redirect.github.com/eslint/eslint/issues/20989">#20989</a>)
(dependabot[bot])</li>
<li><a
href="https://github.com/eslint/eslint/commit/27a88c9fa7c040f4cd39e5a5e6e2d02441c408ef"><code>27a88c9</code></a>
chore: update dependency markdown-it to v14 in root (<a
href="https://redirect.github.com/eslint/eslint/issues/20994">#20994</a>)
(Milos Djermanovic)</li>
<li><a
href="https://github.com/eslint/eslint/commit/970cea62b295d931a4109abedeb21ba192d3f2be"><code>970cea6</code></a>
chore: update dependency markdown-it to v14 (<a
href="https://redirect.github.com/eslint/eslint/issues/20993">#20993</a>)
(Milos Djermanovic)</li>
<li><a
href="https://github.com/eslint/eslint/commit/b482120bacb40204fbf16f3b20be7207057157a5"><code>b482120</code></a>
chore: update dependency prettier to v3.8.4 (<a
href="https://redirect.github.com/eslint/eslint/issues/20990">#20990</a>)
(renovate[bot])</li>
<li><a
href="https://github.com/eslint/eslint/commit/6993fb3173da84999fc208507b93f523aa657448"><code>6993fb3</code></a>
chore: update ecosystem plugins (<a
href="https://redirect.github.com/eslint/eslint/issues/20985">#20985</a>)
(ESLint Bot)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/eslint/eslint/commit/5d12a0419636abb71628b7e45063a943c454a7c7"><code>5d12a04</code></a>
10.6.0</li>
<li><a
href="https://github.com/eslint/eslint/commit/f7ca54b138c4ba7b8e65f83b7fe58cc8de50af8b"><code>f7ca54b</code></a>
Build: changelog update for 10.6.0</li>
<li><a
href="https://github.com/eslint/eslint/commit/6a42034a57a816b0a313720b3b9df09455bd0b5e"><code>6a42034</code></a>
ci: run ecosystem tests on main branch (<a
href="https://redirect.github.com/eslint/eslint/issues/20891">#20891</a>)</li>
<li><a
href="https://github.com/eslint/eslint/commit/b1f910628e29a018c860e2352bc14cd07c853d67"><code>b1f9106</code></a>
feat: detect Symbol() and BigInt() in no-constant-binary-expression (<a
href="https://redirect.github.com/eslint/eslint/issues/20981">#20981</a>)</li>
<li><a
href="https://github.com/eslint/eslint/commit/3dbacdbb31673c87ca86ecafbb18712d8d1daed8"><code>3dbacdb</code></a>
ci: bump actions/checkout from 6 to 7 (<a
href="https://redirect.github.com/eslint/eslint/issues/21014">#21014</a>)</li>
<li><a
href="https://github.com/eslint/eslint/commit/c3abfca7c96cc9a244f54eeb66e9971c59280354"><code>c3abfca</code></a>
chore: correct JSDoc param types in html formatter (<a
href="https://redirect.github.com/eslint/eslint/issues/21018">#21018</a>)</li>
<li><a
href="https://github.com/eslint/eslint/commit/a83683db1c27193c2ad333fc5c0aedcc8a293db7"><code>a83683d</code></a>
docs: Update README</li>
<li><a
href="https://github.com/eslint/eslint/commit/a8323209cdbefefd540c5beeaa51418d8ec40f9e"><code>a832320</code></a>
ci: split ecosystem tests into separate jobs (<a
href="https://redirect.github.com/eslint/eslint/issues/21001">#21001</a>)</li>
<li><a
href="https://github.com/eslint/eslint/commit/6b05784eb271ac98ca3e1e2a48c4b14bb588c786"><code>6b05784</code></a>
fix: prefer-exponentiation-operator invalid autofix at statement start
(<a
href="https://redirect.github.com/eslint/eslint/issues/20997">#20997</a>)</li>
<li><a
href="https://github.com/eslint/eslint/commit/bb9eb2ab28daf6e6dafc62daa6b5daf9c2b7046c"><code>bb9eb2a</code></a>
fix: account for shadowed <code>Boolean</code> in
<code>no-extra-boolean-cast</code> (<a
href="https://redirect.github.com/eslint/eslint/issues/21013">#21013</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/eslint/eslint/compare/v10.5.0...v10.6.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-03 14:00:04 +00:00
dependabot[bot] d4f90b9bd7 chore(deps): Bump downshift from 9.3.6 to 9.4.0 (#1975)
Bumps [downshift](https://github.com/downshift-js/downshift) from 9.3.6
to 9.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/downshift-js/downshift/releases">downshift's
releases</a>.</em></p>
<blockquote>
<h2>v9.4.0</h2>
<h1><a
href="https://github.com/downshift-js/downshift/compare/v9.3.6...v9.4.0">9.4.0</a>
(2026-06-30)</h1>
<h3>Features</h3>
<ul>
<li>fix React Compiler compatibility. (<a
href="https://redirect.github.com/downshift-js/downshift/issues/1690">#1690</a>)
(<a
href="https://github.com/downshift-js/downshift/commit/1bb8b75e506fe807a5c5201a103d1bd128e5a5e2">1bb8b75</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/downshift-js/downshift/commit/1bb8b75e506fe807a5c5201a103d1bd128e5a5e2"><code>1bb8b75</code></a>
feat: fix React Compiler compatibility. (<a
href="https://redirect.github.com/downshift-js/downshift/issues/1690">#1690</a>)</li>
<li><a
href="https://github.com/downshift-js/downshift/commit/3c7584b62e900b80b998c2d486c3ff458b30214c"><code>3c7584b</code></a>
docs: fix docs dark mode example contrast (<a
href="https://redirect.github.com/downshift-js/downshift/issues/1694">#1694</a>)</li>
<li>See full diff in <a
href="https://github.com/downshift-js/downshift/compare/v9.3.6...v9.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=downshift&package-manager=npm_and_yarn&previous-version=9.3.6&new-version=9.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-03 13:52:06 +00:00
dependabot[bot] aa5693ad6b chore(deps): Bump i18next from 26.3.3 to 26.3.4 (#1974)
Bumps [i18next](https://github.com/i18next/i18next) from 26.3.3 to
26.3.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.3.4</h2>
<ul>
<li>fix(security): <code>deepExtend</code> (used by
<code>addResourceBundle(..., deep, overwrite)</code>) no longer recurses
into inherited properties. It checked key existence with the
<code>in</code> operator, which walks the prototype chain, so a source
key matching an inherited built-in (e.g. <code>hasOwnProperty</code>,
<code>toString</code>) caused recursion into the shared
<code>Object.prototype</code> function and, with <code>overwrite:
true</code>, could overwrite e.g.
<code>Object.prototype.hasOwnProperty.call</code> with a non-callable
value — corrupting a shared built-in process-wide (DoS). Existence is
now checked with <code>Object.prototype.hasOwnProperty.call</code>, so
such keys are copied as plain own data instead. This complements the
existing <code>__proto__</code>/<code>constructor</code> guard and is
also strictly more correct for an own-property merge. Only affects
applications that pass attacker-controlled data with <code>deep:
true</code> and <code>overwrite: true</code>; no standard
backend/integration does this. Distinct from CVE-2026-48713 /
CVE-2026-48714 (different packages, <code>setPath</code> mechanism).
Thanks to zx (Jace) for the responsible disclosure.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.3.4</h2>
<ul>
<li>fix(security): <code>deepExtend</code> (used by
<code>addResourceBundle(..., deep, overwrite)</code>) no longer recurses
into inherited properties. It checked key existence with the
<code>in</code> operator, which walks the prototype chain, so a source
key matching an inherited built-in (e.g. <code>hasOwnProperty</code>,
<code>toString</code>) caused recursion into the shared
<code>Object.prototype</code> function and, with <code>overwrite:
true</code>, could overwrite e.g.
<code>Object.prototype.hasOwnProperty.call</code> with a non-callable
value — corrupting a shared built-in process-wide (DoS). Existence is
now checked with <code>Object.prototype.hasOwnProperty.call</code>, so
such keys are copied as plain own data instead. This complements the
existing <code>__proto__</code>/<code>constructor</code> guard and is
also strictly more correct for an own-property merge. Only affects
applications that pass attacker-controlled data with <code>deep:
true</code> and <code>overwrite: true</code>; no standard
backend/integration does this. Distinct from CVE-2026-48713 /
CVE-2026-48714 (different packages, <code>setPath</code> mechanism). See
advisory <a
href="https://github.com/i18next/i18next/security/advisories/GHSA-6jcc-5g8w-32mx">GHSA-6jcc-5g8w-32mx</a>,
CVSS 5.9 (<code>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H</code>).
Thanks to zx (Jace) <a
href="https://github.com/manus-use"><code>@​manus-use</code></a> for the
responsible disclosure.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/i18next/i18next/commit/817ede5146e6d366645982885b0a729861d10a3a"><code>817ede5</code></a>
26.3.4</li>
<li><a
href="https://github.com/i18next/i18next/commit/46d0dd80b505b6b69feccebbe7d9c4fd66c8f85c"><code>46d0dd8</code></a>
build</li>
<li><a
href="https://github.com/i18next/i18next/commit/642137b7786d83661ec3ee53027798dc4b81d30a"><code>642137b</code></a>
fix(security): prevent deepExtend from recursing into inherited
built-ins</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.3.3...v26.3.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=i18next&package-manager=npm_and_yarn&previous-version=26.3.3&new-version=26.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-03 13:51:06 +00:00