chore(deps): update node dependencies

[loopingz]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
@adobe/css-tools	dependencies	patch	^4.4.1 → ^4.4.4
@hono/node-server	dependencies	patch	^1.19.5 → ^1.19.14
@hono/node-server@<1.19.10	pnpm.overrides	patch	^1.19.10 → ^1.19.14
@rollup/plugin-commonjs (source)	devDependencies	patch	^28.0.8 → ^28.0.9
@rollup/plugin-commonjs (source)	devDependencies	patch	^28.0.3 → ^28.0.9
@rollup/plugin-node-resolve (source)	devDependencies	patch	^16.0.1 → ^16.0.3
@rollup/plugin-replace (source)	devDependencies	patch	^6.0.2 → ^6.0.3
@rollup/plugin-typescript (source)	devDependencies	patch	^12.1.2 → ^12.3.0
@types/micromatch (source)	devDependencies	patch	^4.0.9 → ^4.0.10
@types/papaparse (source)	devDependencies	patch	^5.5.1 → ^5.5.2
@types/tar-stream (source)	devDependencies	patch	^3.1.3 → ^3.1.4
@vertesia/client (source)	dependencies	patch	0.82.1 → 0.82.4
ajv (source)	dependencies	patch	^8.17.1 → ^8.18.0
ansi-escapes	dependencies	patch	^6.2.0 → ^6.2.1
brace-expansion@>=1.0.0 <2.0.0	pnpm.overrides	patch	[^1.1.12 → ^1.1.14](https://renovatebot.com/diffs/npm/brace-expansion@>=1.0.0 <2.0.0/1.1.12/1.1.14)
brace-expansion@>=2.0.0 <3.0.0	pnpm.overrides	minor	[^2.0.2 → ^2.1.0](https://renovatebot.com/diffs/npm/brace-expansion@>=2.0.0 <3.0.0/2.0.2/2.1.0)
chalk	dependencies	patch	^5.3.0 → ^5.6.2
chalk	dependencies	patch	^5.4.1 → ^5.6.2
cli-spinners	dependencies	patch	^2.9.1 → ^2.9.2
commander	dependencies	patch	^14.0.2 → ^14.0.3
concurrently	devDependencies	patch	^9.1.2 → ^9.2.1
dayjs (source)	dependencies	patch	^1.11.19 → ^1.11.20
diff@>=6.0.0 <8.0.3	pnpm.overrides	patch	[^8.0.3 → ^8.0.4](https://renovatebot.com/diffs/npm/diff@>=6.0.0 <8.0.3/8.0.3/8.0.4)
dotenv	dependencies	minor	^17.2.3 → ^17.4.2
esbuild@<0.25.0	pnpm.overrides	minor	^0.27.1 → ^0.28.0
eventsource	dependencies	patch	^3.0.6 → ^3.0.7
eventsource-parser	dependencies	patch	^1.1.1 → ^1.1.2
fast-xml-parser	dependencies	minor	^5.5.7 → ^5.6.0
fast-xml-parser@<5.3.8	pnpm.overrides	minor	^5.5.7 → ^5.6.0
fast-xml-parser@>=4.0.0-beta.3 <5.5.7	pnpm-workspace.overrides	minor	[^5.5.7 → ^5.6.0](https://renovatebot.com/diffs/npm/fast-xml-parser@>=4.0.0-beta.3 <5.5.7/5.5.7/5.6.0)
firebase (source, changelog)	dependencies	patch	^10.12.2 → ^10.14.1
globals	devDependencies	minor	^17.3.0 → ^17.5.0
globals	devDependencies	minor	^17.3.0 → ^17.5.0
i18next (source)	dependencies	patch	^26.0.1 → ^26.0.5
i18next-cli	devDependencies	minor	^1.51.5 → ^1.53.2
is-generator-function	pnpm.overrides	minor	1.0.10 → 1.1.2
jose	dependencies	minor	^6.0.11 → ^6.2.2
katex (source)	dependencies	patch	^0.16.28 → ^0.16.45
lodash-es (source)	dependencies	patch	^4.17.23 → ^4.18.1
log-symbols	dependencies	patch	^7.0.0 → ^7.0.1
mermaid	dependencies	minor	^11.4.0 → ^11.14.0
mime	dependencies	patch	^4.0.0 → ^4.1.0
mime	dependencies	patch	^4.0.4 → ^4.1.0
minimatch@>=10.0.0 <11.0.0	pnpm.overrides	patch	[^10.2.4 → ^10.2.5](https://renovatebot.com/diffs/npm/minimatch@>=10.0.0 <11.0.0/10.2.4/10.2.5)
mocha (source)	devDependencies	patch	^10.2.0 → ^10.8.2
monaco-editor	dependencies	minor	^0.52.2 → ^0.55.1
ms	dependencies	patch	3.0.0-canary.1 → 3.0.0-canary.202508261828
open	dependencies	patch	^10.1.0 → ^10.2.0
prettier (source)	devDependencies	minor	3.5.3 → 3.8.3
qs@>=6.0.0 <6.14.0	pnpm.overrides	minor	[^6.14.1 → ^6.15.1](https://renovatebot.com/diffs/npm/qs@>=6.0.0 <6.14.0/6.14.1/6.15.1)
remark-github-blockquote-alert (source)	dependencies	minor	^2.0.0 → ^2.1.0
rimraf	devDependencies	minor	^6.0.1 → ^6.1.3
rimraf	devDependencies	patch	^6.1.2 → ^6.1.3
rimraf	devDependencies	patch	^5.0.5 → ^5.0.10
rollup (source)	devDependencies	patch	^4.59.0 → ^4.60.1
rollup (source)	peerDependencies	minor	^4.59.0 → ^4.60.1
sharp (source, changelog)	dependencies	minor	^0.33.4 → ^0.34.5
sharp (source, changelog)	dependencies	minor	^0.33.5 → ^0.34.5
tar-stream	dependencies	patch	^3.1.7 → ^3.1.8
tmp	dependencies	patch	^0.2.4 → ^0.2.5
tsx (source)	devDependencies	patch	^4.8.1 → ^4.21.0
turbo (source)	devDependencies	patch	^2.8.10 → ^2.9.6
typescript (source)	devDependencies	patch	^5.9.2 → ^5.9.3
typescript (source)	devDependencies	patch	^6.0.2 → ^6.0.3
typescript (source)	dependencies	patch	^6.0.2 → ^6.0.3
undici@>=6.0.0 <6.21.3 (source)	pnpm.overrides	minor	[^7.24.1 → ^7.25.0](https://renovatebot.com/diffs/npm/undici@>=6.0.0 <6.21.3/7.24.1/7.25.0)
unist-util-visit	dependencies	patch	^5.0.0 → ^5.1.0
vega-lite (source)	dependencies	patch	^6.4.1 → ^6.4.2
yaml (source)	dependencies	patch	^2.6.0 → ^2.8.3
zod (source)	dependencies	patch	^4.3.5 → ^4.3.6
zod (source)	dependencies	patch	^3.24.1 → ^3.25.76

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

honojs/node-server (@​hono/node-server)

v1.19.14

Compare Source

What's Changed

• fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @​usualoma in #​340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

vertesia/composableai (@​vertesia/client)

v0.82.4

Compare Source

v0.82.3

Compare Source

v0.82.2

Compare Source

juliangruber/brace-expansion (brace-expansion@>=1.0.0 <2.0.0)

v1.1.14

Compare Source

v1.1.13

Compare Source

iamkun/dayjs (dayjs)

v1.11.20

Compare Source

Bug Fixes

• Update locale km.js to support meridiem (#​3017) (9d2b6a1)
• update updateLocale plugin to merge nested object properties instead of replacing (#​3012) (99691c5), closes #​1118

kpdecker/jsdiff (diff@>=6.0.0 <8.0.3)

v8.0.4

Compare Source

• #​667 - fix another bug in diffWords when used with an Intl.Segmenter. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), diffWords would previously crash. Now this case is handled correctly.

motdotla/dotenv (dotenv)

v17.4.2

Compare Source

Changed

• Improved skill files - tightened up details (#​1009)

v17.4.1

Compare Source

Changed

• Change text injecting to injected (#​1005)

v17.4.0

Compare Source

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#​1003)

evanw/esbuild (esbuild@<0.25.0)

v0.28.0

Compare Source

• Add support for with { type: 'text' } imports (#​4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#​4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

v0.27.7

Compare Source

• Fix lowering of define semantics for TypeScript parameter properties (#​4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  
  // Old output (with --loader=ts --target=es2021)
  class Foo {
    constructor(x = 1) {
      this.x = x;
      __publicField(this, "y", 2);
    }
    x;
  }
  
  // New output (with --loader=ts --target=es2021)
  class Foo {
    constructor(x = 1) {
      __publicField(this, "x", x);
      __publicField(this, "y", 2);
    }
  }

v0.27.5

Compare Source

• Fix for an async generator edge case (#​4401, #​4417)

  Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:

  async function* inner() { yield 1; yield 2 }
  async function* outer() { yield* inner() }
  let gen = outer()
  for await (let x of [gen.next(), gen.next()]) console.log(x)

  Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with --supported:async-generator=false). The transformation should be fixed starting with this release.

  This fix was contributed by @​2767mr.

• Fix a regression when metafile is enabled (#​4420, #​4418)

  This release fixes a regression introduced by the previous release. When metafile: true was enabled in esbuild's JavaScript API, builds with build errors were incorrectly throwing an error about an empty JSON string instead of an object containing the build errors.

• Use define semantics for TypeScript parameter properties (#​4421)

  Parameter properties are a TypeScript-specific code generation feature that converts constructor parameters into class fields when they are prefixed by certain keywords. When "useDefineForClassFields": true is present in tsconfig.json, the TypeScript compiler automatically generates class field declarations for parameter properties. Previously esbuild didn't do this, but esbuild will now do this starting with this release:

  // Original code
  class Foo {
    constructor(public x: number) {}
  }
  
  // Old output (with --loader=ts)
  class Foo {
    constructor(x) {
      this.x = x;
    }
  }
  
  // New output (with --loader=ts)
  class Foo {
    constructor(x) {
      this.x = x;
    }
    x;
  }

• Allow es2025 as a target in tsconfig.json (#​4432)

  TypeScript recently added es2025 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

  {
    "compilerOptions": {
      "target": "ES2025"
    }
  }

  As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

v0.27.4

Compare Source

• Fix a regression with CSS media queries (#​4395, #​4405, #​4406)

  Version 0.25.11 of esbuild introduced support for parsing media queries. This unintentionally introduced a regression with printing media queries that use the <media-type> and <media-condition-without-or> grammar. Specifically, esbuild was failing to wrap an or clause with parentheses when inside <media-condition-without-or>. This release fixes the regression.

  Here is an example:

  /* Original code */
  @​media only screen and ((min-width: 10px) or (min-height: 10px)) {
    a { color: red }
  }
  
  /* Old output (incorrect) */
  @​media only screen and (min-width: 10px) or (min-height: 10px) {
    a {
      color: red;
    }
  }
  
  /* New output (correct) */
  @​media only screen and ((min-width: 10px) or (min-height: 10px)) {
    a {
      color: red;
    }
  }

• Fix an edge case with the inject feature (#​4407)

  This release fixes an edge case where esbuild's inject feature could not be used with arbitrary module namespace names exported using an export {} from statement with bundling disabled and a target environment where arbitrary module namespace names is unsupported.

  With the fix, the following inject file:

  import jquery from 'jquery';
  export { jquery as 'window.jQuery' };

  Can now always be rewritten as this without esbuild sometimes incorrectly generating an error:

  export { default as 'window.jQuery' } from 'jquery';

• Attempt to improve API handling of huge metafiles (#​4329, #​4415)

  This release contains a few changes that attempt to improve the behavior of esbuild's JavaScript API with huge metafiles (esbuild's name for the build metadata, formatted as a JSON object). The JavaScript API is designed to return the metafile JSON as a JavaScript object in memory, which makes it easy to access from within a JavaScript-based plugin. Multiple people have encountered issues where this API breaks down with a pathologically-large metafile.

  The primary issue is that V8 has an implementation-specific maximum string length, so using the JSON.parse API with large enough strings is impossible. This release will now attempt to use a fallback JavaScript-based JSON parser that operates directly on the UTF8-encoded JSON bytes instead of using JSON.parse when the JSON metafile is too big to fit in a JavaScript string. The new fallback path has not yet been heavily-tested. The metafile will also now be generated with whitespace removed if the bundle is significantly large, which will reduce the size of the metafile JSON slightly.

  However, hitting this case is potentially a sign that something else is wrong. Ideally you wouldn't be building something so enormous that the build metadata can't even fit inside a JavaScript string. You may want to consider optimizing your project, or breaking up your project into multiple parts that are built independently. Another option could potentially be to use esbuild's command-line API instead of its JavaScript API, which is more efficient (although of course then you can't use JavaScript plugins, so it may not be an option).

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

v0.27.2

Compare Source

• Allow import path specifiers starting with #/ (#​4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#​4357, #​4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  
  /* Old output (with --target=chrome110) */
  main {
    mask: url(x.png) center/5rem no-repeat;
  }
  
  /* New output (with --target=chrome110) */
  main {
    -webkit-mask: url(x.png) center/5rem no-repeat;
    mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#​4176, #​4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}
  
  // New output (with --minify)
  x===0?foo():bar();

• Forbid using declarations inside switch clauses (#​4323)

  This is a rare change to remove something that was previously possible. The Explicit Resource Management proposal introduced using declarations. These were previously allowed inside case and default clauses in switch statements. This had well-defined semantics and was already widely implemented (by V8, SpiderMonkey, TypeScript, esbuild, and others). However, it was considered to be too confusing because of how scope works in switch statements, so it has been removed from the specification. This edge case will now be a syntax error. See tc39/proposal-explicit-resource-management#215 and rbuckton/ecma262#14 for details.

  Here is an example of code that is no longer allowed:

  switch (mode) {
    case 'read':
      using readLock = db.read()
      return readAll(readLock)
  
    case 'write':
      using writeLock = db.write()
      return writeAll(writeLock)
  }

  That code will now have to be modified to look like this instead (note the additional { and } block statements around each case body):

  switch (mode) {
    case 'read': {
      using readLock = db.read()
      return readAll(readLock)
    }
    case 'write': {
      using writeLock = db.write()
      return writeAll(writeLock)
    }
  }

  This is not being released in one of esbuild's breaking change releases since this feature hasn't been finalized yet, and esbuild always tracks the current state of the specification (so esbuild's previous behavior was arguably incorrect).

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.6.0: use @​nodable/entities to replace entities

Compare Source

• No API change
• No change in performance for basic usage
• No typing change
• No config change
• new dependency
• breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

v5.5.12

Compare Source

v5.5.11

Compare Source

v5.5.10: performance improvment, increase entity expansion default limit

Compare Source

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

v5.5.9: fix typins and matcher instance in callbacks

Compare Source

combine typings file to avoid configuration changes
pass readonly instance of matcher to the call backs to avoid accidental push/pop call

v5.5.8

Compare Source

sindresorhus/globals (globals)

v17.5.0

Compare Source

• Update globals (2026-04-12) (#​342) 5d84602

---

i18next/i18next (i18next)

v26.0.5

Compare Source

• fix: cloneInstance().changeLanguage() no longer fails to update language state when the target language is not yet loaded — a race between init()'s deferred load() and the user's changeLanguage() could overwrite isLanguageChangingTo, causing setLngProps to be skipped 2422

i18next/i18next-cli (i18next-cli)

v1.53.2

Compare Source

• Add locale and namespace fields to the TranslationResult object passed
  to the afterSync plugin hook, so plugins no longer need to reverse-engineer
  these values from the file path.
  Relates to #​237.

v1.53.1

Compare Source

• Fix selector API with dynamic bracket notation (e.g.
  t(($) => $.table.columns[field])) incorrectly treating keys as unused
  and removing them during extraction. Dynamic bracket expressions are now
  resolved via the expression resolver, and function parameter type
  annotations (e.g. field: "name" | "age") are captured so the resolver
  can enumerate all possible key values.
  Fixes #​234.

v1.53.0

Compare Source

• Add optional types.basePath configuration to support nested namespaces in
  TypeScript type generation. When set, namespaces are derived from the file's
  path relative to basePath instead of just the filename, so
  locales/en/dashboard/user.json produces namespace "dashboard/user" instead
  of "user". When basePath is omitted, existing behavior is preserved.
  Contributed by @​camerondubas in
  #​236.
• Add a warning when types.basePath is misconfigured and translation files
  fall outside the specified base directory.
• Use the internal logger instead of console.warn for warnings in the type
  generator.

v1.52.1

Compare Source

• Fix extract --sync-all --trust-derived resetting secondary locale values
  to empty strings even when the trusted derived default was already in sync in
  the primary locale. Secondary translations are now only cleared when the
  primary locale would actually be updated by the sync.
  Follow-up to #​235.

v1.52.0

Compare Source

• Add extract --trust-derived as an opt-in companion to --sync-primary
  and --sync-all. When enabled, the extractor also trusts default values
  inferred from keys, including plain key-as-text usage such as
  t('Hello world') and keyPrefix-derived values, while preserving the
  existing strict sync behavior by default.
  Follows up on #​235.

v1.51.9

Compare Source

• Fix extract --sync-all producing different results on repeated runs when a
  key has a derived default value (including keyPrefix-derived keys).
  Derived defaults are now detected consistently in both the initial write and
  existing-value sync paths, so rerunning the same command no longer rewrites
  the primary locale unexpectedly.
  Fixes #​235.

v1.51.8

Compare Source

• Fix selector API with dynamic bracket notation (e.g.
  t(($) => $.table.columns[field])) incorrectly treating keys as unused
  and removing them during extraction. Dynamic bracket expressions are now
  resolved via the expression resolver, so typed variables
  (const field: "name" | "age") and const-initialised variables
  (const field = "name") are correctly expanded into all possible keys.
  Fixes #​234.

v1.51.7

Compare Source

• Fix --sync-all not clearing secondary locale translations when
  mergeNamespaces is enabled. The syncAll flag was not being passed
  through in the merged namespaces code path.
  Fixes #​233.

v1.51.6

Compare Source

• Add getT and useT to the default useTranslationNames so that
  next-i18next v16 App Router hooks are recognized out of the box.
  Keys from useT('ns') and await getT('ns') are now correctly
  extracted into the specified namespace instead of falling back to
  defaultNS.
  Fixes #​232.

inspect-js/is-generator-function (is-generator-function)

v1.1.2

Compare Source

Fixed

• [Fix] fix broken logic #45

Commits

• [Dev Deps] update @arethetypeswrong/cli, @ljharb/eslint-cig, @ljharb/tsconfig, @types/tape, for-each 9638da4
• [Deps] update call-bound, get-proto d5e41c1

v1.1.1

Compare Source

Commits

• [Refactor] use generator-function 5477ff1

v1.1.0

Compare Source

Commits

• [actions] reuse common workflows 7301651
• [actions] split out node 10-20, and 20+ 40f30a5
• [meta] use npmignore to autogenerate an npmignore file ec843a4
• [New] add types 6dd27c4
• [actions] update codecov uploader 717f85e
• [Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape 4280e62
• [actions] update rebase action to use reusable workflow 895c2d0
• [Tests] use for-each 3caee87
• [Robustness] use call-bound 1eb55de
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, object-inspect, tape 5bbd4cd
• [Robustness] use safe-regex-test 5f8b992
• [Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, tape c730f4c
• [Robustness] use get-proto 6dfff38
• [Tests] replace aud with npm audit 725db70
• [Deps] update has-tostringtag 5cc3c2d
• [Dev Deps] add missing peer dep 869a507

panva/jose (jose)

v6.2.2

Compare Source

Fixes

• reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Compare Source

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

v6.2.0

Compare Source

Features

• re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

• clarify return of general jws and jwe (56682b4)

KaTeX/KaTeX (katex)

v0.16.45

Compare Source

Bug Fixes

• wrap vcenter mpadded in mrow for valid MathML (#​4193) (ee66b78), closes #​4078

v0.16.44

Compare Source

Bug Fixes

• remove extra \jot space at bottom of align/gather/etc. (#​4184) (3870ee9)

v0.16.43

Compare Source

Bug Fixes

• use makeEm() consistently to truncate long CSS decimals (#​4181) (0967dcc)

v0.16.42

Compare Source

Features

• \underbracket and \overbracket (#​4147) (5be9abb)

v0.16.41

Compare Source

Bug Fixes

• \sout in text mode (#​4173) (e748578)

v0.16.40

Compare Source

Bug Fixes

• css: specify position: relative for .katex (#​4170) (020f0d8)

v0.16.39

Compare Source

Bug Fixes

• middle dot in text mode (#​4169) (edb45b0), closes #​3641

v0.16.38

Compare Source

Bug Fixes

• accent skew mixed with font specifiers (#​4159) (aea3375), closes #​4121

v0.16.37

Compare Source

Bug Fixes

• negative-width \hphantom and symmetric \smash (#​4153) (d4799ca)

v0.16.36

Compare Source

Bug Fixes

• contrib esm bloat (#​4157) (2bde1ad)

v0.16.35

[Compare Source](https://redirect.github.com/KaTeX/KaTeX/compar

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Only on Wednesday (* * * * 3)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[loopingz]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 24 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
packages/cli                             |  WARN  deprecated glob@11.1.0
Progress: resolved 62, reused 0, downloaded 0, added 0
Progress: resolved 78, reused 0, downloaded 0, added 0
Progress: resolved 79, reused 0, downloaded 0, added 0
 ERR_PNPM_NO_MATURE_MATCHING_VERSION  Version 6.0.3 (released 68 minutes ago) of typescript does not meet the minimumReleaseAge constraint

This error happened while installing a direct dependency of /tmp/renovate/repos/github/vertesia/composableai

The latest release of typescript is "6.0.3". Published at 4/16/2026 11:38:27 PM

Other releases are:
  * dev: 3.9.4 published at 5/29/2020
  * tag-for-publishing-older-releases: 4.1.6 published at 6/16/2021
  * insiders: 4.6.2-insiders.20220225 published at 2/25/2022
  * beta: 6.0.0-beta published at 2/11/2026
  * rc: 6.0.1-rc published at 3/6/2026
  * next: 6.0.0-dev.20260416 published at 4/16/2026 3:57:25 PM

If you need the full list of all 3760 published versions run "pnpm view typescript versions".

If you want to install the matched version ignoring the time it was published, you can add the package name to the minimumReleaseAgeExclude setting. Read more about it: https://pnpm.io/settings#minimumreleaseageexclude