Bumps
[systeminformation](https://github.com/sebhildebrandt/systeminformation)
from 5.31.1 to 5.31.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sebhildebrandt/systeminformation/releases">systeminformation's
releases</a>.</em></p>
<blockquote>
<h2>v5.31.6</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6">https://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6</a></p>
<h2>v5.31.5</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sebhildebrandt/systeminformation/compare/v5.31.4...v5.31.5">https://github.com/sebhildebrandt/systeminformation/compare/v5.31.4...v5.31.5</a></p>
<h2>v5.31.4</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sebhildebrandt/systeminformation/compare/v5.31.3...v5.31.4">https://github.com/sebhildebrandt/systeminformation/compare/v5.31.3...v5.31.4</a></p>
<h2>v5.31.3</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sebhildebrandt/systeminformation/compare/v5.31.2...v5.31.3">https://github.com/sebhildebrandt/systeminformation/compare/v5.31.2...v5.31.3</a></p>
<h2>v5.31.2</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sebhildebrandt/systeminformation/compare/v5.31.1...v5.31.2">https://github.com/sebhildebrandt/systeminformation/compare/v5.31.1...v5.31.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md">systeminformation's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>Major Changes - Version 5</h2>
<h4>New Functions</h4>
<ul>
<li><code>audio()</code> detailed audio information</li>
<li><code>bluetoothDevices()</code> detailed information detected
bluetooth devices</li>
<li><code>dockerImages()</code> detailed information docker images</li>
<li><code>dockerVolumes()</code> detailed information docker
volumes</li>
<li><code>printers()</code> detailed printer information</li>
<li><code>usb()</code> detailed USB information</li>
<li><code>wifiInterfaces()</code> detected Wi-Fi interfaces</li>
<li><code>wifiConnections()</code> active Wi-Fi connections</li>
</ul>
<h4>Breaking Changes</h4>
<p><strong>Be aware</strong>, that the new version 5.x <strong>is NOT
fully backward compatible</strong> to
version 4.x ...</p>
<p>We had to make <strong>several interface changes</strong> to keep
systeminformation as
consistent as possible. We highly
<a href="https://systeminformation.io/changes.html">recommend to go
through the complete list</a>
and adapt your own code to be again compatible to the new version 5.</p>
<table>
<thead>
<tr>
<th>Function</th>
<th>Old</th>
<th>New (V5)</th>
<th>Comments</th>
</tr>
</thead>
<tbody>
<tr>
<td>unsupported values</td>
<td>-1</td>
<td>null</td>
<td>values which are unknown or<!-- raw HTML omitted -->unsupported on
platform</td>
</tr>
<tr>
<td><code>battery()</code></td>
<td>hasbattery<!-- raw HTML omitted -->cyclecount<!-- raw HTML omitted
-->ischarging<!-- raw HTML omitted -->designedcapacity<!-- raw HTML
omitted -->maxcapacity<!-- raw HTML omitted -->acconnected<!-- raw HTML
omitted -->timeremaining</td>
<td>hasBattery<!-- raw HTML omitted -->cycleCount<!-- raw HTML omitted
-->isCharging<!-- raw HTML omitted -->designedCapacity<!-- raw HTML
omitted -->maxCapacity<!-- raw HTML omitted -->acConnected<!-- raw HTML
omitted -->timeRemaining</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>blockDevices()</code></td>
<td>fstype</td>
<td>fsType</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>cpu()</code></td>
<td>speedmin<!-- raw HTML omitted -->speedmax</td>
<td>speedMin<!-- raw HTML omitted -->speedMax</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>cpu().speed</code><!-- raw HTML omitted
--><code>cpu().speedMin</code><!-- raw HTML omitted
--><code>cpu().speedMax</code></td>
<td>string values</td>
<td>now returning<!-- raw HTML omitted -->numerical values</td>
<td>better value handling</td>
</tr>
<tr>
<td><code>cpuCurrentspeed()</code></td>
<td></td>
<td>cpuCurrentSpeed()</td>
<td>function name changed<!-- raw HTML omitted -->pascalCase
conformity</td>
</tr>
<tr>
<td><code>currentLoad()</code></td>
<td>avgload<!-- raw HTML omitted -->currentload<!-- raw HTML omitted
-->currentload_user<!-- raw HTML omitted -->currentload_system<!-- raw
HTML omitted -->currentload_nice<!-- raw HTML omitted
-->currentload_idle<!-- raw HTML omitted -->currentload_irq<!-- raw HTML
omitted -->raw_currentload</td>
<td>avgLoad<!-- raw HTML omitted -->currentLoad<!-- raw HTML omitted
-->currentLoadUser<!-- raw HTML omitted -->currentLoadSystem<!-- raw
HTML omitted -->currentLoadNice<!-- raw HTML omitted
-->currentLoadIdle<!-- raw HTML omitted -->currentLoadIrq<!-- raw HTML
omitted -->rawCurrentLoad</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>dockerContainerStats()</code></td>
<td>mem_usage<!-- raw HTML omitted -->mem_limit<!-- raw HTML omitted
-->mem_percent<!-- raw HTML omitted -->cpu_percent<!-- raw HTML omitted
-->cpu_stats<!-- raw HTML omitted -->precpu_stats<!-- raw HTML omitted
-->memory_stats</td>
<td>memUsage<!-- raw HTML omitted -->memLimit<!-- raw HTML omitted
-->memPercent<!-- raw HTML omitted -->cpuPercent<!-- raw HTML omitted
-->cpuStats<!-- raw HTML omitted -->precpuStats<!-- raw HTML omitted
-->memoryStats</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>dockerContainerProcesses()</code></td>
<td>pid_host</td>
<td>pidHost</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>graphics().display</code></td>
<td>pixeldepth<!-- raw HTML omitted -->resolutionx<!-- raw HTML omitted
-->resolutiony<!-- raw HTML omitted -->sizex<!-- raw HTML omitted
-->sizey</td>
<td>pixelDepth<!-- raw HTML omitted -->resolutionX<!-- raw HTML omitted
-->resolutionY<!-- raw HTML omitted -->sizeX<!-- raw HTML omitted
-->sizeY</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>networkConnections()</code></td>
<td>localaddress<!-- raw HTML omitted -->localport<!-- raw HTML omitted
-->peeraddress<!-- raw HTML omitted -->peerport</td>
<td>localAddress<!-- raw HTML omitted -->localPort<!-- raw HTML omitted
-->peerAddress<!-- raw HTML omitted -->peerPort</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>networkInterfaces()</code></td>
<td>carrier_changes</td>
<td>carrierChanges</td>
<td>pascalCase conformity</td>
</tr>
<tr>
<td><code>processes()</code></td>
<td>mem_vsz<!-- raw HTML omitted -->mem_rss<!-- raw HTML omitted
-->pcpu<!-- raw HTML omitted -->pcpuu<!-- raw HTML omitted -->pcpus<!--
raw HTML omitted -->pmem</td>
<td>memVsz<!-- raw HTML omitted -->memRss<!-- raw HTML omitted
-->cpu<!-- raw HTML omitted -->cpuu<!-- raw HTML omitted -->cpus<!-- raw
HTML omitted -->mem</td>
<td>pascalCase conformity<!-- raw HTML omitted -->renamed
attributes</td>
</tr>
<tr>
<td><code>processLoad()</code></td>
<td>result as object</td>
<td>result as array of objects</td>
<td>function now allows to provide more than<!-- raw HTML omitted -->one
process (as a comma separated list)</td>
</tr>
<tr>
<td><code>services()</code></td>
<td>pcpu<!-- raw HTML omitted -->pmem</td>
<td>cpu<!-- raw HTML omitted -->mem</td>
<td>renamed attributes</td>
</tr>
<tr>
<td><code>vbox()</code></td>
<td>HPET<!-- raw HTML omitted -->PAE<!-- raw HTML omitted -->APIC<!--
raw HTML omitted -->X2APIC<!-- raw HTML omitted -->ACPI<!-- raw HTML
omitted -->IOAPIC<!-- raw HTML omitted -->biosAPICmode<!-- raw HTML
omitted -->TRC</td>
<td>hpet<!-- raw HTML omitted -->pae<!-- raw HTML omitted -->apic<!--
raw HTML omitted -->x2Apic<!-- raw HTML omitted -->acpi<!-- raw HTML
omitted -->ioApic<!-- raw HTML omitted -->biosApicMode<!-- raw HTML
omitted -->rtc</td>
<td>pascalCase conformity</td>
</tr>
</tbody>
</table>
<h4>Other Improvements and Changes</h4>
<ul>
<li><code>baseboard()</code>: added memMax, memSlots</li>
<li><code>bios()</code>: added language and features (linux)</li>
<li><code>blockDevices()</code> added raid group member (linux)</li>
<li><code>cpu()</code>: extended AMD processor list</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="da1cbf5eb0"><code>da1cbf5</code></a>
5.31.6</li>
<li><a
href="87dbb60f98"><code>87dbb60</code></a>
fix: smaller issues</li>
<li><a
href="1d1bddf812"><code>1d1bddf</code></a>
fix: smaller issues</li>
<li><a
href="f69576f8da"><code>f69576f</code></a>
fix: networkInterfaces() ci wip</li>
<li><a
href="78624d1567"><code>78624d1</code></a>
fix: networkInterfaces() ci</li>
<li><a
href="ed1cac537c"><code>ed1cac5</code></a>
5.31.5</li>
<li><a
href="4dd5aa9149"><code>4dd5aa9</code></a>
netStats() netstat command adaption (mac OS)</li>
<li><a
href="59360e6e2a"><code>59360e6</code></a>
5.31.4</li>
<li><a
href="3ef3f3befc"><code>3ef3f3b</code></a>
diskLayout() USB tahoe compatibility (mac OS)</li>
<li><a
href="8edd13034f"><code>8edd130</code></a>
5.31.3</li>
<li>Additional commits viewable in <a
href="https://github.com/sebhildebrandt/systeminformation/compare/v5.31.1...v5.31.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/maplibre/maputnik/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.8 to
26.0.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.10</h2>
<ul>
<li>feat: <code>getFixedT</code> accepts a fourth optional
<code>fixedOpts</code> argument carrying <code>scopeNs</code> — the full
namespace list the bound <code>t</code> was created for. The selector
API uses <code>scopeNs</code> to detect when a path's first segment is a
namespace prefix, <strong>without</strong> changing resolution scope.
Resolution still uses the bound <code>ns</code> (a single primary string
in the typical react-i18next setup), so plain <code>t('key')</code>
lookups stay isolated to the primary namespace exactly as before — only
<code>t($ => $.secondaryNs.foo)</code> selectors now route correctly
under <code>useTranslation([nsA, nsB])</code>. Fixes the runtime side of
<a
href="https://redirect.github.com/i18next/i18next/issues/2429">#2429</a>
for the <code>react-i18next</code> default-<code>nsMode</code> case. The
4th argument is opt-in: existing 3-arg <code>getFixedT(lng, ns,
keyPrefix)</code> callers see no behavior change.</li>
</ul>
<h2>v26.0.9</h2>
<ul>
<li>fix(types): unformatted interpolation values are now typed as
<code>string | number</code> (was <code>string</code>). i18next
stringifies values at runtime, so requiring callers to wrap numbers in
<code>String(...)</code> for plain <code>{{var}}</code> placeholders was
unnecessary friction — and could mask the real problem when a non-string
value was passed alongside multiple interpolation slots (the
<code>t()</code> overload resolution would fall through to the 3-arg
form and report a confusing "not assignable to string" error
against the options object). Typed format specifiers like <code>{{x,
number}}</code>, <code>{{x, currency}}</code>, <code>{{x,
datetime}}</code>, etc. keep their precise types; this only relaxes the
no-format default. The <code>count</code> variable remains
<code>number</code>-only</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.10</h2>
<ul>
<li>feat: <code>getFixedT</code> accepts a fourth optional
<code>fixedOpts</code> argument carrying <code>scopeNs</code> — the full
namespace list the bound <code>t</code> was created for. The selector
API uses <code>scopeNs</code> to detect when a path's first segment is a
namespace prefix, <strong>without</strong> changing resolution scope.
Resolution still uses the bound <code>ns</code> (a single primary string
in the typical react-i18next setup), so plain <code>t('key')</code>
lookups stay isolated to the primary namespace exactly as before — only
<code>t($ => $.secondaryNs.foo)</code> selectors now route correctly
under <code>useTranslation([nsA, nsB])</code>. Fixes the runtime side of
<a
href="https://redirect.github.com/i18next/i18next/issues/2429">#2429</a>
for the <code>react-i18next</code> default-<code>nsMode</code> case. The
4th argument is opt-in: existing 3-arg <code>getFixedT(lng, ns,
keyPrefix)</code> callers see no behavior change.</li>
</ul>
<h2>26.0.9</h2>
<ul>
<li>fix(types): unformatted interpolation values are now typed as
<code>string | number</code> (was <code>string</code>). i18next
stringifies values at runtime, so requiring callers to wrap numbers in
<code>String(...)</code> for plain <code>{{var}}</code> placeholders was
unnecessary friction — and could mask the real problem when a non-string
value was passed alongside multiple interpolation slots (the
<code>t()</code> overload resolution would fall through to the 3-arg
form and report a confusing "not assignable to string" error
against the options object). Typed format specifiers like <code>{{x,
number}}</code>, <code>{{x, currency}}</code>, <code>{{x,
datetime}}</code>, etc. keep their precise types; this only relaxes the
no-format default. The <code>count</code> variable remains
<code>number</code>-only</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="61eaf5be10"><code>61eaf5b</code></a>
26.0.10</li>
<li><a
href="47fd92f8aa"><code>47fd92f</code></a>
feat: getFixedT 4th-arg scopeNs decouples selector ns-detection from
resoluti...</li>
<li><a
href="caf33f6196"><code>caf33f6</code></a>
26.0.9</li>
<li><a
href="eed0146d95"><code>eed0146</code></a>
fix(types): relax unformatted interpolation values to <code>string |
number</code></li>
<li><a
href="170fb0a9e4"><code>170fb0a</code></a>
Modernize locize.com URLs and refresh UTM tags</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.8...v26.0.10">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
17.0.6 to 17.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.7</h2>
<ul>
<li>feat: <code>useTranslation([nsA, nsB, ...])</code> now passes its
full namespace list to <code>getFixedT</code> via the new
<code>scopeNs</code> opt (requires <code>i18next</code> ≥ v26.0.10).
This makes selector calls with a secondary-namespace prefix resolve
correctly under default <code>nsMode</code>: <code>t($ =>
$.nsB.foo)</code> previously missed silently because the bound
<code>ns</code> was the primary string only and i18next's selector
rewrite needed an array. Resolution semantics are unchanged — plain
<code>t('key')</code> lookups still stay isolated to the primary
namespace by default; use <code>nsMode: 'fallback'</code> to opt into
multi-ns fallback resolution as before. Fixes <a
href="https://redirect.github.com/i18next/i18next/issues/2429">i18next#2429</a>
for <code>useTranslation</code>-based callers.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e892a27a7"><code>5e892a2</code></a>
17.0.7</li>
<li><a
href="c8f4c6b564"><code>c8f4c6b</code></a>
feat: useTranslation([nsA,nsB]) routes selector secondary-ns prefix via
getFi...</li>
<li><a
href="084f9a650b"><code>084f9a6</code></a>
Modernize locize.com URLs and refresh UTM tags</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.6...v17.0.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.41.1
to 6.42.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/view/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/lint](https://github.com/codemirror/lint) from 6.9.5
to 6.9.6.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/lint/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[cypress-io/github-action](https://github.com/cypress-io/github-action)
from 7.1.10 to 7.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cypress-io/github-action/releases">cypress-io/github-action's
releases</a>.</em></p>
<blockquote>
<h2>v7.3.0</h2>
<h1><a
href="https://github.com/cypress-io/github-action/compare/v7.2.0...v7.3.0">7.3.0</a>
(2026-05-05)</h1>
<h3>Features</h3>
<ul>
<li>add <code>expose</code> input for Cypress.expose() API (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1749">#1749</a>)
(<a
href="dace029018">dace029</a>)</li>
</ul>
<h2>v7.2.0</h2>
<h1><a
href="https://github.com/cypress-io/github-action/compare/v7.1.10...v7.2.0">7.2.0</a>
(2026-05-04)</h1>
<h3>Features</h3>
<ul>
<li><strong>deps:</strong> remove Node.js 20 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1747">#1747</a>)
(<a
href="b7a7441d77">b7a7441</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cypress-io/github-action/blob/master/CHANGELOG.md">cypress-io/github-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>This document gives an overview of changes to the Cypress GitHub
JavaScript Action <a
href="https://github.com/cypress-io/github-action">cypress-io/github-action</a>.</p>
<p>See <a
href="https://github.com/cypress-io/github-action/releases">Releases</a>
for full details of changes.</p>
<table>
<thead>
<tr>
<th>Version</th>
<th>Changes</th>
</tr>
</thead>
<tbody>
<tr>
<td>v7.3.0</td>
<td>Add parameter <code>expose</code> for <a
href="https://docs.cypress.io/api/cypress-api/expose"><code>Cypress.expose()</code></a>
support</td>
</tr>
<tr>
<td>v7.2.0</td>
<td>Examples remove Node.js 20. End of support for Node.js 20.</td>
</tr>
<tr>
<td>v7.1.0</td>
<td>Add parameter <code>package-manager-cache</code></td>
</tr>
<tr>
<td>v7.0.0</td>
<td>Action runs under Node.js 24 instead of Node.js 20</td>
</tr>
<tr>
<td>v6.10.0</td>
<td>Examples remove Node.js 23. End of support for Node.js 23.</td>
</tr>
<tr>
<td>v6.9.0</td>
<td>Add parameter validation for <code>command</code></td>
</tr>
<tr>
<td>v6.8.0</td>
<td>Examples remove Node.js 18. End of support for Node.js 18.</td>
</tr>
<tr>
<td>v6.7.10</td>
<td>Examples updated to Cypress 14</td>
</tr>
<tr>
<td>v6.7.9</td>
<td>Migrate to <code>@actions/cache@4.0.0</code> for continued access to
GitHub Actions caching services</td>
</tr>
<tr>
<td>v6.7.0</td>
<td>Examples remove Node.js 21. End of support for Node.js 21.</td>
</tr>
<tr>
<td>v6.6.0</td>
<td>Add parameter <code>summary-title</code></td>
</tr>
<tr>
<td>v6.5.0</td>
<td>Examples remove Node.js 16. End of support for Node.js 16.</td>
</tr>
<tr>
<td>v6.4.0</td>
<td>Action adds PR number and URL if available when recording</td>
</tr>
<tr>
<td>v6.3.0</td>
<td>v6 is recommended action version</td>
</tr>
<tr>
<td>v6.2.0</td>
<td>Examples updated to Cypress 13</td>
</tr>
<tr>
<td>v6.1.0</td>
<td>Examples for Cypress 9 archived in action's <a
href="https://github.com/cypress-io/github-action/tree/v5">v5</a>
branch</td>
</tr>
<tr>
<td>v6.0.0</td>
<td>Action runs under Node.js 20 instead of Node.js 16</td>
</tr>
<tr>
<td>v5.8.1</td>
<td>Examples remove Node.js 19. End of support for Node.js 19</td>
</tr>
<tr>
<td>v5.8.0</td>
<td>Add GitHub step output <code>resultsUrl</code>. Deprecate
<code>dashboardUrl</code>.</td>
</tr>
<tr>
<td>v5.7.0</td>
<td>Add basic Yarn Modern Plug'n'Play support</td>
</tr>
<tr>
<td>v5.6.2</td>
<td>Examples add Node.js 20. End of support and removal of Node.js 14
examples.</td>
</tr>
<tr>
<td>v5.6.0</td>
<td>Add check for lockfile presence</td>
</tr>
<tr>
<td>v5.5.0</td>
<td>Examples add Yarn Modern</td>
</tr>
<tr>
<td>v5.4.0</td>
<td>Examples add Yarn Classic</td>
</tr>
<tr>
<td>v5.3.0</td>
<td>Add parameter <code>publish-summary</code> (default
<code>true</code>)</td>
</tr>
<tr>
<td>v5.2.0</td>
<td>Examples add Node.js 19</td>
</tr>
<tr>
<td>v5.1.0</td>
<td>Add parameter <code>auto-cancel-after-failures</code></td>
</tr>
<tr>
<td>v5.0.0</td>
<td>Examples add Node.js 18 and remove Node.js 12</td>
</tr>
<tr>
<td>v4.2.2</td>
<td>Dependency on GitHub <code>set-output</code> workflow command
removed</td>
</tr>
<tr>
<td>v4.2.0</td>
<td>Support for <code>pnpm</code> added</td>
</tr>
<tr>
<td>v4.0.0</td>
<td>Support for Cypress 10 and later versions added</td>
</tr>
<tr>
<td>v3</td>
<td>Action runs under Node.js 16 instead of Node.js 12</td>
</tr>
<tr>
<td>v2</td>
<td>Cypress runs using the <a
href="https://on.cypress.io/module-api">Module API</a></td>
</tr>
<tr>
<td>v1</td>
<td><em>This version is no longer runnable in GitHub due to security
changes.</em></td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dace029018"><code>dace029</code></a>
feat: add <code>expose</code> input for Cypress.expose() API (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1749">#1749</a>)</li>
<li><a
href="b7a7441d77"><code>b7a7441</code></a>
feat(deps): remove Node.js 20 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1747">#1747</a>)</li>
<li><a
href="66d3cedb63"><code>66d3ced</code></a>
chore(deps): lock file maintenance (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1748">#1748</a>)</li>
<li><a
href="b9f9a99294"><code>b9f9a99</code></a>
chore(deps): update eslint (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1746">#1746</a>)</li>
<li><a
href="81583aec50"><code>81583ae</code></a>
chore(deps): update dependency cypress to v15.14.2 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1745">#1745</a>)</li>
<li><a
href="911b44aa97"><code>911b44a</code></a>
chore(deps): update dependency webpack-cli to v7 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1742">#1742</a>)</li>
<li><a
href="da54419dc0"><code>da54419</code></a>
chore(renovate): disable pnpm version updates in actions (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1743">#1743</a>)</li>
<li><a
href="10b3f5091b"><code>10b3f50</code></a>
chore(renovate): disable pnpm/action-setup updates (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1739">#1739</a>)</li>
<li><a
href="8cbd2f496d"><code>8cbd2f4</code></a>
chore(renovate): restrict cypress/browsers to <25 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1740">#1740</a>)</li>
<li><a
href="3aebf9a821"><code>3aebf9a</code></a>
test(deps): update vite in examples to 8.0.10 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1741">#1741</a>)</li>
<li>See full diff in <a
href="c495c3ddff...dace029018">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.13 to
8.5.14.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.14</h2>
<ul>
<li>Fixed custom syntax regression (by <a
href="https://github.com/43081j"><code>@43081j</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.14</h2>
<ul>
<li>Fixed custom syntax regression (by <a
href="https://github.com/43081j"><code>@43081j</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ec13948ae"><code>3ec1394</code></a>
Release 8.5.14 version</li>
<li><a
href="f2bb827b20"><code>f2bb827</code></a>
Update dependencies</li>
<li><a
href="d75953d608"><code>d75953d</code></a>
Merge pull request <a
href="https://redirect.github.com/postcss/postcss/issues/2084">#2084</a>
from 43081j/raw-raws-rawing</li>
<li><a
href="68bd2139b5"><code>68bd213</code></a>
fix: always call <code>raw</code> to retrieve raw values</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.13...8.5.14">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Feat: Add drag and drop support to Upload Style area
Closes#911
---
### Problem
The Upload Style area only supported click-to-upload. Users could not
drag and drop a JSON file directly onto it.
### Fix
Added `onDragOver` and `onDrop` event handlers to the Upload Style area.
The dropped file is passed to the existing file reading logic already
used by the Upload button. A visual highlight is shown when dragging
over the area.
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.12 to
8.5.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.13</h2>
<ul>
<li>Fixed <code>postcss-scss</code> commend regression.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.13</h2>
<ul>
<li>Fixed <code>postcss-scss</code> commend regression.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af58cf1b7a"><code>af58cf1</code></a>
Release 8.5.13 version</li>
<li><a
href="f227dbd0e9"><code>f227dbd</code></a>
Temporary ignore pnpm 11 config</li>
<li><a
href="d3abd40d72"><code>d3abd40</code></a>
Update dependencies</li>
<li><a
href="dd06c3e113"><code>dd06c3e</code></a>
Revert stringifier changes because of the conflict with
postcss-scss</li>
<li><a
href="ae889c815f"><code>ae889c8</code></a>
Try to fix CI</li>
<li><a
href="e0093e49bc"><code>e0093e4</code></a>
Move to pnpm 11</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.12...8.5.13">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-i18next](https://github.com/i18next/react-i18next) from
17.0.4 to 17.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.6</h2>
<ul>
<li>fix: restore the v17 <code>nodesToString</code> output format
consumed by <code>i18next-cli</code>'s extractor while still rendering
<a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
correctly
<ul>
<li>17.0.5 fixed <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
by changing what <code>nodesToString</code> produced, which
inadvertently changed the extracted translation strings for keep-tags
wrapping non-keep React elements</li>
<li>The fix now lives in the renderer: indexed <code><N></code>
placeholders nested inside a keep-tag are scoped to that tag's own
original React children (matching kept tags by name and positional
occurrence at each level), so the translation string format produced by
<code>nodesToString</code> is unchanged</li>
</ul>
</li>
</ul>
<h2>17.0.5</h2>
<ul>
<li>fix: <code><Trans /></code> no longer breaks child rendering
when a kept HTML node (<code>transKeepBasicHtmlNodesFor</code>) wraps a
non-keep React element <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">1919</a>
— superseded by 17.0.6, which keeps the same runtime fix without
changing the <code>nodesToString</code> output</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb20d1886b"><code>cb20d18</code></a>
17.0.6</li>
<li><a
href="b8ad5e4afd"><code>b8ad5e4</code></a>
fix: scope indexed placeholders inside keep-tags at render time <a
href="https://redirect.github.com/i18next/react-i18next/issues/1919">#1919</a></li>
<li><a
href="75ce985016"><code>75ce985</code></a>
17.0.5</li>
<li><a
href="9803bb8005"><code>9803bb8</code></a>
fix: <Trans /> no longer breaks child rendering when a kept HTML
node (transK...</li>
<li><a
href="ec37a48d76"><code>ec37a48</code></a>
chore: ignore .env*, *.pem, *.key in .gitignore</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.4...v17.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.11 to
8.5.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.12</h2>
<ul>
<li>Fixed reading any file via user-generated CSS.</li>
<li>Added <code>opts.unsafeMap</code> to disable checks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9bc81c48f0"><code>9bc81c4</code></a>
Release 8.5.12 version</li>
<li><a
href="85c4d7dab8"><code>85c4d7d</code></a>
Another try to fix coverage</li>
<li><a
href="94484cae6d"><code>94484ca</code></a>
Try to fix coverage</li>
<li><a
href="c64b7488d2"><code>c64b748</code></a>
Load only .map source maps</li>
<li><a
href="aaec7b78b3"><code>aaec7b7</code></a>
Avoid throwing JSON parsing errors for non-JSON source maps</li>
<li><a
href="233fb264ea"><code>233fb26</code></a>
Mention original author of the solution</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.11...8.5.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.10 to
8.5.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.11</h2>
<ul>
<li>Fixed nested brackets parsing performance (by <a
href="https://github.com/offset"><code>@offset</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2502f75030"><code>2502f75</code></a>
Release 8.5.11 version</li>
<li><a
href="5ca1901949"><code>5ca1901</code></a>
Speed up parsing many nested brackets</li>
<li><a
href="42b5337dd7"><code>42b5337</code></a>
Update dependencies</li>
<li><a
href="7e36e153d0"><code>7e36e15</code></a>
Cache node.raws locally in Stringifier hot methods</li>
<li><a
href="8ec62b157b"><code>8ec62b1</code></a>
Bypass MapGenerator for no-source-map stringify in LazyResult</li>
<li>See full diff in <a
href="https://github.com/postcss/postcss/compare/8.5.10...8.5.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.7 to
26.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.8</h2>
<ul>
<li>fix(types): restore the pre-v25.10.4 <code>ExistsFunction</code>
shape so plain arrow functions can again be assigned to
<code>ExistsFunction</code>-typed variables (TypeScript cannot infer
type predicates through multi-overload assignment). Direct
<code>i18next.exists(key)</code> calls still narrow <code>key</code> to
<code>SelectorKey</code> — the predicate is now declared inline on
<code>i18n.exists</code>. Custom wrappers that want the narrowing can
type themselves as <code>typeof i18next.exists</code> <a
href="https://redirect.github.com/i18next/i18next/issues/2425">2425</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ea438f841"><code>3ea438f</code></a>
26.0.8</li>
<li><a
href="5176bbd7a1"><code>5176bbd</code></a>
retry version bump</li>
<li><a
href="10b48c6193"><code>10b48c6</code></a>
26.0.8</li>
<li><a
href="9fdd99a919"><code>9fdd99a</code></a>
retry version bump</li>
<li><a
href="9ee7da174d"><code>9ee7da1</code></a>
changelog</li>
<li><a
href="8ce5e268de"><code>8ce5e26</code></a>
26.0.8</li>
<li><a
href="e802567c9c"><code>e802567</code></a>
fix(types): restore <code>ExistsFunction</code> shape to keep
arrow-function wrappers as...</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.7...v26.0.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.6 to
26.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.7</h2>
<ul>
<li>fix: when a plural lookup misses, the <code>missingKey</code> debug
log now shows the actual plural-resolved key (e.g.
<code>foo.bar_many</code> for Polish <code>count: 14</code>) instead of
the base key — making it obvious which plural category was expected and
missing <a
href="https://redirect.github.com/i18next/i18next/issues/2423">2423</a></li>
<li>chore: drop <code>@babel/runtime</code> runtime dependency. The
build no longer generates any <code>@babel/runtime</code> imports, so
the package is unused by consumers. Rollup now uses <code>babelHelpers:
'bundled'</code> so any helpers that are ever needed in the future will
be inlined rather than imported externally <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
<li>chore: stop emitting <code>dist/esm/i18next.bundled.js</code>. It
was byte-identical to <code>dist/esm/i18next.js</code> because no
helpers were being imported <a
href="https://redirect.github.com/i18next/i18next/issues/2424">2424</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce06fba2a5"><code>ce06fba</code></a>
26.0.7</li>
<li><a
href="ca33377537"><code>ca33377</code></a>
chore: drop unused <code>@babel/runtime</code> dep and redundant
bundled ESM output</li>
<li><a
href="8abe4e66ce"><code>8abe4e6</code></a>
fix: show resolved plural key in missingKey debug log</li>
<li><a
href="073eb1068a"><code>073eb10</code></a>
ts tests fix</li>
<li><a
href="a3dfb180d8"><code>a3dfb18</code></a>
security tests</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.6...v26.0.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18next](https://github.com/i18next/i18next) from 26.0.5 to
26.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/releases">i18next's
releases</a>.</em></p>
<blockquote>
<h2>v26.0.6</h2>
<p>Security release — all issues found via an internal audit. GHSA
advisory filed after release.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the security
docs for mitigation guidance (GHSA-TBD)</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.6</h2>
<p>Security release — all issues found via an internal audit.</p>
<ul>
<li>security: warn when a translation string combines <code>escapeValue:
false</code> with interpolated variables inside a <code>$t(key, { ...
"{{var}}" ... })</code> nesting-options block. In that narrow
combination, attacker-controlled string values containing
<code>"</code> can break out of the JSON options literal and inject
additional nesting options (e.g. redirect
<code>lng</code>/<code>ns</code>). The default <code>escapeValue:
true</code> configuration is unaffected because HTML-escaping
neutralises the quote before <code>JSON.parse</code>. See the <a
href="https://www.i18next.com/translation-function/nesting#security-note-interpolated-values-inside-a-nesting-options-block">security
note in the Nesting docs</a> for the full pattern and mitigations</li>
<li>security: apply <code>regexEscape</code> to
<code>unescapePrefix</code> / <code>unescapeSuffix</code> on par with
the other interpolation delimiters. Prevents ReDoS
(catastrophic-backtracking) when a misconfigured delimiter contains
regex metacharacters, and fixes silent breakage of the <code>{{-
var}}</code> syntax when the delimiter contains characters like
<code>(</code>, <code>[</code>, <code>.</code></li>
<li>security: strip CR/LF/NUL and other C0/C1 control characters from
string log arguments to prevent log forging via user-controlled
translation keys, language codes, namespaces, or interpolation variable
names (CWE-117)</li>
<li>chore: ignore <code>.env*</code> and
<code>*.pem</code>/<code>*.key</code> files in
<code>.gitignore</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d0ed9f98e"><code>9d0ed9f</code></a>
26.0.6</li>
<li><a
href="8c82564437"><code>8c82564</code></a>
security: hardening for 26.0.6 — nesting-options warning, regexEscape
unescap...</li>
<li><a
href="0cb018c363"><code>0cb018c</code></a>
chore: bump devDependencies</li>
<li>See full diff in <a
href="https://github.com/i18next/i18next/compare/v26.0.5...v26.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.41.0
to 6.41.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/view/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:59:07 +00:00
23 changed files with 848 additions and 653 deletions
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
