Bumps [postcss](https://github.com/postcss/postcss) from 8.5.12 to
8.5.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.13</h2>
<ul>
<li>Fixed <code>postcss-scss</code> commend regression.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.13</h2>
<ul>
<li>Fixed <code>postcss-scss</code> commend regression.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af58cf1b7a"><code>af58cf1</code></a>
Release 8.5.13 version</li>
<li><a
href="f227dbd0e9"><code>f227dbd</code></a>
Temporary ignore pnpm 11 config</li>
<li><a
href="d3abd40d72"><code>d3abd40</code></a>
Update dependencies</li>
<li><a
href="dd06c3e113"><code>dd06c3e</code></a>
Revert stringifier changes because of the conflict with
postcss-scss</li>
<li><a
href="ae889c815f"><code>ae889c8</code></a>
Try to fix CI</li>
<li><a
href="e0093e49bc"><code>e0093e4</code></a>
Move to pnpm 11</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.12...8.5.13">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
17.0.4 to 17.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.6</h2>
<ul>
<li>fix: restore the v17 <code>nodesToString</code> output format
consumed by <code>i18next-cli</code>'s extractor while still rendering
<a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
correctly
<ul>
<li>17.0.5 fixed <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
by changing what <code>nodesToString</code> produced, which
inadvertently changed the extracted translation strings for keep-tags
wrapping non-keep React elements</li>
<li>The fix now lives in the renderer: indexed <code><N></code>
placeholders nested inside a keep-tag are scoped to that tag's own
original React children (matching kept tags by name and positional
occurrence at each level), so the translation string format produced by
<code>nodesToString</code> is unchanged</li>
</ul>
</li>
</ul>
<h2>17.0.5</h2>
<ul>
<li>fix: <code><Trans /></code> no longer breaks child rendering
when a kept HTML node (<code>transKeepBasicHtmlNodesFor</code>) wraps a
non-keep React element <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
— superseded by 17.0.6, which keeps the same runtime fix without
changing the <code>nodesToString</code> output</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb20d1886b"><code>cb20d18</code></a>
17.0.6</li>
<li><a
href="b8ad5e4afd"><code>b8ad5e4</code></a>
fix: scope indexed placeholders inside keep-tags at render time <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">#1919</a></li>
<li><a
href="75ce985016"><code>75ce985</code></a>
17.0.5</li>
<li><a
href="9803bb8005"><code>9803bb8</code></a>
fix: <Trans /> no longer breaks child rendering when a kept HTML
node (transK...</li>
<li><a
href="ec37a48d76"><code>ec37a48</code></a>
chore: ignore .env*, *.pem, *.key in .gitignore</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.4...v17.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.11 to
8.5.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9bc81c48f0"><code>9bc81c4</code></a>
Release 8.5.12 version</li>
<li><a
href="85c4d7dab8"><code>85c4d7d</code></a>
Another try to fix coverage</li>
<li><a
href="94484cae6d"><code>94484ca</code></a>
Try to fix coverage</li>
<li><a
href="c64b7488d2"><code>c64b748</code></a>
Load only .map source maps</li>
<li><a
href="aaec7b78b3"><code>aaec7b7</code></a>
Avoid throwing JSON parsing errors for non-JSON source maps</li>
<li><a
href="233fb264ea"><code>233fb26</code></a>
Mention original author of the solution</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.11...8.5.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.10 to
8.5.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2502f75030"><code>2502f75</code></a>
Release 8.5.11 version</li>
<li><a
href="5ca1901949"><code>5ca1901</code></a>
Speed up parsing many nested brackets</li>
<li><a
href="42b5337dd7"><code>42b5337</code></a>
Update dependencies</li>
<li><a
href="7e36e153d0"><code>7e36e15</code></a>
Cache node.raws locally in Stringifier hot methods</li>
<li><a
href="8ec62b157b"><code>8ec62b1</code></a>
Bypass MapGenerator for no-source-map stringify in LazyResult</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.10...8.5.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.7 to
26.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ea438f841"><code>3ea438f</code></a>
26.0.8</li>
<li><a
href="5176bbd7a1"><code>5176bbd</code></a>
retry version bump</li>
<li><a
href="10b48c6193"><code>10b48c6</code></a>
26.0.8</li>
<li><a
href="9fdd99a919"><code>9fdd99a</code></a>
retry version bump</li>
<li><a
href="9ee7da174d"><code>9ee7da1</code></a>
changelog</li>
<li><a
href="8ce5e268de"><code>8ce5e26</code></a>
26.0.8</li>
<li><a
href="e802567c9c"><code>e802567</code></a>
fix(types): restore <code>ExistsFunction</code> shape to keep
arrow-function wrappers as...</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.7...v26.0.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.6 to
26.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.7</h2>
<ul>
<li>fix: when a plural lookup misses, the <code>missingKey</code> debug
log now shows the actual plural-resolved key (e.g.
<code>foo.bar_many</code> for Polish <code>count: 14</code>) instead of
the base key — making it obvious which plural category was expected and
missing <a
href="https://redirect.github.com/i18next/i18next/issues/2423">2423</a></li>
<li>chore: drop <code>@babel/runtime</code> runtime dependency. The
build no longer generates any <code>@babel/runtime</code> imports, so
the package is unused by consumers. Rollup now uses <code>babelHelpers:
'bundled'</code> so any helpers that are ever needed in the future will
be inlined rather than imported externally <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
<li>chore: stop emitting <code>dist/esm/i18next.bundled.js</code>. It
was byte-identical to <code>dist/esm/i18next.js</code> because no
helpers were being imported <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce06fba2a5"><code>ce06fba</code></a>
26.0.7</li>
<li><a
href="ca33377537"><code>ca33377</code></a>
chore: drop unused <code>@babel/runtime</code> dep and redundant
bundled ESM output</li>
<li><a
href="8abe4e66ce"><code>8abe4e6</code></a>
fix: show resolved plural key in missingKey debug log</li>
<li><a
href="073eb1068a"><code>073eb10</code></a>
ts tests fix</li>
<li><a
href="a3dfb180d8"><code>a3dfb18</code></a>
security tests</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.6...v26.0.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.5 to
26.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.6</h2>
<p>Security release — all issues found via an internal audit. GHSA
advisory filed after release.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the security
docs for mitigation guidance (GHSA-TBD)</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.6</h2>
<p>Security release — all issues found via an internal audit.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the <a
href="https://www.i18next.com/translation-function/nesting#security-note-interpolated-values-inside-a-nesting-options-block">security
note in the Nesting docs</a> for the full pattern and mitigations</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d0ed9f98e"><code>9d0ed9f</code></a>
26.0.6</li>
<li><a
href="8c82564437"><code>8c82564</code></a>
security: hardening for 26.0.6 — nesting-options warning, regexEscape
unescap...</li>
<li><a
href="0cb018c363"><code>0cb018c</code></a>
chore: bump devDependencies</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.5...v26.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.41.0
to 6.41.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/view/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:59:07 +00:00
4 changed files with 659 additions and 581 deletions
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
