fix(deps): update dependency i18next to v26#813
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
Conversation
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
from
b1a92ba to
7c0f123
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
2 times, most recently
from
8bc524f to
81c5527
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
from
81c5527 to
3137aa8
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
from
3137aa8 to
a39ca4e
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^25.8.18→^26.0.8Release Notes
i18next/i18next (i18next)
v26.0.8Compare Source
ExistsFunctionshape so plain arrow functions can again be assigned toExistsFunction-typed variables (TypeScript cannot infer type predicates through multi-overload assignment). Directi18next.exists(key)calls still narrowkeytoSelectorKey— the predicate is now declared inline oni18n.exists. Custom wrappers that want the narrowing can type themselves astypeof i18next.exists2425v26.0.7Compare Source
missingKeydebug log now shows the actual plural-resolved key (e.g.foo.bar_manyfor Polishcount: 14) instead of the base key — making it obvious which plural category was expected and missing 2423@babel/runtimeruntime dependency. The build no longer generates any@babel/runtimeimports, so the package is unused by consumers. Rollup now usesbabelHelpers: 'bundled'so any helpers that are ever needed in the future will be inlined rather than imported externally 2424dist/esm/i18next.bundled.js. It was byte-identical todist/esm/i18next.jsbecause no helpers were being imported 2424v26.0.6Compare Source
Security release — all issues found via an internal audit.
escapeValue: falsewith interpolated variables inside a$t(key, { ... "{{var}}" ... })nesting-options block. In that narrow combination, attacker-controlled string values containing"can break out of the JSON options literal and inject additional nesting options (e.g. redirectlng/ns). The defaultescapeValue: trueconfiguration is unaffected because HTML-escaping neutralises the quote beforeJSON.parse. See the security note in the Nesting docs for the full pattern and mitigationsregexEscapetounescapePrefix/unescapeSuffixon par with the other interpolation delimiters. Prevents ReDoS (catastrophic-backtracking) when a misconfigured delimiter contains regex metacharacters, and fixes silent breakage of the{{- var}}syntax when the delimiter contains characters like(,[,..env*and*.pem/*.keyfiles in.gitignorev26.0.5Compare Source
cloneInstance().changeLanguage()no longer fails to update language state when the target language is not yet loaded — a race betweeninit()'s deferredload()and the user'schangeLanguage()could overwriteisLanguageChangingTo, causingsetLngPropsto be skipped 2422v26.0.4Compare Source
v26.0.3Compare Source
v26.0.2Compare Source
v26.0.1Compare Source
v26.0.0Compare Source
v25.10.10Compare Source
v25.10.9Compare Source
v25.10.8Compare Source
v25.10.7Compare Source
v25.10.6Compare Source
v25.10.5Compare Source
keyPrefixingetFixedTnow provide full type-safe key narrowing — the returnedtfunction is scoped to the prefix subtree 2367v25.10.4Compare Source
exists()is now a type guard that narrows the key toSelectorKey, so a validated key can be passed directly tot()2364v25.10.3Compare Source
v25.10.2Compare Source
keyFromSelectoris now type-safe — the selector callback is constrained against your resource definitions, catching invalid keys at compile time. Supports optionalnsandkeyPrefixoptions for non-default namespace/prefix contexts 2364v25.10.1Compare Source
FilterKeysnow correctly excludes base keys that have context variants when the provided context doesn't match any of them (e.g. keysomewith variantsome_meis no longer accessible withcontext="one")v25.10.0Compare Source
keyFromSelectornow returns a brandedSelectorKeytype thatt()accepts directly, enabling pre-computed and reusable translation keys 2364keyPrefixingetFixedTand per-call options 2367{{val, number}}requiresnumber,{{val, datetime}}requiresDate,{{name}}requiresstring, etc. Custom formatters can be typed viainterpolationFormatTypeMapinCustomTypeOptions2378FilterKeysin selector mode now preserves non-context, non-plural leaf keys whencontextis provided, fixing incorrect type narrowing when combiningreturnObjects: truewithcontext2398v25.9.0Compare Source
{ count: number }when a key resolves to plural forms 2373v25.8.20Compare Source
getFixedT()selector now resolves namespaces against the effectivensrather than the global init options #2406v25.8.19Compare Source
nsand primary namespace in array #2405. Reverts the broad namespace-prefix rewrite from v25.8.15 and replaces it with a targeted fix that only rewrites paths starting with a secondary namespace in a multi-namespace array, matching the type-level contract ofGetSourceConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.