deps: bump the dependencies group with 20 updates

[dependabot]

Updates the requirements on @astrojs/mdx, @astrojs/preact, @astrojs/react, @dicebear/core, @posthog/types, @sentry/astro, @tsparticles/engine, @tsparticles/preset-snow, date-fns, i18next, js-cookie, next, oxfmt, posthog-js, vite, @vitest/coverage-v8, astro, eslint, oxlint and vitest to permit the latest version.
Updates @astrojs/mdx to 6.0.2

Release notes

Sourced from @​astrojs/mdx's releases.

@​astrojs/mdx@​6.0.2

Patch Changes

• #16955 9a93d68 Thanks @​Princesseuh! - Updates Sätteri processor to v0.8.0. See its changelog for details on bugs fixed and features added.

• Updated dependencies [9a93d68]:

  • @​astrojs/markdown-satteri@​0.2.2

Changelog

Sourced from @​astrojs/mdx's changelog.

6.0.2

Patch Changes

• #16955 9a93d68 Thanks @​Princesseuh! - Updates Sätteri processor to v0.8.0. See its changelog for details on bugs fixed and features added.

• Updated dependencies [9a93d68]:

  • @​astrojs/markdown-satteri@​0.2.2

6.0.1

Patch Changes

• Updated dependencies [eeb064c]:
  • @​astrojs/markdown-satteri@​0.2.1

6.0.0

Major Changes

• #16848 f732f3c Thanks @​Princesseuh! - Adds a new markdown.processor configuration option, allowing you to choose an alternative Markdown processor.

  Websites with many Markdown/MDX files tend to be slow to build because the unified ecosystem (e.g., remark, rehype) is slow to process. This feature introduces the ability to replace this part of the build pipeline with another processor.

  The default processor is unified(). This means that existing configurations remain unchanged and your remark/rehype plugins continue to work.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { unified } from '@astrojs/markdown-remark';
  import remarkToc from 'remark-toc';
  export default defineConfig({
  markdown: {
  processor: unified({
  remarkPlugins: [remarkToc],
  }),
  },
  });

  In addition to this new configuration option, Astro provides a new alternative processor based on Rust: Sätteri. You can choose to use it now by installing @astrojs/markdown-satteri, importing the satteri() processor, and adapting your existing configuration:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { satteri } from '@astrojs/markdown-satteri';
  export default defineConfig({
  markdown: {

... (truncated)

Commits

• See full diff in compare view

Updates @astrojs/preact to 5.1.5

Release notes

Sourced from @​astrojs/preact's releases.

@​astrojs/preact@​5.1.5

Patch Changes

• #16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

Changelog

Sourced from @​astrojs/preact's changelog.

5.1.5

Patch Changes

• #16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

5.1.4

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

5.1.3

Patch Changes

• Updated dependencies [d365c97]:
  • @​astrojs/internal-helpers@​0.9.1

5.1.2

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

5.1.1

Patch Changes

• #16180 1d1448c Thanks @​matthewp! - Pre-optimizes @preact/signals and preact/hooks in the Vite dep optimizer to prevent late discovery triggering full page reloads during dev

5.1.0

Minor Changes

• #15862 06fba3a Thanks @​crutchcorn! - Adds support for passing a Babel config to the Preact Vite Plugin:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import preact from '@astrojs/preact';
  export default defineConfig({
  integrations: [
  preact({
  babel: {
  generatorOpts: {
  importAttributesKeyword: 'with',

... (truncated)

Commits

• 75ae5df [ci] release (#16912)
• 17a0fbd chore(deps): update devalue (#16900)
• See full diff in compare view

Updates @astrojs/react to 5.0.7

Release notes

Sourced from @​astrojs/react's releases.

@​astrojs/react@​5.0.7

Patch Changes

• #16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

Changelog

Sourced from @​astrojs/react's changelog.

5.0.7

Patch Changes

• #16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

5.0.6

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

5.0.5

Patch Changes

• Updated dependencies [d365c97]:
  • @​astrojs/internal-helpers@​0.9.1

5.0.4

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

5.0.3

Patch Changes

• #16224 a2b9eeb Thanks @​fkatsuhiro! - Fix React 19 "Float" mechanism injecting into Astro islands instead of the . This PR adds a filter to @​astrojs/react to strip these auto-generated resource from the island's HTML output, ensuring valid HTML structure.

5.0.2

Patch Changes

• #15378 a8a926e Thanks @​dmgawel! - Fix React hydration errors when using conditional slot rendering

• #15146 f771f75 Thanks @​kedarvartak! - Fixes hydration mismatch when using experimentalReactChildren

• #14917 769265b Thanks @​sanjaiyan-dev! - Refactors to improve the performance of rendering static HTML content in React

5.0.1

Patch Changes

• #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

5.0.0

... (truncated)

Commits

• 75ae5df [ci] release (#16912)
• 17a0fbd chore(deps): update devalue (#16900)
• See full diff in compare view

Updates @dicebear/core to 10.0.2

Changelog

Sourced from @​dicebear/core's changelog.

[10.0.2] - 2026-06-02

Fixed

• Core: Numeric values in rendered SVGs are now consistently rounded to at most 5 decimal places, so the JavaScript and PHP libraries produce byte-identical output for every input. Previously, fractional or very small/large values — e.g. a fractional borderRadius or translateX, component transforms, or gradient stop offsets — could be stringified differently between languages (scientific notation, differing precision). Avatars built from whole-number options are unaffected.
• Core (PHP): Prng::float now rounds halves toward +Infinity (matching the JavaScript reference's Math.round) instead of PHP's native round(), which rounds halves away from zero. The two diverged for negative values landing exactly on a .5 boundary, so a PHP-rendered avatar could differ from the JavaScript one by 0.0001 in a rotate/translate transform or color angle for certain seeds. Output is now byte-identical across languages.
• Core (PHP): Initials are now derived correctly from seeds containing multibyte letters such as ü or ô. The quote-stripping step was missing the /u (Unicode) flag, so it removed raw UTF-8 bytes and corrupted those letters — e.g. über and côté produced wrong or empty initials instead of ÜB / CÔ. The PHP output now matches the JavaScript reference.
• Core: Range options (scale, borderRadius, rotate, translateX/translateY, and per-color angle/fill-stops) given as a single-element array [n] are now treated as the fixed value n — identical to the scalar n — and an empty array [] falls back to the option's default. Both forms are permitted by the schema. Previously the behaviour diverged: the JavaScript library emitted NaN (e.g. scale(NaN)), while PHP dropped [n] to the default. All three now agree.

[10.0.1] - 2026-05-29

Fixed

• CLI: dicebear --version and dicebear --help no longer fail by trying to read a file named --version/--help. The definition path is now resolved via the argument parser, so flags (and the values they consume) before the path are handled correctly — e.g. dicebear --json my-style.json and dicebear --count 2 my-style.json.

[10.0.0] - 2026-05-27

See the v10.0.0 release notes.

Added

• 6 new avatar styles: Disco, Glyphs, Initial Face, Shape Grid, Stripes, and Triangles.
• PHP library: A new PHP implementation that produces identical output to

... (truncated)

Commits

• a937fc4 v10.0.2
• 15a1d7e fix(core): treat a single-element range array as a fixed value
• eae4641 fix(core): derive initials correctly from multibyte seeds in PHP
• 1d33fde fix(core): round Prng::float halves toward +Infinity for cross-language parity
• eb66c76 fix(core): round SVG numbers to at most 5 decimal places (#530)
• 30877ba docs: use absolute URLs for internal README links
• 3628c9c Remove prepare-publish npm script
• 37b2b2d ci: bump checkout/setup-node to v5 and test.yml ref to 10.x
• 369a975 fix(editor): resolve probability key from component name, not variant key
• 2489166 fix(docs): add JSON import attribute to generated code examples
• Additional commits viewable in compare view

Updates @posthog/types to 1.379.3

Release notes

Sourced from @​posthog/types's releases.

@​posthog/types@​1.379.3

1.379.3

Changelog

Sourced from @​posthog/types's changelog.

1.379.3

1.379.2

1.379.1

1.379.0

1.378.1

1.378.0

Minor Changes

• #3688 8181354 Thanks @​pauldambra! - feat(persistence): add persistence_save_debounce_ms config option to coalesce rapid storage saves into a single write. Setting a positive value debounces writes to localStorage/cookie by that window; the in-memory props object still updates synchronously so within-tab reads see the latest values immediately, and pending writes flush on beforeunload and pagehide so no state is lost on tab close. Cross-tab storage events are reduced proportionally to the debounce window. Defaults to 0 (no debouncing) for backwards compatibility. On pages that capture many events per second, 250 is a reasonable starting point. The new 2026-05-30 config default opts into persistence_save_debounce_ms: 250 automatically. (2026-06-01)

1.377.0

1.376.6

1.376.5

1.376.4

1.376.3

1.376.2

1.376.1

1.376.0

1.375.0

Minor Changes

• #3641 2e1d5f4 Thanks @​dustinbyrne! - Add flag_keys config to restrict browser feature flag remote evaluation to specific flag keys. (2026-05-21)

1.374.4

1.374.3

Patch Changes

• #3607 557b893 Thanks @​eli-r-ph! - Enable $web_vitals reporting when cookieless mode is enabled (2026-05-20)

1.374.2

... (truncated)

Commits

• b539fcb chore: update versions and lockfile [version bump]
• 79de441 chore: update versions and lockfile [version bump]
• 4a8cacc chore: add Sentry attribution comments (#3738)
• 808862d chore: update versions and lockfile [version bump]
• f052bd7 chore: update versions and lockfile [version bump]
• bf3b3f0 chore: update versions and lockfile [version bump]
• 91b1ee3 chore: update versions and lockfile [version bump]
• 8181354 feat(persistence): optional persistence_save_debounce_ms to coalesce saves ...
• 2634440 chore: update versions and lockfile [version bump]
• 88bd500 chore: update versions and lockfile [version bump]
• Additional commits viewable in compare view

Updates @sentry/astro to 10.56.0

Release notes

Sourced from @​sentry/astro's releases.

10.56.0

Important Changes

• feat(deno): Redis diagnostics channel based integration for Deno (#21087)

  Adds Redis integration support for Deno, covering both redis and ioredis clients.

Other Changes

• feat(cloudflare): Only capture workflow step error on final retry attempt (#21025)
• feat(hono): Emit warning if @sentry/node was imported instead of @sentry/hono/node (#21240)
• feat(node): Use ioredis tracing channels (#21187)
• fix(browser): Correctly parse sampleRate when consistentTraceSampling is enabled (#21281)
• fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Agents (#21101)
• fix(cloudflare): Wait for span links to be set (#21167)
• fix(core): Use WeakRef for Span-Scope circular references (#21242)
• fix(node): Vendor InstrumentationNodeModuleFile to fix Bun --bytecode crash (#21262)
• fix(profiling-node): Ensure node version support warning includes latest 26 (#21229)

• chore: Ignore scheduled_tasks.lock (#21252)
• chore: Promote lint warnings to errors (#21213)
• chore(docs): Document how to support a new node version (#21228)
• chore(size-limit): Weekly auto-bump (#21243)
• chore(skills): Add linear-project-status skill (#21214)
• chore(skills): Add linear-project-update skill (#21233)
• chore(skills): Improve triage-issue skill (#21257)
• chore(skills): Update linear-project-status skill with more details & context (#21234)
• feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#21263)
• feat(server-utils): Initial scaffolding (#21200)
• ref(cloudflare): Move D1 instrumentation (#21266)
• ref(node): Refactor usage of hrTime utilities from @opentelemetry/core (#21191)
• ref(node): Stop mutating OTel RPC metadata to set http.route (#21193)
• ref(opentelemetry): Vendor minimal TraceState implementation (#21192)
• test(browser): Add unit test for http client header collection behavior (#21273)
• test(browser): Move browser integration tests to dataCollection (#21282)
• test(cloudflare): Remove vitest in CF e2e tests (#21259)

Bundle size 📦

Path	Size
@​sentry/browser	26.57 KB
@​sentry/browser - with treeshaking flags	25.05 KB
@​sentry/browser (incl. Tracing)	44.19 KB
@​sentry/browser (incl. Tracing + Span Streaming)	46.37 KB

... (truncated)

Changelog

Sourced from @​sentry/astro's changelog.

10.56.0

Important Changes

• feat(deno): Redis diagnostics channel based integration for Deno (#21087)

  Adds Redis integration support for Deno, covering both redis and ioredis clients.

Other Changes

• feat(cloudflare): Only capture workflow step error on final retry attempt (#21025)
• feat(hono): Emit warning if @sentry/node was imported instead of @sentry/hono/node (#21240)
• feat(node): Use ioredis tracing channels (#21187)
• fix(browser): Correctly parse sampleRate when consistentTraceSampling is enabled (#21281)
• fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Agents (#21101)
• fix(cloudflare): Wait for span links to be set (#21167)
• fix(core): Use WeakRef for Span-Scope circular references (#21242)
• fix(node): Vendor InstrumentationNodeModuleFile to fix Bun --bytecode crash (#21262)
• fix(profiling-node): Ensure node version support warning includes latest 26 (#21229)

• chore: Ignore scheduled_tasks.lock (#21252)
• chore: Promote lint warnings to errors (#21213)
• chore(docs): Document how to support a new node version (#21228)
• chore(size-limit): Weekly auto-bump (#21243)
• chore(skills): Add linear-project-status skill (#21214)
• chore(skills): Add linear-project-update skill (#21233)
• chore(skills): Improve triage-issue skill (#21257)
• chore(skills): Update linear-project-status skill with more details & context (#21234)
• feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#21263)
• feat(server-utils): Initial scaffolding (#21200)
• ref(cloudflare): Move D1 instrumentation (#21266)
• ref(node): Refactor usage of hrTime utilities from @opentelemetry/core (#21191)
• ref(node): Stop mutating OTel RPC metadata to set http.route (#21193)
• ref(opentelemetry): Vendor minimal TraceState implementation (#21192)
• test(browser): Add unit test for http client header collection behavior (#21273)
• test(browser): Move browser integration tests to dataCollection (#21282)
• test(cloudflare): Remove vitest in CF e2e tests (#21259)

10.55.0

Important Changes

• feat(hono): Promote @sentry/hono to stable and deprecate honoIntegration (#21208)

  The @sentry/hono SDK is now stable. See the Sentry Hono SDK docs to get started.

... (truncated)

Commits

• 29b276c release: 10.56.0
• f94a87b Merge pull request #21291 from getsentry/prepare-release/10.56.0
• 165c82a meta(changelog): Update changelog for 10.56.0
• a7cb7e6 fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Ag...
• d8015e2 feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-...
• 01104fb fix(browser): Correctly parse sampleRate when consistentTraceSampling is en...
• 0613ef7 test(browser): Move browser integration tests to dataCollection (#21282)
• 231e1f5 test(browser): Add unit test for http client header collection behavior (#21273)
• ec5f82c feat(server-utils): initial scaffolding (#21200)
• dfeeb11 fix(cloudflare): Wait for span links to be set (#21167)
• Additional commits viewable in compare view

Updates @tsparticles/engine to 4.1.3

Release notes

Sourced from @​tsparticles/engine's releases.

v4.1.3

What's Changed

🔧 Other Changes

• 4.1.2 by @​matteobruni in tsparticles/tsparticles#5813

Full Changelog: tsparticles/tsparticles@v4.1.2...v4.1.3

Changelog

Sourced from @​tsparticles/engine's changelog.

4.1.3 (2026-06-03)

Bug Fixes

• various fixes after deeper review (d1a1e59)

4.1.2 (2026-06-01)

Note: Version bump only for package @​tsparticles/engine

4.1.1 (2026-05-31)

Note: Version bump only for package @​tsparticles/engine

4.1.0 (2026-05-29)

Bug Fixes

• fixed behavior when cannon has maxDistance 0 (9742680)

Features

• improved ribbon shape (58a9a57)
• improved ribbon shape (dff3e87)

4.0.5 (2026-05-19)

Note: Version bump only for package @​tsparticles/engine

4.0.4 (2026-05-19)

Note: Version bump only for package @​tsparticles/engine

4.0.3 (2026-05-18)

Note: Version bump only for package @​tsparticles/engine

4.0.2 (2026-05-16)

Note: Version bump only for package @​tsparticles/engine

4.0.1 (2026-05-15)

Note: Version bump only for package @​tsparticles/engine

4.0.0 (2026-05-15)

Note: Version bump only for package @​tsparticles/engine

4.0.0-beta.17 (2026-05-15)

... (truncated)

Commits

• b7ace06 chore(release): published new version
• d1a1e59 fix: various fixes after deeper review
• fdcbe48 chore(release): published new version
• 7055709 build: updated typedoc markdowns
• 2a16be4 chore(release): published new version
• ce41d45 chore(release): published new version
• 7b9b218 chore(all): changed private fields to # syntax
• 58a9a57 feat: improved ribbon shape
• dff3e87 feat: improved ribbon shape
• 34e9ba5 chore(engine): moved size and opacity options to their updaters, fixed build ...
• Additional commits viewable in compare view

Updates @tsparticles/preset-snow to 4.1.3

Release notes

Sourced from @​tsparticles/preset-snow's releases.

v4.1.3

What's Changed

🔧 Other Changes

• 4.1.2 by @​matteobruni in tsparticles/tsparticles#5813

Full Changelog: tsparticles/tsparticles@v4.1.2...v4.1.3

Changelog

Sourced from @​tsparticles/preset-snow's changelog.

4.1.3 (2026-06-03)

Note: Version bump only for package @​tsparticles/preset-snow

4.1.2 (2026-06-01)

Bug Fixes

• bundle exports fix (429c147)

4.1.1 (2026-05-31)

Note: Version bump only for package @​tsparticles/preset-snow

4.1.0 (2026-05-29)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.5 (2026-05-19)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.4 (2026-05-19)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.3 (2026-05-18)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.2 (2026-05-16)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.1 (2026-05-15)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.0 (2026-05-15)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.0-beta.17 (2026-05-15)

Note: Version bump only for package @​tsparticles/preset-snow

4.0.0-beta.16 (2026-05-09)

Note: Version bump only for package @​tsparticles/preset-snow

... (truncated)

Commits

• b7ace06 chore(release): published new version
• fdcbe48 chore(release): published new version
• 4b77dfd docs: updated version in readmes
• 429c147 fix: bundle exports fix
• 2a16be4 chore(release): published new version
• ce41d45 chore(release): published new version
• See full diff in compare view

Updates date-fns to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

• DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

• Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

Commits

• cd53d25 Promote to v4.4.0
• d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
• ee65753 Add root mise :format task
• 9f5bdf5 Add positional argument to test/smoke.sh script
• 651ead6 Split CDN bundles into separate @​date-fns/cdn package
• 224c1a2 Deprecate type tests as attw hangs on date-fns package
• 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
• b6ad5ac Add flags to control package build script
• 424a783 Fix docs release after moving to monorepo setup
• See full diff in compare view

Updates i18next to 26.3.1

Release notes

Sourced from i18next's releases.

v26.3.1

• fix(types): t() with a keyPrefix no longer pollutes its return type with sibling keys' values. A regression in 26.3.0 — the [Res] extends [never] guards added to KeysBuilderWithReturnObjects / KeysBuilderWithoutReturnObjects turned the builders into deferred conditional types, so KeyPrefix<Ns> stopped resolving to a literal union and keyPrefix inference widened to the whole namespace. Symptom: useTranslation(ns, { keyPrefix: 'a.b' }) then t('title') would resolve to '<a.b>.title' | '<other.path>.title' | ... instead of just the scoped value. Affected every react-i18next user using keyPrefix. Restored to the eager 26.2.0 form. The same-namespace conflict handling from #2434 still works via _DropConflictKeys at the merge layer (in options.d.ts). Thanks @​aaronrosenthal (#2436).

Changelog

Sourced from i18next's changelog.

26.3.1

• fix(types): t() with a keyPrefix no longer pollutes its return type with sibling keys' values. A regression in 26.3.0 — the [Res] extends [never] guards added to KeysBuilderWithReturnObjects / KeysBuilderWithoutReturnObjects turned the builders into deferred conditional types, so KeyPrefix<Ns> stopped resolving to a literal union and keyPrefix inference widened to the whole namespace. Symptom: useTranslation(ns, { keyPrefix: 'a.b' }) then t('title') would resolve to '<a.b>.title' | '<other.path>.title' | ... instead of just the scoped value. Affected every react-i18next user using keyPrefix. Restored to the eager 26.2.0 form. The same-namespace conflict handling from #2434 still works via _DropConflictKeys at the merge layer (in options.d.ts). Thanks @​aaronrosenthal (#2436).

26.3.0

• feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.

26.2.0

• feat(types): new parseInterpolation TypeOption (default true). When set to false in CustomTypeOptions, the type-level extractor stops parsing translation strings for {{variable}} patterns. Required by i18next-icu users — the default extractor mistakes ICU MessageFormat nested-brace plurals like {count, plural, one {{count} row} other {{count} rows}} for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed by InterpolationOptions and is unaffected. Fixes i18next-icu#85.
• fix(types): expose enableSelector on InitOptions so i18next.init({ enableSelector: 'strict' }) typechecks without a module augmentation. The runtime already reads opts?.enableSelector from init options; this lands the matching type declaration next to the other selector-resolution knobs. Accepts false | true | 'optimize' | 'strict'. Thanks @​Faithfinder (#2431)

26.1.0

• feat: enableSelector: 'strict' (TypeOptions + runtime option). Opt-in mode that drops the flattened-primary form from NsResource at the type level — every namespace (primary included) is exposed only under its own key on $, uniformly across single- and multi-ns hooks. At runtime, a leading selector path segment matching the scope's namespace list is always rewritten as a namespace prefix, including the primary. Eliminates the silent-miss surface area where t($ => $.primary.foo) typechecks but doesn't resolve under the default mode (see #2429). Backward-compatible: default enableSelector: false | true | 'optimize' behavior is unchanged. Note: strict mode is incompatible with the #2405 pattern (keys whose names match sibling namespaces) — those users should stay on default mode.

26.0.10

• feat: getFixedT accepts a fourth optional fixedOpts argument carrying scopeNs — the full namespace list the bound t was created for. The selector API uses scopeNs to detect when a path's first segment is a namespace prefix, without changing resolution scope. Resolution still uses the bound ns (a single primary string in the typical react-i18next setup), so plain t('key') lookups stay isolated to the primary namespace exactly as before — only t($ => $.secondaryNs.foo) selectors now route correctly under useTranslation([nsA, nsB]). Fixes the runtime side of #2429 for the react-i18next default-nsMode case. The 4th argument is opt-in: existing 3-arg getFixedT(lng, ns, keyPrefix) callers see no behavior change.

26.0.9

• fix(types): unformatted interpolation values are now typed as string | number (was string). i18next stringifies values at runtime, so requiring callers to wrap numbers in String(...) for plain {{var}} placeholders was unnecessary friction — and could mask the real problem when a non-string value was passed alongside multiple interpolation slots (the t() overload resolution would fall through to the 3-arg form and report a confusing "not assignable to string" error against the options object). Typed format specifiers like {{x, number}}, {{x, currency}}, {{x, datetime}}, etc. keep their precise types; this only relaxes the no-format default. The count variable remains number-only

26.0.8

• fix(types): restore the pre-v25.10.4 ExistsFunction shape so plain arrow functions can again be assigned to ExistsFunction-typed variables (TypeScript cannot infer type predicates through multi-overload assignment). Direct i18next.exists(key) calls still narrow key to SelectorKey — the predicate is now declared inline on i18n.exists. Custom wrappers that want the narrowing can type themselves as typeof i18next.exists 2425

26.0.7

• fix: when a plural lookup misses, the missingKey debug log now shows the actual plural-resolved key (e.g. foo.bar_many for Polish count: 14) instead of the base key — making it obvious which plural category was expected and missing 2423
• chore: drop @babel/runtime runtime dependency. The build no longer generates any @babel/runtime imports, so the package is unused by consumers. Rollup now uses babelHelpers: 'bundled' so any helpers that are ever needed in the future will be inlined rather than imported externally 2424
• chore: stop emitting dist/esm/i18next.bundled.js. It was byte-identical to dist/esm/i18next.js because no helpers were being imported 2424

26.0.6

Security release — all issues found via an internal audit.

• security: warn when a translation string combines escapeValue: false with interpolated variables inside a $t(key, { ... "{{var}}" ... }) nesting-options block. In that narrow combination, attacker-controlled string values containing " can break out of the JSON options literal and inject additional nesting options (e.g. redirect lng/ns). The default escapeValue: true configuration is unaffected because HTML-escaping neutralises the quote before JSON.parse. See the security note in the Nesting docs for the full pattern and mitigations
• security: apply regexEscape to unescapePrefix / unescapeSuffix on par with the other interpolation delimiters. Prevents ReDoS (catastrophic-backtracking) when a misconfigured delimiter contains regex metacharacters, and fixes silent breakage of the {{- var}} syntax when the delimiter contains characters like (, [, .
• security: strip CR/LF/NUL and other C0/C1 control characters from string log arguments to prevent log forging via user-controlled translation keys, language codes, namespaces, or interpolation variable names (CWE-117)
• chore: ignore .env* and *.pem/*.key files in .gitignore

26.0.5

• fix: cloneInstance().changeLanguage() no longer fails to update language state when the target language is not yet loaded — a race between init()'s deferred load() and the user's changeLanguage(...

  Description has been truncated

[cloudflare-workers-and-pages]

Deploying ozze with    Cloudflare Pages

Latest commit:	23293b3
Status:	🚫  Build failed.

View logs