Bump the minor-and-patch group across 1 directory with 20 updates

[dependabot]

Bumps the minor-and-patch group with 20 updates in the / directory:

Package	From	To
@reduxjs/toolkit	2.11.2	2.12.0
axios	1.15.1	1.16.1
date-fns	4.1.0	4.3.0
dompurify	3.4.0	3.4.7
focus-trap-react	12.0.0	12.0.2
i18next	26.0.7	26.3.0
react	19.2.5	19.2.6
react-dom	19.2.5	19.2.6
react-hotkeys-hook	5.2.4	5.3.2
react-i18next	17.0.4	17.0.8
react-redux	9.2.0	9.3.0
react-router	7.14.1	7.15.1
react-tooltip	6.0.0	6.0.4
reselect	5.1.1	5.2.0
@types/node	25.6.0	25.9.1
@vitejs/plugin-react	6.0.1	6.0.2
sass	1.99.0	1.100.0
typescript-eslint	8.58.2	8.60.0
vite	8.0.9	8.0.14
vitest	4.1.4	4.1.7

Updates @reduxjs/toolkit from 2.11.2 to 2.12.0

Release notes

Sourced from @​reduxjs/toolkit's releases.

v2.12.0

This feature release adds RTK usage skills files (via TanStack Intent) exports the RTK Query hook options types for reusability, fixes issues with infinite query status flags and batching handling, and makes some small TS improvements.

Changelog

Skills Files

We've generated agent skill files that are now included in the RTK package itself in a skills folder. They cover using and migrating to modern RTK, client and server state management, and handling side effects. You can point your agent at these skills yourself, or use TanStack Intent to pick them up.

TypeScript Improvements

The types for our RTK Query hook options are now exported, which lets you stop using Parameters to extract those types for use in your own code.

The types for listener middleware matchers were tweaked to allow interface-based type guards, not just type-based definitions.

The internal IgnorePaths type was renamed to IgnoredPaths for consistency.

We now use the built-in NoInfer util that comes with TS 5.4+.

Fixes

We fixed handling of the isSuccess status flag when switching infinite query cache entries. This should prevent accidental UI flashes that were occurring due to this flag accidentally flipping.

We've added a 100ms timeout fallback to the autoBatch enhancer's requestAnimationFrame timer. We had several reports that rAF didn't work correctly when used in background tabs / opened windows, and that RTK never updated the UI. This should ensure that the updates flush correctly.

What's Changed

• Export hook options types for RTK Query hooks by @​veeceey in reduxjs/redux-toolkit#5218
• Add TanStack Intent skills for Redux Toolkit by @​phryneas in reduxjs/redux-toolkit#5249
• Keep isSuccess: true when switching infinite query cache entries by @​riqts in reduxjs/redux-toolkit#5268
• fix: allow interface-based type guards as listener matcher by @​riqts in reduxjs/redux-toolkit#5269
• fix: add setTimeout fallback to raf autoBatch strategy for background tabs by @​riqts in reduxjs/redux-toolkit#5273
• chore(toolkit): rename IgnorePaths type to IgnoredPaths by @​Ri5ha6h in reduxjs/redux-toolkit#5284
• feat(toolkit)!: switch to native NoInfer utility type by @​aryaemami59 in reduxjs/redux-toolkit#5289

Full Changelog: reduxjs/redux-toolkit@v2.11.2...v2.12.0

Commits

• 576a02f Release 2.12.0
• de2d55e Merge pull request #5237 from aryaemami59/fix/codegen/generateEndpoints-retur...
• ac807c3 fix(codegen): narrow generateEndpoints return type
• 01ed3ba Merge pull request #5289 from aryaemami59/feat/toolkit/switch-to-native-NoInfer
• 1f16db1 Merge pull request #5290 from aryaemami59/build/toolkit/exclude-test-files-fr...
• 23783c1 build(toolkit): exclude test files from final bundle
• 91b8b0a feat(toolkit)!: switch to native NoInfer utility type
• 0b37f1a Merge pull request #5286 from aryaemami59/docs/toolkit/fix-typos
• 3cd62c8 fix unforwardedActions
• 64853cc chore: fix various typos
• Additional commits viewable in compare view

Updates axios from 1.15.1 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Commits

• 1337d6b chore(release): prepare release 1.16.1 (#10877)
• 858a790 fix: remove all caches (#10882)
• 34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
• 847d89b fix: support URL object as config.url input (#10866)
• 4094886 fix(progress): guard malformed XHR upload events (#10868)
• 44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
• 64e1095 chore: update PR and issue template to use h2 (#10865)
• 3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
• c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
• caa00a9 fix: https data in cleartext to proxy (#10858)
• Additional commits viewable in compare view

Updates date-fns from 4.1.0 to 4.3.0

Release notes

Sourced from date-fns's releases.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #4193.

• Fixed pt locale first day of week to be Sunday. See #4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #4194 by @​puneetdixit200.

v4.2.1

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Commits

• f95bcf1 (docs): Add missing tsx dependency
• baaca11 Add //pkgs/core:release/docs task
• 8aa0373 Update docs website secrets location in scripts
• c7ad6eb Promote to v4.3.0
• da8c548 Add change log entry for Chinese locale fix (#4194)
• f8d8fa8 Split Chinese locale tests (#4194)
• b9c5865 Fix Chinese locale month parsing (#4194)
• 39d1e14 Add pt fix change log entry (#4195)
• f3f1963 Fix pt locale first day of week to be Sunday (#4195)
• cd6ebda Add basic AGENTS.md
• Additional commits viewable in compare view

Updates dompurify from 3.4.0 to 3.4.7

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.7

• Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
• Removed a problem leading to permanent hook pollution, thanks @​offset
• Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

• Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
• Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
• Added more test coverage for IN_PLACE and general DOM Clobbering attacks
• Bumped several dependencies where possible

DOMPurify 3.4.5

• Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

• Added the selectedcontent element to default allow-list, thanks @​lukewarlow
• Added the command and commandfor attributes to default allowed-list, thanks @​lukewarlow
• Added better template scrubbing for IN_PLACE operations, thanks @​DEMON1A
• Added stronger checks for cross-realm windows, thanks @​DEMON1A & @​fg0x0
• Updated demo website and made sure it uses the latest from main
• Updated existing workflows, fuzzer, dependabot, etc., added more tests
• Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

DOMPurify 3.4.3

• Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
• Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
• Updated the node iteration code to catch more Shadow DOM related issues
• Updated Playwright and added Node 26 to test matrix
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

DOMPurify 3.4.2

• Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
• Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

DOMPurify 3.4.1

• Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (font-face, color-profile, missing-glyph, font-face-src, font-face-uri, font-face-format, font-face-name) under permissive CUSTOM_ELEMENT_HANDLING
• Fixed a case-sensitivity gap in the annotation-xml check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode
• Fixed SANITIZE_NAMED_PROPS repeatedly prefixing already-prefixed id and name values on subsequent sanitization
• Fixed the IN_PLACE root-node check to explicitly guard against non-string nodeName (DOM-clobbering robustness)
• Removed a duplicate slot entry from the default HTML attribute allow-list
• Strengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for SANITIZE_NAMED_PROPS, and a negative-control assertion ensuring the invariants actually fire
• Added regression and pinning tests covering the above fixes and two accepted-behavior contracts (SAFE_FOR_TEMPLATES greedy scrub, hook-added attribute handling)
• Extended CodeQL analysis to run on 3.x and 2.x maintenance branches

Commits

• ca30f07 release: 3.4.7 (#1414)
• bb7739e release: 3.4.6 (#1394)
• 011b0c7 release: 3.4.5 (#1382)
• 5817ad9 release: 3.4.4 (#1374)
• 520edb0 release: 3.4.3 (#1352)
• 6f67fd3 Sync/3.4.2 (#1322)
• 5b0cdbb chore: merge main into 3.x for 3.4.1 release (#1301)
• 09f5911 test: added three more browsers to test setup (OSX, mobile)
• See full diff in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates focus-trap-react from 12.0.0 to 12.0.2

Release notes

Sourced from focus-trap-react's releases.

v12.0.2

Patch Changes

• 161ec0d: Update focus-trap dependency to v8.2.1 for bug fixes and a new delayReturnFocus option

v12.0.1

Patch Changes

• 93c93e9: Update focus-trap dependency to 8.1.0 for new lifecycle hook improvements (onActivate, etc).

Changelog

Sourced from focus-trap-react's changelog.

12.0.2

Patch Changes

• 161ec0d: Update focus-trap dependency to v8.2.1 for bug fixes and a new delayReturnFocus option

12.0.1

Patch Changes

• 93c93e9: Update focus-trap dependency to 8.1.0 for new lifecycle hook improvements (onActivate, etc).

Commits

• 901ba2b Version Packages (#1913)
• 161ec0d Update focus-trap to v8.2.1 (#1912)
• 24cb9fa [DEPENDABOT]: Bump systeminformation from 5.31.1 to 5.31.6 (#1911)
• c1bb8f5 [DEPENDABOT]: Bump @​typescript-eslint/eslint-plugin from 8.59.2 to 8.59.3 (#1...
• 776e742 [DEPENDABOT]: Bump jest from 30.3.0 to 30.4.2 (#1908)
• 152484e [DEPENDABOT]: Bump babel-jest from 30.3.0 to 30.4.1 (#1903)
• 8026d7e [DEPENDABOT]: Bump cypress from 15.14.2 to 15.15.0 (#1904)
• bd01612 [DEPENDABOT]: Bump eslint-plugin-cypress from 6.4.0 to 6.4.1 (#1905)
• dcc9f42 [DEPENDABOT]: Bump @​typescript-eslint/parser from 8.59.2 to 8.59.3 (#1907)
• b53fa10 [DEPENDABOT]: Bump jest-environment-jsdom from 30.3.0 to 30.4.1 (#1909)
• Additional commits viewable in compare view

Updates i18next from 26.0.7 to 26.3.0

Release notes

Sourced from i18next's releases.

v26.3.0

• feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.

v26.2.0

• feat(types): new parseInterpolation TypeOption (default true). When set to false in CustomTypeOptions, the type-level extractor stops parsing translation strings for {{variable}} patterns. Required by i18next-icu users — the default extractor mistakes ICU MessageFormat nested-brace plurals like {count, plural, one {{count} row} other {{count} rows}} for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed by InterpolationOptions and is unaffected. Fixes i18next-icu#85.
• fix(types): expose enableSelector on InitOptions so i18next.init({ enableSelector: 'strict' }) typechecks without a module augmentation. The runtime already reads opts?.enableSelector from init options; this lands the matching type declaration next to the other selector-resolution knobs. Accepts false | true | 'optimize' | 'strict'. Thanks @​Faithfinder (#2431)

v26.1.0

• feat: enableSelector: 'strict' (TypeOptions + runtime option). Opt-in mode that drops the flattened-primary form from NsResource at the type level — every namespace (primary included) is exposed only under its own key on $, uniformly across single- and multi-ns hooks. At runtime, a leading selector path segment matching the scope's namespace list is always rewritten as a namespace prefix, including the primary. Eliminates the silent-miss surface area where t($ => $.primary.foo) typechecks but doesn't resolve under the default mode (see #2429). Backward-compatible: default enableSelector: false | true | 'optimize' behavior is unchanged. Note: strict mode is incompatible with the #2405 pattern (keys whose names match sibling namespaces) — those users should stay on default mode.

v26.0.10

• feat: getFixedT accepts a fourth optional fixedOpts argument carrying scopeNs — the full namespace list the bound t was created for. The selector API uses scopeNs to detect when a path's first segment is a namespace prefix, without changing resolution scope. Resolution still uses the bound ns (a single primary string in the typical react-i18next setup), so plain t('key') lookups stay isolated to the primary namespace exactly as before — only t($ => $.secondaryNs.foo) selectors now route correctly under useTranslation([nsA, nsB]). Fixes the runtime side of #2429 for the react-i18next default-nsMode case. The 4th argument is opt-in: existing 3-arg getFixedT(lng, ns, keyPrefix) callers see no behavior change.

v26.0.9

• fix(types): unformatted interpolation values are now typed as string | number (was string). i18next stringifies values at runtime, so requiring callers to wrap numbers in String(...) for plain {{var}} placeholders was unnecessary friction — and could mask the real problem when a non-string value was passed alongside multiple interpolation slots (the t() overload resolution would fall through to the 3-arg form and report a confusing "not assignable to string" error against the options object). Typed format specifiers like {{x, number}}, {{x, currency}}, {{x, datetime}}, etc. keep their precise types; this only relaxes the no-format default. The count variable remains number-only

v26.0.8

• fix(types): restore the pre-v25.10.4 ExistsFunction shape so plain arrow functions can again be assigned to ExistsFunction-typed variables (TypeScript cannot infer type predicates through multi-overload assignment). Direct i18next.exists(key) calls still narrow key to SelectorKey — the predicate is now declared inline on i18n.exists. Custom wrappers that want the narrowing can type themselves as typeof i18next.exists 2425

Changelog

Sourced from i18next's changelog.

26.3.0

• feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.

26.2.0

• feat(types): new parseInterpolation TypeOption (default true). When set to false in CustomTypeOptions, the type-level extractor stops parsing translation strings for {{variable}} patterns. Required by i18next-icu users — the default extractor mistakes ICU MessageFormat nested-brace plurals like {count, plural, one {{count} row} other {{count} rows}} for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed by InterpolationOptions and is unaffected. Fixes i18next-icu#85.
• fix(types): expose enableSelector on InitOptions so i18next.init({ enableSelector: 'strict' }) typechecks without a module augmentation. The runtime already reads opts?.enableSelector from init options; this lands the matching type declaration next to the other selector-resolution knobs. Accepts false | true | 'optimize' | 'strict'. Thanks @​Faithfinder (#2431)

26.1.0

• feat: enableSelector: 'strict' (TypeOptions + runtime option). Opt-in mode that drops the flattened-primary form from NsResource at the type level — every namespace (primary included) is exposed only under its own key on $, uniformly across single- and multi-ns hooks. At runtime, a leading selector path segment matching the scope's namespace list is always rewritten as a namespace prefix, including the primary. Eliminates the silent-miss surface area where t($ => $.primary.foo) typechecks but doesn't resolve under the default mode (see #2429). Backward-compatible: default enableSelector: false | true | 'optimize' behavior is unchanged. Note: strict mode is incompatible with the #2405 pattern (keys whose names match sibling namespaces) — those users should stay on default mode.

26.0.10

• feat: getFixedT accepts a fourth optional fixedOpts argument carrying scopeNs — the full namespace list the bound t was created for. The selector API uses scopeNs to detect when a path's first segment is a namespace prefix, without changing resolution scope. Resolution still uses the bound ns (a single primary string in the typical react-i18next setup), so plain t('key') lookups stay isolated to the primary namespace exactly as before — only t($ => $.secondaryNs.foo) selectors now route correctly under useTranslation([nsA, nsB]). Fixes the runtime side of #2429 for the react-i18next default-nsMode case. The 4th argument is opt-in: existing 3-arg getFixedT(lng, ns, keyPrefix) callers see no behavior change.

26.0.9

• fix(types): unformatted interpolation values are now typed as string | number (was string). i18next stringifies values at runtime, so requiring callers to wrap numbers in String(...) for plain {{var}} placeholders was unnecessary friction — and could mask the real problem when a non-string value was passed alongside multiple interpolation slots (the t() overload resolution would fall through to the 3-arg form and report a confusing "not assignable to string" error against the options object). Typed format specifiers like {{x, number}}, {{x, currency}}, {{x, datetime}}, etc. keep their precise types; this only relaxes the no-format default. The count variable remains number-only

26.0.8

• fix(types): restore the pre-v25.10.4 ExistsFunction shape so plain arrow functions can again be assigned to ExistsFunction-typed variables (TypeScript cannot infer type predicates through multi-overload assignment). Direct i18next.exists(key) calls still narrow key to SelectorKey — the predicate is now declared inline on i18n.exists. Custom wrappers that want the narrowing can type themselves as typeof i18next.exists 2425

Commits

• bdf651c 26.3.0
• 988a362 changelog: 26.3.0 entry for #2434
• 159506c feat(types): introduce ResourceNamespaceMap for monorepo namespace augmentati...
• df68b1f ci: restore JSR publishing via GitHub Actions OIDC
• 22fb6ad 26.2.0
• b640ac4 feat(types): parseInterpolation flag for ICU-friendly t() typing (i18next-icu...
• 0b9debd changelog: 26.1.1 entry for #2431
• 50509e4 fix(types): expose enableSelector on InitOptions (#2431)
• 80b5402 Enhance Pro Tip in README with i18next-locize-backend plugin link
• 5af0475 26.1.0
• Additional commits viewable in compare view

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates react-hotkeys-hook from 5.2.4 to 5.3.2

Release notes

Sourced from react-hotkeys-hook's releases.

v5.3.2

• The previous release was pointing to a broken entry point

What's Changed

• Bump path-to-regexp from 0.1.12 to 0.1.13 by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1329
• Bump picomatch by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1328
• Bump follow-redirects from 1.15.11 to 1.16.0 by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1330
• Bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1331
• fix: dynamic enabled option no longer triggers event listeners in v5.3.0 by @​JohannesKlauss in JohannesKlauss/react-hotkeys-hook#1333

Full Changelog: JohannesKlauss/react-hotkeys-hook@v5.3.0...v5.3.1

v5.3.1

What's Changed

• Bump path-to-regexp from 0.1.12 to 0.1.13 by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1329
• Bump picomatch by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1328
• Bump follow-redirects from 1.15.11 to 1.16.0 by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1330
• Bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in JohannesKlauss/react-hotkeys-hook#1331
• fix: dynamic enabled option no longer triggers event listeners in v5.3.0 by @​JohannesKlauss in JohannesKlauss/react-hotkeys-hook#1333

Full Changelog: JohannesKlauss/react-hotkeys-hook@v5.3.0...v5.3.1

v5.3.0

What's Changed

• chore(deps): update dependency vite to v7.3.2 [security] by @​renovate[bot] in JohannesKlauss/react-hotkeys-hook#1321
• fix: prevent mod hotkey from triggering on Super/Windows key on non-macOS platforms by @​samhoseinkhani in JohannesKlauss/react-hotkeys-hook#1325
• Update all non-major dependencies by @​renovate[bot] in JohannesKlauss/react-hotkeys-hook#1326
• #1313 Fixed missing ref re-assignment for conditionally rendered elements by @​oleksandr-danylchenko in JohannesKlauss/react-hotkeys-hook#1314
• Add Key Blacklist Support to useRecordHotkeys by @​vedmakk in JohannesKlauss/react-hotkeys-hook#1268
• Update dependency @​eslint/js to v10 by @​renovate[bot] in JohannesKlauss/react-hotkeys-hook#1327

New Contributors

• @​samhoseinkhani made their first contribution in JohannesKlauss/react-hotkeys-hook#1325
• @​oleksandr-danylchenko made their first contribution in JohannesKlauss/react-hotkeys-hook#1314
• @​vedmakk made their first contribution in JohannesKlauss/react-hotkeys-hook#1268

Full Changelog: JohannesKlauss/react-hotkeys-hook@v5.2.4...v5.3.0

Commits

• d0ea7a8 Release v5.3.1
• 6c71ffc Merge pull request

[github-actions]

This pull request has conflicts ☹
Please resolve those so we can review the pull request.
Thanks.

[github-actions]

Use docker or podman to test this pull request locally.

Run test server using develop.opencast.org as backend:

podman run --rm -it -p 127.0.0.1:3000:3000 ghcr.io/opencast/admin-interface:pr-1615

Specify a different backend like stable.opencast.org:

podman run --rm -it -p 127.0.0.1:3000:3000 -e PROXY_TARGET=https://stable.opencast.org ghcr.io/opencast/admin-interface:pr-1615

It may take a few seconds for the interface to spin up.
It will then be available at http://127.0.0.1:3000.
For more options you can pass on to the proxy, take a look at the README.md.

[Arnei]

@dependabot reopen

[Arnei]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with develop! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[Arnei]

@dependabot recreate