Bumps [react-i18next](https://github.com/i18next/react-i18next) from
17.0.4 to 17.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.6</h2>
<ul>
<li>fix: restore the v17 <code>nodesToString</code> output format
consumed by <code>i18next-cli</code>'s extractor while still rendering
<a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
correctly
<ul>
<li>17.0.5 fixed <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
by changing what <code>nodesToString</code> produced, which
inadvertently changed the extracted translation strings for keep-tags
wrapping non-keep React elements</li>
<li>The fix now lives in the renderer: indexed <code><N></code>
placeholders nested inside a keep-tag are scoped to that tag's own
original React children (matching kept tags by name and positional
occurrence at each level), so the translation string format produced by
<code>nodesToString</code> is unchanged</li>
</ul>
</li>
</ul>
<h2>17.0.5</h2>
<ul>
<li>fix: <code><Trans /></code> no longer breaks child rendering
when a kept HTML node (<code>transKeepBasicHtmlNodesFor</code>) wraps a
non-keep React element <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
— superseded by 17.0.6, which keeps the same runtime fix without
changing the <code>nodesToString</code> output</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb20d1886b"><code>cb20d18</code></a>
17.0.6</li>
<li><a
href="b8ad5e4afd"><code>b8ad5e4</code></a>
fix: scope indexed placeholders inside keep-tags at render time <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">#1919</a></li>
<li><a
href="75ce985016"><code>75ce985</code></a>
17.0.5</li>
<li><a
href="9803bb8005"><code>9803bb8</code></a>
fix: <Trans /> no longer breaks child rendering when a kept HTML
node (transK...</li>
<li><a
href="ec37a48d76"><code>ec37a48</code></a>
chore: ignore .env*, *.pem, *.key in .gitignore</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.4...v17.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.11 to
8.5.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9bc81c48f0"><code>9bc81c4</code></a>
Release 8.5.12 version</li>
<li><a
href="85c4d7dab8"><code>85c4d7d</code></a>
Another try to fix coverage</li>
<li><a
href="94484cae6d"><code>94484ca</code></a>
Try to fix coverage</li>
<li><a
href="c64b7488d2"><code>c64b748</code></a>
Load only .map source maps</li>
<li><a
href="aaec7b78b3"><code>aaec7b7</code></a>
Avoid throwing JSON parsing errors for non-JSON source maps</li>
<li><a
href="233fb264ea"><code>233fb26</code></a>
Mention original author of the solution</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.11...8.5.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.10 to
8.5.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2502f75030"><code>2502f75</code></a>
Release 8.5.11 version</li>
<li><a
href="5ca1901949"><code>5ca1901</code></a>
Speed up parsing many nested brackets</li>
<li><a
href="42b5337dd7"><code>42b5337</code></a>
Update dependencies</li>
<li><a
href="7e36e153d0"><code>7e36e15</code></a>
Cache node.raws locally in Stringifier hot methods</li>
<li><a
href="8ec62b157b"><code>8ec62b1</code></a>
Bypass MapGenerator for no-source-map stringify in LazyResult</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.10...8.5.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.7 to
26.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ea438f841"><code>3ea438f</code></a>
26.0.8</li>
<li><a
href="5176bbd7a1"><code>5176bbd</code></a>
retry version bump</li>
<li><a
href="10b48c6193"><code>10b48c6</code></a>
26.0.8</li>
<li><a
href="9fdd99a919"><code>9fdd99a</code></a>
retry version bump</li>
<li><a
href="9ee7da174d"><code>9ee7da1</code></a>
changelog</li>
<li><a
href="8ce5e268de"><code>8ce5e26</code></a>
26.0.8</li>
<li><a
href="e802567c9c"><code>e802567</code></a>
fix(types): restore <code>ExistsFunction</code> shape to keep
arrow-function wrappers as...</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.7...v26.0.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.6 to
26.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.7</h2>
<ul>
<li>fix: when a plural lookup misses, the <code>missingKey</code> debug
log now shows the actual plural-resolved key (e.g.
<code>foo.bar_many</code> for Polish <code>count: 14</code>) instead of
the base key — making it obvious which plural category was expected and
missing <a
href="https://redirect.github.com/i18next/i18next/issues/2423">2423</a></li>
<li>chore: drop <code>@babel/runtime</code> runtime dependency. The
build no longer generates any <code>@babel/runtime</code> imports, so
the package is unused by consumers. Rollup now uses <code>babelHelpers:
'bundled'</code> so any helpers that are ever needed in the future will
be inlined rather than imported externally <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
<li>chore: stop emitting <code>dist/esm/i18next.bundled.js</code>. It
was byte-identical to <code>dist/esm/i18next.js</code> because no
helpers were being imported <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce06fba2a5"><code>ce06fba</code></a>
26.0.7</li>
<li><a
href="ca33377537"><code>ca33377</code></a>
chore: drop unused <code>@babel/runtime</code> dep and redundant
bundled ESM output</li>
<li><a
href="8abe4e66ce"><code>8abe4e6</code></a>
fix: show resolved plural key in missingKey debug log</li>
<li><a
href="073eb1068a"><code>073eb10</code></a>
ts tests fix</li>
<li><a
href="a3dfb180d8"><code>a3dfb18</code></a>
security tests</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.6...v26.0.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.5 to
26.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.6</h2>
<p>Security release — all issues found via an internal audit. GHSA
advisory filed after release.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the security
docs for mitigation guidance (GHSA-TBD)</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.6</h2>
<p>Security release — all issues found via an internal audit.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the <a
href="https://www.i18next.com/translation-function/nesting#security-note-interpolated-values-inside-a-nesting-options-block">security
note in the Nesting docs</a> for the full pattern and mitigations</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d0ed9f98e"><code>9d0ed9f</code></a>
26.0.6</li>
<li><a
href="8c82564437"><code>8c82564</code></a>
security: hardening for 26.0.6 — nesting-options warning, regexEscape
unescap...</li>
<li><a
href="0cb018c363"><code>0cb018c</code></a>
chore: bump devDependencies</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.5...v26.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.41.0
to 6.41.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/view/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks)
from 7.1.0 to 7.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">eslint-plugin-react-hooks's
releases</a>.</em></p>
<blockquote>
<h2>eslint-plugin-react-hooks@7.1.1 (April 17, 2026)</h2>
<p><strong>Note:</strong> 7.1.0 accidentally removed the
<code>component-hook-factories</code> rule, causing errors for users who
referenced it in their ESLint config. This is now fixed.</p>
<ul>
<li>Add deprecated no-op <code>component-hook-factories</code> rule for
backwards compatibility. (<a
href="https://github.com/mofeiZ"><code>@mofeiZ</code></a> in <a
href="https://redirect.github.com/facebook/react/pull/36307">#36307</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md">eslint-plugin-react-hooks's
changelog</a>.</em></p>
<blockquote>
<h2>7.1.1</h2>
<p><strong>Note:</strong> 7.1.0 accidentally removed the
<code>component-hook-factories</code> rule, causing errors for users who
referenced it in their ESLint config. This is now fixed.</p>
<ul>
<li>Add deprecated no-op <code>component-hook-factories</code> rule for
backwards compatibility. (<a
href="https://github.com/mofeiZ"><code>@mofeiZ</code></a> in <a
href="https://redirect.github.com/facebook/react/pull/36307">#36307</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d1727fbf98"><code>d1727fb</code></a>
[eprh] Update changelog for 7.1.1 (<a
href="https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks/issues/36308">#36308</a>)</li>
<li><a
href="bc249804d3"><code>bc24980</code></a>
[eprh] Add back a no-op for removed component-hook-factories rule (<a
href="https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks/issues/36307">#36307</a>)</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/eslint-plugin-react-hooks@7.1.1/packages/eslint-plugin-react-hooks">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.4 to
26.0.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.5</h2>
<ul>
<li>fix: <code>cloneInstance().changeLanguage()</code> no longer fails
to update language state when the target language is not yet loaded — a
race between <code>init()</code>'s deferred <code>load()</code> and the
user's <code>changeLanguage()</code> could overwrite
<code>isLanguageChangingTo</code>, causing <code>setLngProps</code> to
be skipped <a
href="https://redirect.github.com/i18next/i18next/issues/2422">2422</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.5</h2>
<ul>
<li>fix: <code>cloneInstance().changeLanguage()</code> no longer fails
to update language state when the target language is not yet loaded — a
race between <code>init()</code>'s deferred <code>load()</code> and the
user's <code>changeLanguage()</code> could overwrite
<code>isLanguageChangingTo</code>, causing <code>setLngProps</code> to
be skipped <a
href="https://redirect.github.com/i18next/i18next/issues/2422">2422</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ab4633fee0"><code>ab4633f</code></a>
26.0.5</li>
<li><a
href="bae3b8bca9"><code>bae3b8b</code></a>
fix: <code>cloneInstance().changeLanguage()</code> no longer fails to
update language st...</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.4...v26.0.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
17.0.2 to 17.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.4</h2>
<ul>
<li>fix: avoid <code>React does not recognize the 'i18nIsDynamicList'
prop on a DOM element</code> warning <a
href="https://redirect.github.com/i18next/react-i18next/issues/1915">1915</a></li>
</ul>
<h2>17.0.3</h2>
<ul>
<li>fix: avoid invalid prop on <code>React.Fragment</code> inside
<code><Trans /></code> <a
href="https://redirect.github.com/i18next/react-i18next/issues/1914">1914</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a398b7692b"><code>a398b76</code></a>
17.0.4</li>
<li><a
href="c96f7bc219"><code>c96f7bc</code></a>
fix: avoid `React does not recognize the i18nIsDynamicList prop on a DOM
elem...</li>
<li><a
href="fe111f7518"><code>fe111f7</code></a>
17.0.3</li>
<li><a
href="e7419b8696"><code>e7419b8</code></a>
fix: avoid invalid prop on <code>React.Fragment</code> inside
<code>\<Trans /></code> <a
href="https://redirect.github.com/i18next/react-i18next/issues/1914">#1914</a></li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.2...v17.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.8
to 1.53.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.53.1...v1.53.2">1.53.2</a>
- 2026-04-14</h2>
<ul>
<li>Add <code>locale</code> and <code>namespace</code> fields to the
<code>TranslationResult</code> object passed
to the <code>afterSync</code> plugin hook, so plugins no longer need to
reverse-engineer
these values from the file path.
Relates to <a
href="https://redirect.github.com/i18next/i18next-cli/issues/237">#237</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.53.0...v1.53.1">1.53.1</a>
- 2026-04-14</h2>
<ul>
<li>Fix selector API with dynamic bracket notation (e.g.
<code>t(($) => $.table.columns[field])</code>) incorrectly treating
keys as unused
and removing them during extraction. Dynamic bracket expressions are now
resolved via the expression resolver, and function parameter type
annotations (e.g. <code>field: "name" |
"age"</code>) are captured so the resolver
can enumerate all possible key values.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.52.1...v1.53.0">1.53.0</a>
- 2026-04-14</h2>
<ul>
<li>Add optional <code>types.basePath</code> configuration to support
nested namespaces in
TypeScript type generation. When set, namespaces are derived from the
file's
path relative to <code>basePath</code> instead of just the filename, so
<code>locales/en/dashboard/user.json</code> produces namespace
<code>"dashboard/user"</code> instead
of <code>"user"</code>. When <code>basePath</code> is omitted,
existing behavior is preserved.
Contributed by <a
href="https://github.com/camerondubas"><code>@camerondubas</code></a>
in
<a
href="https://redirect.github.com/i18next/i18next-cli/pull/236">#236</a>.</li>
<li>Add a warning when <code>types.basePath</code> is misconfigured and
translation files
fall outside the specified base directory.</li>
<li>Use the internal logger instead of <code>console.warn</code> for
warnings in the type
generator.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.52.0...v1.52.1">1.52.1</a>
- 2026-04-13</h2>
<ul>
<li>Fix <code>extract --sync-all --trust-derived</code> resetting
secondary locale values
to empty strings even when the trusted derived default was already in
sync in
the primary locale. Secondary translations are now only cleared when the
primary locale would actually be updated by the sync.
Follow-up to <a
href="https://redirect.github.com/i18next/i18next-cli/issues/235">#235</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.9...v1.52.0">1.52.0</a>
- 2026-04-13</h2>
<ul>
<li>Add <code>extract --trust-derived</code> as an opt-in companion to
<code>--sync-primary</code>
and <code>--sync-all</code>. When enabled, the extractor also trusts
default values
inferred from keys, including plain key-as-text usage such as
<code>t('Hello world')</code> and <code>keyPrefix</code>-derived values,
while preserving the
existing strict sync behavior by default.
Follows up on <a
href="https://redirect.github.com/i18next/i18next-cli/issues/235">#235</a>.</li>
</ul>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.8...v1.51.9">1.51.9</a>
- 2026-04-13</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8c44aaa42c"><code>8c44aaa</code></a>
1.53.2</li>
<li><a
href="9b74f0b433"><code>9b74f0b</code></a>
Add <code>locale</code> and <code>namespace</code> fields to the
<code>TranslationResult</code> object <a
href="https://redirect.github.com/i18next/i18next-cli/issues/237">#237</a></li>
<li><a
href="f6de82e032"><code>f6de82e</code></a>
1.53.1</li>
<li><a
href="d7c9895c87"><code>d7c9895</code></a>
improve fix for <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a></li>
<li><a
href="e6480b060e"><code>e6480b0</code></a>
1.53.0</li>
<li><a
href="145a3a84bd"><code>145a3a8</code></a>
release: feat(types): support nested namespaces in type generation <a
href="https://redirect.github.com/i18next/i18next-cli/issues/236">#236</a></li>
<li><a
href="54f474f00a"><code>54f474f</code></a>
feat(types): support nested namespaces in type generation (<a
href="https://redirect.github.com/i18next/i18next-cli/issues/236">#236</a>)</li>
<li><a
href="6e3f9d7dfa"><code>6e3f9d7</code></a>
1.52.1</li>
<li><a
href="810a724c4d"><code>810a724</code></a>
fix --trust-derived <a
href="https://redirect.github.com/i18next/i18next-cli/issues/235">#235</a></li>
<li><a
href="b898c554ad"><code>b898c55</code></a>
1.52.0</li>
<li>Additional commits viewable in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.8...v1.53.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.7
to 1.51.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.7...v1.51.8">1.51.8</a>
- 2026-04-13</h2>
<ul>
<li>Fix selector API with dynamic bracket notation (e.g.
<code>t(($) => $.table.columns[field])</code>) incorrectly treating
keys as unused
and removing them during extraction. Dynamic bracket expressions are now
resolved via the expression resolver, so typed variables
(<code>const field: "name" | "age"</code>) and
const-initialised variables
(<code>const field = "name"</code>) are correctly expanded
into all possible keys.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e479a9d44"><code>6e479a9</code></a>
1.51.8</li>
<li><a
href="3a1ced40fb"><code>3a1ced4</code></a>
ix selector API with dynamic bracket notation <a
href="https://redirect.github.com/i18next/i18next-cli/issues/234">#234</a></li>
<li>See full diff in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.7...v1.51.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pmtiles](https://github.com/protomaps/pmtiles) from 4.4.0 to
4.4.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/protomaps/pmtiles/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe88ac29c0"><code>fe88ac2</code></a>
Release 8.5.9 version</li>
<li><a
href="c551632496"><code>c551632</code></a>
Avoid RegExp when we can use simple JS</li>
<li><a
href="89a6b74406"><code>89a6b74</code></a>
Move SECURITY.txt for docs folder to keep GitHub page cleaner</li>
<li><a
href="6ceb8a46af"><code>6ceb8a4</code></a>
Create SECURITY.md</li>
<li><a
href="02ccae6bc3"><code>02ccae6</code></a>
Another way to fix CI with .ts ext in tests on old Node.js</li>
<li><a
href="2c36658c7c"><code>2c36658</code></a>
Another way to fix CI with TS on old Node.js</li>
<li><a
href="b90600361f"><code>b906003</code></a>
Another way to fix CI with old Node.js</li>
<li><a
href="04d32cdc69"><code>04d32cd</code></a>
Fix another issue with Node.js 10 on CI</li>
<li><a
href="df86cdfff0"><code>df86cdf</code></a>
Try to fix Node.js 10 on CI</li>
<li><a
href="82bec0dd8e"><code>82bec0d</code></a>
Move to oxfmt</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/postcss/compare/8.5.8...8.5.9">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.3 to
26.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.4</h2>
<ul>
<li>fix(types): inline formatting options like <code>{{price,
currency(EUR)}}</code> are now correctly resolved to their base format
type (e.g. <code>number</code> for <code>currency</code>) instead of
falling back to <code>string</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2378">2378</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.4</h2>
<ul>
<li>fix(types): inline formatting options like <code>{{price,
currency(EUR)}}</code> are now correctly resolved to their base format
type (e.g. <code>number</code> for <code>currency</code>) instead of
falling back to <code>string</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2378">2378</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9e64c7586a"><code>9e64c75</code></a>
26.0.4</li>
<li><a
href="cd1f15f70f"><code>cd1f15f</code></a>
fix(types): inline formatting options <a
href="https://redirect.github.com/i18next/i18next/issues/2378">#2378</a></li>
<li><a
href="660c785f90"><code>660c785</code></a>
ts: test todo hint</li>
<li><a
href="7d2b6383e3"><code>7d2b638</code></a>
ts repro test</li>
<li><a
href="29e07bfead"><code>29e07bf</code></a>
ts repro test</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.3...v26.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.6
to 1.51.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.6...v1.51.7">1.51.7</a>
- 2026-04-07</h2>
<ul>
<li>Fix <code>--sync-all</code> not clearing secondary locale
translations when
<code>mergeNamespaces</code> is enabled. The <code>syncAll</code> flag
was not being passed
through in the merged namespaces code path.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/233">#233</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2a1998d5e2"><code>2a1998d</code></a>
1.51.7</li>
<li><a
href="03cb9013c7"><code>03cb901</code></a>
should fix <a
href="https://redirect.github.com/i18next/i18next-cli/issues/233">#233</a></li>
<li>See full diff in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.6...v1.51.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.51.5
to 1.51.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/i18next/i18next-cli/compare/v1.51.5...v1.51.6">1.51.6</a>
- 2026-04-03</h2>
<ul>
<li>Add <code>getT</code> and <code>useT</code> to the default
<code>useTranslationNames</code> so that
<code>next-i18next</code> v16 App Router hooks are recognized out of the
box.
Keys from <code>useT('ns')</code> and <code>await getT('ns')</code> are
now correctly
extracted into the specified namespace instead of falling back to
<code>defaultNS</code>.
Fixes <a
href="https://redirect.github.com/i18next/i18next-cli/issues/232">#232</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2828baf61f"><code>2828baf</code></a>
1.51.6</li>
<li><a
href="0d6e5930f6"><code>0d6e593</code></a>
ts dep update</li>
<li><a
href="0f6f5b3148"><code>0f6f5b3</code></a>
Add <code>getT</code> and <code>useT</code> to the default
<code>useTranslationNames</code> so that `next-i18n...</li>
<li><a
href="274164840f"><code>2741648</code></a>
reproduce <a
href="https://redirect.github.com/i18next/i18next-cli/issues/231">#231</a></li>
<li>See full diff in <a
href="https://github.com/i18next/i18next-cli/compare/v1.51.5...v1.51.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.40.0
to 6.41.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codemirror/view/blob/main/CHANGELOG.md"><code>@codemirror/view</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>6.41.0 (2026-04-01)</h2>
<h3>Bug fixes</h3>
<p>Fix an issue where <code>EditorView.posAtCoords</code> could
incorrectly return a position near a higher element on the line, in
mixed-font-size lines.</p>
<p>Expand the workaround for the Webkit bug that causes nonexistent
selections to stay visible to be active on non-Safari Webkit
browsers.</p>
<h3>New features</h3>
<p>The new <code>EditorView.cursorScrollMargin</code> facet can now be
used to configure the extra space used when scrolling the cursor into
view.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a0a5ed946c"><code>a0a5ed9</code></a>
Mark version 6.41.0</li>
<li><a
href="c834ebf424"><code>c834ebf</code></a>
Enable the workaround for ghost selections in all forms of Webkit</li>
<li><a
href="49d72c43f6"><code>49d72c4</code></a>
Improve posAtCoords in non-uniform height lines</li>
<li><a
href="4935d2495f"><code>4935d24</code></a>
Make the margin used when scrolling the cursor into view
configurable</li>
<li><a
href="ed7d6253a0"><code>ed7d625</code></a>
Remove duplicated slash in forum url in README</li>
<li><a
href="c3770d3f0a"><code>c3770d3</code></a>
Fix forum link in readme</li>
<li>See full diff in <a
href="https://github.com/codemirror/view/compare/6.40.0...6.41.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [slugify](https://github.com/simov/slugify) from 1.6.8 to 1.6.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/simov/slugify/blob/master/CHANGELOG.md">slugify's
changelog</a>.</em></p>
<blockquote>
<h3>v1.6.9 (2026-04-01)</h3>
<ul>
<li><a
href="https://redirect.github.com/simov/slugify/pull/171">#171</a> fix:
correct CommonJS export for "module": "node16" + ESM
(171) (<a
href="https://github.com/karlhorky"><code>@karlhorky</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/simov/slugify/commits">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~joshuakgoldberg">joshuakgoldberg</a>, a new
releaser for slugify since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [sass](https://github.com/sass/dart-sass) from 1.98.0 to 1.99.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sass/dart-sass/releases">sass's
releases</a>.</em></p>
<blockquote>
<h2>Dart Sass 1.99.0</h2>
<p>To install Sass 1.99.0, download one of the packages below and <a
href="https://katiek2.github.io/path-doc/">add it to your PATH</a>, or
see <a href="https://sass-lang.com/install">the Sass website</a> for
full installation instructions.</p>
<h1>Changes</h1>
<ul>
<li>
<p>Add support for parent selectors (<code>&</code>) at the root of
the document. These are emitted as-is in the CSS output, where they're
interpreted as <a
href="https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule">the
scoping root</a>.</p>
</li>
<li>
<p>User-defined functions named <code>calc</code> or <code>clamp</code>
are no longer forbidden. If such a function exists without a namespace
in the current module, it will be used instead of the built-in
<code>calc()</code> or <code>clamp()</code> function.</p>
</li>
<li>
<p>User-defined functions whose names begin with <code>-</code> and end
with <code>-expression</code>, <code>-url</code>, <code>-and</code>,
<code>-or</code>, or <code>-not</code> are no longer forbidden. These
were originally intended to match vendor prefixes, but in practice no
vendor prefixes for these functions ever existed in real browsers.</p>
</li>
<li>
<p>User-defined functions named <code>EXPRESSION</code>,
<code>URL</code>, and <code>ELEMENT</code>, those that begin with
<code>-</code> and end with <code>-ELEMENT</code>, as well as the same
names with some lowercase letters are now deprecated, These are names
conflict with plain CSS functions that have special syntax.</p>
<p>See <a href="https://sass-lang.com/d/function-name">the Sass
website</a> for details.</p>
</li>
<li>
<p>In a future release, calls to functions whose names begin with
<code>-</code> and end with <code>-expression</code> and
<code>-url</code> will no longer have special parsing. For now, these
calls are deprecated if their behavior will change in the future.</p>
<p>See <a href="https://sass-lang.com/d/function-name">the Sass
website</a> for details.</p>
</li>
<li>
<p>Calls to functions whose names begin with <code>-</code> and end with
<code>-progid:...</code> are deprecated.</p>
<p>See <a href="https://sass-lang.com/d/function-name">the Sass
website</a> for details.</p>
</li>
</ul>
<p>See the <a
href="https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1990">full
changelog</a> for changes in earlier releases.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sass/dart-sass/blob/main/CHANGELOG.md">sass's
changelog</a>.</em></p>
<blockquote>
<h2>1.99.0</h2>
<ul>
<li>
<p>Add support for parent selectors (<code>&</code>) at the root of
the document. These are
emitted as-is in the CSS output, where they're interpreted as <a
href="https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule">the
scoping
root</a>.</p>
</li>
<li>
<p>User-defined functions named <code>calc</code> or <code>clamp</code>
are no longer forbidden. If
such a function exists without a namespace in the current module, it
will be
used instead of the built-in <code>calc()</code> or <code>clamp()</code>
function.</p>
</li>
<li>
<p>User-defined functions whose names begin with <code>-</code> and end
with <code>-expression</code>,
<code>-url</code>, <code>-and</code>, <code>-or</code>, or
<code>-not</code> are no longer forbidden. These were
originally intended to match vendor prefixes, but in practice no vendor
prefixes for these functions ever existed in real browsers.</p>
</li>
<li>
<p>User-defined functions named <code>EXPRESSION</code>,
<code>URL</code>, and <code>ELEMENT</code>, those that
begin with <code>-</code> and end with <code>-ELEMENT</code>, as well as
the same names with some
lowercase letters are now deprecated, These are names conflict with
plain CSS
functions that have special syntax.</p>
<p>See <a href="https://sass-lang.com/d/function-name">the Sass
website</a> for details.</p>
</li>
<li>
<p>In a future release, calls to functions whose names begin with
<code>-</code> and end
with <code>-expression</code> and <code>-url</code> will no longer have
special parsing. For now,
these calls are deprecated if their behavior will change in the
future.</p>
<p>See <a href="https://sass-lang.com/d/function-name">the Sass
website</a> for details.</p>
</li>
<li>
<p>Calls to functions whose names begin with <code>-</code> and end with
<code>-progid:...</code> are
deprecated.</p>
<p>See <a href="https://sass-lang.com/d/function-name">the Sass
website</a> for details.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="83c39fec93"><code>83c39fe</code></a>
Support the top-level parent selector (<a
href="https://redirect.github.com/sass/dart-sass/issues/2758">#2758</a>)</li>
<li><a
href="ec85871864"><code>ec85871</code></a>
Bump EndBug/add-and-commit from 9 to 10 (<a
href="https://redirect.github.com/sass/dart-sass/issues/2756">#2756</a>)</li>
<li><a
href="a604acd19a"><code>a604acd</code></a>
[Function Name] Implement changes (<a
href="https://redirect.github.com/sass/dart-sass/issues/2731">#2731</a>)</li>
<li>See full diff in <a
href="https://github.com/sass/dart-sass/compare/1.98.0...1.99.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]