fix(deps): update dependency i18next from v25.10.10 to v26#853
Open
renovate[bot] wants to merge 1 commit into
Open
fix(deps): update dependency i18next from v25.10.10 to v26#853renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #853 +/- ##
=========================================
Coverage 80.14% 80.14%
+ Complexity 1523 1522 -1
=========================================
Files 204 204
Lines 5707 5707
Branches 374 374
=========================================
Hits 4574 4574
Misses 905 905
Partials 228 228 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
5 times, most recently
from
c2ffc3b to
e0385f1
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
2 times, most recently
from
2b27a9d to
2fbcb61
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
2 times, most recently
from
f5344dd to
a39a5f3
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
2 times, most recently
from
673aa02 to
2cef403
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
2 times, most recently
from
468186a to
a63d80c
Compare
|
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
3 times, most recently
from
abf0caf to
b783786
Compare
renovate
Bot
force-pushed
the
renovate/i18next-26.x
branch
from
b783786 to
99c6af1
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
25.10.10→26.3.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
i18next/i18next (i18next)
v26.3.0Compare Source
ResourceNamespaceMap— a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a singleCustomTypeOptions.resourcesdeclaration (or fall back to typing dependency namespaces asany) becauseresourcesis a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally acrossdeclare module 'i18next'blocks, so each package can ship its owni18next.d.tsindependently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoningt()overload resolution. Fully backwards-compatible — existingCustomTypeOptions.resourcesaugmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS,returnNull,enableSelector, etc.) still belong onCustomTypeOptions. Thanks @sh3xu (#2434). Fixes #2409.v26.2.0Compare Source
parseInterpolationTypeOption (defaulttrue). When set tofalseinCustomTypeOptions, the type-level extractor stops parsing translation strings for{{variable}}patterns. Required byi18next-icuusers — the default extractor mistakes ICU MessageFormat nested-brace plurals like{count, plural, one {{count} row} other {{count} rows}}for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed byInterpolationOptionsand is unaffected. Fixes i18next-icu#85.enableSelectoronInitOptionssoi18next.init({ enableSelector: 'strict' })typechecks without a module augmentation. The runtime already readsopts?.enableSelectorfrom init options; this lands the matching type declaration next to the other selector-resolution knobs. Acceptsfalse | true | 'optimize' | 'strict'. Thanks @Faithfinder (#2431)v26.1.0Compare Source
enableSelector: 'strict'(TypeOptions + runtime option). Opt-in mode that drops the flattened-primary form fromNsResourceat the type level — every namespace (primary included) is exposed only under its own key on$, uniformly across single- and multi-ns hooks. At runtime, a leading selector path segment matching the scope's namespace list is always rewritten as a namespace prefix, including the primary. Eliminates the silent-miss surface area wheret($ => $.primary.foo)typechecks but doesn't resolve under the default mode (see #2429). Backward-compatible: defaultenableSelector: false | true | 'optimize'behavior is unchanged. Note: strict mode is incompatible with the #2405 pattern (keys whose names match sibling namespaces) — those users should stay on default mode.v26.0.10Compare Source
getFixedTaccepts a fourth optionalfixedOptsargument carryingscopeNs— the full namespace list the boundtwas created for. The selector API usesscopeNsto detect when a path's first segment is a namespace prefix, without changing resolution scope. Resolution still uses the boundns(a single primary string in the typical react-i18next setup), so plaint('key')lookups stay isolated to the primary namespace exactly as before — onlyt($ => $.secondaryNs.foo)selectors now route correctly underuseTranslation([nsA, nsB]). Fixes the runtime side of #2429 for thereact-i18nextdefault-nsModecase. The 4th argument is opt-in: existing 3-arggetFixedT(lng, ns, keyPrefix)callers see no behavior change.v26.0.9Compare Source
string | number(wasstring). i18next stringifies values at runtime, so requiring callers to wrap numbers inString(...)for plain{{var}}placeholders was unnecessary friction — and could mask the real problem when a non-string value was passed alongside multiple interpolation slots (thet()overload resolution would fall through to the 3-arg form and report a confusing "not assignable to string" error against the options object). Typed format specifiers like{{x, number}},{{x, currency}},{{x, datetime}}, etc. keep their precise types; this only relaxes the no-format default. Thecountvariable remainsnumber-onlyv26.0.8Compare Source
ExistsFunctionshape so plain arrow functions can again be assigned toExistsFunction-typed variables (TypeScript cannot infer type predicates through multi-overload assignment). Directi18next.exists(key)calls still narrowkeytoSelectorKey— the predicate is now declared inline oni18n.exists. Custom wrappers that want the narrowing can type themselves astypeof i18next.exists2425v26.0.7Compare Source
missingKeydebug log now shows the actual plural-resolved key (e.g.foo.bar_manyfor Polishcount: 14) instead of the base key — making it obvious which plural category was expected and missing 2423@babel/runtimeruntime dependency. The build no longer generates any@babel/runtimeimports, so the package is unused by consumers. Rollup now usesbabelHelpers: 'bundled'so any helpers that are ever needed in the future will be inlined rather than imported externally 2424dist/esm/i18next.bundled.js. It was byte-identical todist/esm/i18next.jsbecause no helpers were being imported 2424v26.0.6Compare Source
Security release — all issues found via an internal audit.
escapeValue: falsewith interpolated variables inside a$t(key, { ... "{{var}}" ... })nesting-options block. In that narrow combination, attacker-controlled string values containing"can break out of the JSON options literal and inject additional nesting options (e.g. redirectlng/ns). The defaultescapeValue: trueconfiguration is unaffected because HTML-escaping neutralises the quote beforeJSON.parse. See the security note in the Nesting docs for the full pattern and mitigationsregexEscapetounescapePrefix/unescapeSuffixon par with the other interpolation delimiters. Prevents ReDoS (catastrophic-backtracking) when a misconfigured delimiter contains regex metacharacters, and fixes silent breakage of the{{- var}}syntax when the delimiter contains characters like(,[,..env*and*.pem/*.keyfiles in.gitignorev26.0.5Compare Source
cloneInstance().changeLanguage()no longer fails to update language state when the target language is not yet loaded — a race betweeninit()'s deferredload()and the user'schangeLanguage()could overwriteisLanguageChangingTo, causingsetLngPropsto be skipped 2422v26.0.4Compare Source
v26.0.3Compare Source
v26.0.2Compare Source
v26.0.1Compare Source
v26.0.0Compare Source
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.