Skip to content

Deps: bump the i18n group with 2 updates#5208

Merged
greenbonebot merged 1 commit intomainfrom
dependabot/npm_and_yarn/main/i18n-4913c5e815
Apr 1, 2026
Merged

Deps: bump the i18n group with 2 updates#5208
greenbonebot merged 1 commit intomainfrom
dependabot/npm_and_yarn/main/i18n-4913c5e815

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps the i18n group with 2 updates: i18next and react-i18next.

Updates i18next from 25.8.18 to 26.0.3

Release notes

Sourced from i18next's releases.

v26.0.3

  • fix(types): addResourceBundle now accepts an optional 6th options parameter ({ silent?: boolean; skipCopy?: boolean }) matching the runtime API 2419

v26.0.2

  • fix(types): t("key", {} as TOptions) no longer produces a type error — the context constraint now bypasses strict checking when context is unknown (e.g. from TOptions) 2418

v26.0.1

  • fix: Formatter no longer crashes when alwaysFormat is true and no format specifier is present (format is undefined)
  • fix: Formatter now returns undefined/null values as-is instead of producing NaN when the value is missing

v26.0.0

This is a major breaking release:

Breaking Changes

  • Remove deprecated initImmediate option — the backward-compatibility mapping from initImmediate to initAsync (introduced in v24) has been removed. Use initAsync instead.
  • Remove legacy interpolation.format function — the old monolithic format function (interpolation: { format: (value, format, lng) => ... }) is no longer supported. The built-in Formatter (or a custom Formatter module via .use()) is now always used. Migrate to the new formatting approach using i18next.services.formatter.add() or .addCached() for custom formatters.
  • Remove console support notice — the console support notice introduced in v25.8.0 has been removed, along with the showSupportNotice option and all related internal suppression logic (globalThis.__i18next_supportNoticeShown, I18NEXT_NO_SUPPORT_NOTICE env var). See our blog post for the full story.
  • Remove simplifyPluralSuffix option — this option was unused by the core PluralResolver (which relies entirely on Intl.PluralRules). It only had an effect in the old v1/v2/v3 compatibility layer. The v4 test compatibility layer now defaults to true internally.
  • Remove deprecated @babel/polyfill from devDependencies.

Improvements

  • Code modernization across all source files:
    • Replace indexOf() > -1 / indexOf() < 0 with .includes() (~40+ occurrences)
    • Replace indexOf() === 0 with .startsWith() where appropriate
    • Replace var with const, '' + object with String(object), .substring() with .slice()
    • Replace .apply(observer, [event, ...args]) with direct call observer(event, ...args)
    • Remove unnecessary .call(this, ...) in BackendConnector retry logic
    • Fix array-callback-return in LanguageUtils getBestMatchFromCodes
    • Clean up all stale eslint-disable comments from source files
  • EventEmitter: add once() method for one-time event subscriptions
  • Memory leak fix: move module-level checkedLoadedFor cache to Translator instance, preventing cross-instance state leakage
  • TypeScript: fix BackendModule generic parameter naming inconsistency between CJS and ESM type definitions
  • TypeScript: add once() method to i18n and ResourceStore type interfaces
  • ESLint 9: migrate from ESLint 8 (airbnb-base) to ESLint 9 flat config with neostandard
  • Vitest 4: upgrade from vitest 3 to vitest 4, migrate workspace files to test.projects config

v25.10.10

  • feat: suppress support notice automatically in production environments (NODE_ENV=production)

v25.10.9

  • feat(types): export SelectorParam<Ns, KPrefix> helper type — a stable, readable alternative to Parameters<TFunction<Ns>>[0] for typing selector function props 2414

v25.10.8

  • fix(types): reorder TFunctionSelector overloads so Parameters<TFunction> resolves to the general selector signature instead of the branded SelectorKey type 2412

v25.10.7

... (truncated)

Changelog

Sourced from i18next's changelog.

26.0.3

  • fix(types): addResourceBundle now accepts an optional 6th options parameter ({ silent?: boolean; skipCopy?: boolean }) matching the runtime API 2419

26.0.2

  • fix(types): t("key", {} as TOptions) no longer produces a type error — the context constraint now bypasses strict checking when context is unknown (e.g. from TOptions) 2418

26.0.1

  • fix: Formatter no longer crashes when alwaysFormat is true and no format specifier is present (format is undefined)
  • fix: Formatter now returns undefined/null values as-is instead of producing NaN when the value is missing

26.0.0

This is a major breaking release:

Breaking Changes

  • Remove deprecated initImmediate option — the backward-compatibility mapping from initImmediate to initAsync (introduced in v24) has been removed. Use initAsync instead.
  • Remove legacy interpolation.format function — the old monolithic format function (interpolation: { format: (value, format, lng) => ... }) is no longer supported. The built-in Formatter (or a custom Formatter module via .use()) is now always used. Migrate to the new formatting approach using i18next.services.formatter.add() or .addCached() for custom formatters.
  • Remove console support notice — the console support notice introduced in v25.8.0 has been removed, along with the showSupportNotice option and all related internal suppression logic (globalThis.__i18next_supportNoticeShown, I18NEXT_NO_SUPPORT_NOTICE env var). See our blog post for the full story.
  • Remove simplifyPluralSuffix option — this option was unused by the core PluralResolver (which relies entirely on Intl.PluralRules). It only had an effect in the old v1/v2/v3 compatibility layer. The v4 test compatibility layer now defaults to true internally.
  • Remove deprecated @babel/polyfill from devDependencies.

Improvements

  • Code modernization across all source files:
    • Replace indexOf() > -1 / indexOf() < 0 with .includes() (~40+ occurrences)
    • Replace indexOf() === 0 with .startsWith() where appropriate
    • Replace var with const, '' + object with String(object), .substring() with .slice()
    • Replace .apply(observer, [event, ...args]) with direct call observer(event, ...args)
    • Remove unnecessary .call(this, ...) in BackendConnector retry logic
    • Fix array-callback-return in LanguageUtils getBestMatchFromCodes
    • Clean up all stale eslint-disable comments from source files
  • EventEmitter: add once() method for one-time event subscriptions
  • Memory leak fix: move module-level checkedLoadedFor cache to Translator instance, preventing cross-instance state leakage
  • TypeScript: fix BackendModule generic parameter naming inconsistency between CJS and ESM type definitions
  • TypeScript: add once() method to i18n and ResourceStore type interfaces
  • ESLint 9: migrate from ESLint 8 (airbnb-base) to ESLint 9 flat config with neostandard
  • Vitest 4: upgrade from vitest 3 to vitest 4, migrate workspace files to test.projects config

25.10.10

  • feat: suppress support notice automatically in production environments (NODE_ENV=production)

25.10.9

  • feat(types): export SelectorParam<Ns, KPrefix> helper type — a stable, readable alternative to Parameters<TFunction<Ns>>[0] for typing selector function props 2414

... (truncated)

Commits
  • ea8391c 26.0.3
  • 5da85e0 fix(types): addResourceBundle now accepts an optional 6th options paramet...
  • 3db098f 26.0.2
  • 6ece798 fix(types): t("key", {} as TOptions) no longer produces a type error — the ...
  • 18b3dbb 26.0.1
  • c829f91 fix: Formater crashes etc.
  • 1593d11 remove node v18 from github actions
  • d85c23d 26.0.0
  • fad19d5 feat!: v26.0.0 — major version with breaking changes
  • 780aa91 jsr update
  • Additional commits viewable in compare view

Updates react-i18next from 16.5.8 to 17.0.2

Changelog

Sourced from react-i18next's changelog.

17.0.2

  • fix(types): values prop on <Trans /> now only requires interpolation variables for the specific i18nKey, not all variables in the namespace 1913

17.0.1

  • chore: bump minimum i18next peer dependency to >= 26.0.1 (forgot to do it in last version)
  • fix: migrate test setup from removed legacy interpolation.format to i18n.services.formatter.add() (i18next v26)

17.0.0

Potentially breaking changes

  • fix: transKeepBasicHtmlNodesFor now correctly preserves HTML tag names when children contain interpolations or mixed content 230
    • Previously, <strong>{{name}}</strong> was incorrectly serialized as <1>{{name}}</1> — the tag name was only preserved for plain string children
    • This bug existed since the feature was introduced and affects auto-generated keys (when no explicit i18nKey is provided)
    • If you rely on auto-generated Trans keys containing indexed tags for kept HTML elements with interpolation children, you will need to update your translation files

Other changes

  • updated dev dependencies (vitest, rollup plugins, happy-dom, typescript, etc.)

16.6.6

  • fix(peer-deps): bump i18next peer dependency to >= 25.10.9 to match required type exports (ConstrainTarget, ApplyTarget, GetSource) used by TransSelector 1911

16.6.5

  • fix(types): selector keyPrefix overload in useTranslation no longer matches when keyPrefix is absent, fixing defaultNS: false with explicit ns option 2412

16.6.4

  • allow TypeScript 6 as peer dependency 1910

16.6.3

  • fix(types): merge TransSelector overloads into a single signature so typeof Trans remains extendable 1909

16.6.2

  • feat(types): useTranslation now accepts selector functions as keyPrefix with full type-safe key narrowing when enableSelector is enabled 2367

16.6.1

  • feat(types): i18nKey of <Trans i18nKey={sk} /> to accept a SelectorKey 2364

16.6.0

  • warn when t is called before ready with useSuspense: false 1896
  • type-safe values prop on <Trans /> component — interpolation variables are now inferred from the translation string when custom types are configured 1772
Commits
  • 4d62f86 17.0.2
  • 61fe80c fix(types): values prop on \<Trans /> now only requires interpolation vari...
  • b58d5a5 l10n: add Swedish language support to examples (#1912)
  • 2321496 17.0.1
  • 7e656b5 chore: bump minimum i18next peer dependency
  • dfc350b upate github actions
  • 7fe2620 17.0.0
  • f4ada4c fix: transKeepBasicHtmlNodesFor now correctly preserves HTML tag names when...
  • eb02c63 16.6.6
  • 76f98cd fix(peer-deps): bump i18next peer dependency to >= 25.10.9 to match require...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 1, 2026 03:04
@greenbonebot greenbonebot enabled auto-merge (rebase) April 1, 2026 03:05
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 6f694bc.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@babel/runtime 7.29.2 🟢 7.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
npm/i18next 26.0.3 🟢 3.8
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0no SAST tool detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
npm/react-i18next 16.6.6 🟢 3.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 7binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
npm/react-i18next 16.6.6 🟢 3.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 7binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
npm/react-i18next 17.0.2 🟢 3.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 7binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected

Scanned Files

  • package-lock.json

@dependabot @bjoernricks
Deps: bump the i18n group with 2 updates
6f694bc 
Bumps the i18n group with 2 updates: [i18next](https://github.com/i18next/i18next) and [react-i18next](https://github.com/i18next/react-i18next).


Updates `i18next` from 25.8.18 to 26.0.3
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v25.8.18...v26.0.3)

Updates `react-i18next` from 16.5.8 to 17.0.2
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/react-i18next@v16.5.8...v17.0.2)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 26.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: i18n
- dependency-name: react-i18next
  dependency-version: 17.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: i18n
...

Signed-off-by: dependabot[bot] <support@github.com>
@bjoernricks bjoernricks force-pushed the dependabot/npm_and_yarn/main/i18n-4913c5e815 branch from 2cc2148 to 6f694bc Compare April 1, 2026 06:44
@greenbonebot greenbonebot merged commit b2fe948 into main Apr 1, 2026
27 checks passed
@greenbonebot greenbonebot deleted the dependabot/npm_and_yarn/main/i18n-4913c5e815 branch April 1, 2026 06:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bjoernricks @greenbonebot