deps(deps): bump the production-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates in the / directory: i18next, react-i18next and toktrack.

Updates i18next from 26.0.6 to 26.0.8

Release notes

Sourced from i18next's releases.

v26.0.8

• fix(types): restore the pre-v25.10.4 ExistsFunction shape so plain arrow functions can again be assigned to ExistsFunction-typed variables (TypeScript cannot infer type predicates through multi-overload assignment). Direct i18next.exists(key) calls still narrow key to SelectorKey — the predicate is now declared inline on i18n.exists. Custom wrappers that want the narrowing can type themselves as typeof i18next.exists 2425

v26.0.7

• fix: when a plural lookup misses, the missingKey debug log now shows the actual plural-resolved key (e.g. foo.bar_many for Polish count: 14) instead of the base key — making it obvious which plural category was expected and missing 2423
• chore: drop @babel/runtime runtime dependency. The build no longer generates any @babel/runtime imports, so the package is unused by consumers. Rollup now uses babelHelpers: 'bundled' so any helpers that are ever needed in the future will be inlined rather than imported externally 2424
• chore: stop emitting dist/esm/i18next.bundled.js. It was byte-identical to dist/esm/i18next.js because no helpers were being imported 2424

Changelog

Sourced from i18next's changelog.

26.0.8

• fix(types): restore the pre-v25.10.4 ExistsFunction shape so plain arrow functions can again be assigned to ExistsFunction-typed variables (TypeScript cannot infer type predicates through multi-overload assignment). Direct i18next.exists(key) calls still narrow key to SelectorKey — the predicate is now declared inline on i18n.exists. Custom wrappers that want the narrowing can type themselves as typeof i18next.exists 2425

26.0.7

• fix: when a plural lookup misses, the missingKey debug log now shows the actual plural-resolved key (e.g. foo.bar_many for Polish count: 14) instead of the base key — making it obvious which plural category was expected and missing 2423
• chore: drop @babel/runtime runtime dependency. The build no longer generates any @babel/runtime imports, so the package is unused by consumers. Rollup now uses babelHelpers: 'bundled' so any helpers that are ever needed in the future will be inlined rather than imported externally 2424
• chore: stop emitting dist/esm/i18next.bundled.js. It was byte-identical to dist/esm/i18next.js because no helpers were being imported 2424

Commits

• 3ea438f 26.0.8
• 5176bbd retry version bump
• 10b48c6 26.0.8
• 9fdd99a retry version bump
• 9ee7da1 changelog
• 8ce5e26 26.0.8
• e802567 fix(types): restore ExistsFunction shape to keep arrow-function wrappers as...
• ce06fba 26.0.7
• ca33377 chore: drop unused @​babel/runtime dep and redundant bundled ESM output
• 8abe4e6 fix: show resolved plural key in missingKey debug log
• Additional commits viewable in compare view

Updates react-i18next from 17.0.4 to 17.0.6

Changelog

Sourced from react-i18next's changelog.

17.0.6

• fix: restore the v17 nodesToString output format consumed by i18next-cli's extractor while still rendering 1919 correctly
  • 17.0.5 fixed 1919 by changing what nodesToString produced, which inadvertently changed the extracted translation strings for keep-tags wrapping non-keep React elements
  • The fix now lives in the renderer: indexed <N> placeholders nested inside a keep-tag are scoped to that tag's own original React children (matching kept tags by name and positional occurrence at each level), so the translation string format produced by nodesToString is unchanged

17.0.5

• fix: <Trans /> no longer breaks child rendering when a kept HTML node (transKeepBasicHtmlNodesFor) wraps a non-keep React element 1919 — superseded by 17.0.6, which keeps the same runtime fix without changing the nodesToString output

Commits

• cb20d18 17.0.6
• b8ad5e4 fix: scope indexed placeholders inside keep-tags at render time #1919
• 75ce985 17.0.5
• 9803bb8 fix: <Trans /> no longer breaks child rendering when a kept HTML node (transK...
• ec37a48 chore: ignore .env*, *.pem, *.key in .gitignore
• See full diff in compare view

Updates toktrack from 2.5.0 to 2.6.0

Changelog

Sourced from toktrack's changelog.

2.6.0 (2026-04-27)

Features

• services: expose provider info in JSON model breakdown (#134) (#135) (a82e4b3)

Commits

• b2ae316 chore(main): release 2.6.0 (#136)
• a82e4b3 feat(services): expose provider info in JSON model breakdown (#134) (#135)
• fd98e71 chore(deps): bump rayon from 1.11.0 to 1.12.0 (#131)
• f6ee3f5 chore(deps): bump tokio from 1.51.1 to 1.52.1 (#133)
• e5d18b0 chore(deps): bump clap from 4.6.0 to 4.6.1 (#132)
• 3758b24 chore(ci): bump dawidd6/action-homebrew-bump-formula from 6 to 7 (#130)
• bf50cd3 docs(npm): add Homebrew install section and remove dead crates.io badge (#129)
• See full diff in compare view

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	toktrack@​2.5.0 ⏵ 2.6.0			+3
	i18next@​26.0.6 ⏵ 26.0.8	+1			+1
	react-i18next@​17.0.4 ⏵ 17.0.6	+1			+2

View full report

[tyl3r-ch]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Warning

Rate limit exceeded

@tyl3r-ch has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 39 minutes and 40 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 11c038dd-198c-40e4-bf4d-d386d60bdb5f

📥 Commits

Reviewing files that changed from the base of the PR and between 8eb3be1 and 991bf9d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json

📒 Files selected for processing (8)

• package.json
• shared/toktrack-version.d.ts
• shared/toktrack-version.js
• tests/e2e/helpers.ts
• tests/unit/api.test.ts
• tests/unit/auto-import.test.ts
• tests/unit/runtime-state.test.ts
• tests/unit/startup-runtime.test.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot-npm_and_yarn-main-production-dependencies-6a8533671c

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}