fix(deps): update dependencies (non-major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@lexical/react (source)	0.39.0 → 0.44.0
@lexical/utils (source)	0.39.0 → 0.44.0
date-fns	4.1.0 → 4.3.0
geist (source)	1.5.1 → 1.7.1
html-react-parser	5.2.14 → 5.2.17
i18next-browser-languagedetector	8.2.0 → 8.2.1
i18next-http-backend	3.0.2 → 3.0.6
lexical (source)	0.39.0 → 0.44.0
lodash (source)	4.17.23 → 4.18.1
lucide-react (source)	0.563.0 → 0.577.0
marked (source)	17.0.1 → 17.0.6
react (source)	19.2.4 → 19.2.6
react-day-picker (source)	9.13.0 → 9.14.0
react-dom (source)	19.2.4 → 19.2.6
tailwind-merge	3.4.0 → 3.6.0
zustand	5.0.10 → 5.0.13

---

Release Notes

facebook/lexical (@​lexical/react)

v0.44.0

Compare Source

• lexical Chore Fix uuid dependency vulnerability (#​8399) Vishisht Maroria
• Fix Flow type errors in flow definition files (#​8396) Sherry
• lexical-extension Bug Fix Use maybeFromEditor in getPeerDependencyFromEditor (#​8398) Sherry
• lexical-playground Bug Fix Show floating link editor for single-character links (#​8392) mayrang
• lexical-list Bug Fix Toggle checklist items on mobile tap (#​8390) jWA
• lexical-playground Refactor Use floating-uireact for FloatingLinkEditorPlugin positioning (#​8388) mayrang
• build(deps) bump excalidrawexcalidraw from 0.18.0 to 0.18.1 (#​8389) dependabotbot
• lexical-react Bug Fix Fall back to root node in NodeContextMenuPlugin when click target has no Lexical node (#​8385) mayrang
• lexical-playground Feature Format HTML conversion with prettier (#​8386) Bob Ippolito
• lexical-linklexical-react Feature Allow custom punctuation for AutoLink boundaries (#​8378) Agyei Holy
• lexical-list Bug Fix Merge nested list into parent li during HTML export (#​8313) Sathvik Veerapaneni
• lexical-clipboardlexical-rich-textlexical-plain-text Bug Fix Drag-and-drop within the same block (#​8373) Bob Ippolito
• lexicallexical-utilslexical-list Bug Fix Clean up and test insertNodeToNearestRootAtCaret edge cases (#​8384) Bob Ippolito
• lexical-htmllexical-playground Feature Implement a well-defined ordering for DOMRenderExtension overrides and add decorateDOM (#​8368) Bob Ippolito
• lexicallexical-code-corelexical-listlexical-tablelexical-yjs Refactor make runtime style updates CSP-safe (#​8372) Agyei Holy
• lexical-list Bug Fix Ensure that ListItemNode always has a ListItem parent (#​8382) Bob Ippolito
• lexical-markdown Bug Fix Code spans take precedence over inline formatting in shortcuts (#​8381) Sherry
• lexical-playground Feature HTML conversion button (#​8379) Sergey Gorbachev
• address follow-redirects dependency vulnerability (#​8380) vishisht31
• lexical-markdown Bug Fix Escape ordered-list pattern in bullet list item export (#​8311) Sathvik Veerapaneni
• lexical Feature COMMANDPRIORITYBEFORE priorities for last-registered-called-first order (#​8375) Bob Ippolito
• lexical-react Bug Fix Dont auto-dispose editor from LexicalExtensionEditorComposer (#​8377) Bob Ippolito
• lexical-website Bug Fix Fix type checking for lexical-website package (#​8371) Bob Ippolito
• lexical-website Bug Fix Fix tailwindcss docusaurus config regression (#​8369) Bob Ippolito
• lexicallexical-html Feature Extensible DOM createupdateexport (#​8353) Bob Ippolito
• lexical-react Bug Fix Add yjs as optional peer dependency for Yarn PnP compatibility (#​8366) Kim Jong Hyen
• lexical-markdown Bug Fix Add undo history entry for markdown shortcut transforms (#​8365) Seongyu Kim
• lexical-text Chore Add deprecation notice to findTextIntersectionFromCharacters (#​8364) Bob Ippolito
• Chore Refactor CommonJS scripts to ESM modules (#​8355) Bob Ippolito
• Breaking Changelexical-code Bug Fix move code block escape logic to KEYENTERCOMMAND listener (#​8360) Anika
• lexicallexical-playground Fix Use the fallback matching for number keys in keyboard shortcuts (#​8361) Sergey Gorbachev
• address simple-git dependency vulnerability (#​8358) Sherry
• lexical Bug Fix Workaround for synchronous firefox focus edge case behavior (#​8356) Bob Ippolito
• Chore Cache build playwright before running e2e tests (#​8357) Bob Ippolito
• lexical Bug Fix Resolve Firefox arrow key navigation issue in collapsible nodes (#​8348) (#​8349) Mohmed Ikram
• lexicallexical-extension Chore Remove experimental flag from Extension and NodeState APIs (#​8354) Bob Ippolito
• Breaking Changelexical-offsetlexical Chore Deprecate the brokenundocumenteduntested OffsetView and export createChildrenArray from lexical (#​8350) Bob Ippolito
• build(deps) bump pnpmaction-setup from 4 to 6 in the github-actions group across 1 directory (#​8335) dependabotbot
• lexical-htmllexical-table Feature Inline CSS from style tags (#​8326) Tom Sarduy
• lexical-playground Feature Add PagesExtension (#​8322) Ibrahim El-bastawisi
• build(deps) bump zustand from 4.5.7 to 5.0.12 (#​8340) dependabotbot
• build(deps-dev) bump the dev-dependencies group across 1 directory with 42 updates (#​8347) dependabotbot
• lexical-code-prismlexical-code-shikilexical-playground Feature Add CodePrismExtension, CodeShikiExtension, and migrate playground plugins to extensions (#​8346) Bob Ippolito
• Chore Encourage agents to use extensions and config in AGENTS.md (#​8341) Bob Ippolito
• build(deps) bump docusaurus from 3.9.2 to 3.10.0, update typedoc, react (#​8339) dependabotbot
• build(deps) bump y-websocket from 1.5.4 to 3.0.0 (#​8343) dependabotbot
• build(deps) bump semver from 7.7.2 to 7.7.4 (#​8338) dependabotbot
• build(deps) bump docusaurusfaster from 3.9.2 to 3.10.0 (#​8342) dependabotbot
• chore update stale dev dependencies to resolve Dependabot alerts (#​8336) Michael
• chore remove examplefixture lockfiles from git to reduce Dependabot noise (#​8334) Michael
• lexical-markdown Bug Fix replace lookbehind assertions for Safari 16.4 compatibility (#​8332) Yahid Basha
• lexical-code-shiki Chore Upgrade shiki to 4.0.2 (#​8330) Bob Ippolito
• lexical-react Bug Fix Prevent error when editorRef is null (#​8329) Jimmy
• lexical-extension Fix Remove JSX dependency from DecoratorTextNode (#​8328) Bob Ippolito
• Security Override yaml to 1.10.3 to fix CVE-2026-33532 (#​8324) Sherry
• lexical-playground Collapsible Section Animations (#​8323) Ivaylo Pavlov
• Update examples for v0.43.0 (#​8321) Bob Ippolito
• lexical-website Feature Add more examples to the demos gallery with local screenshot captures (#​8316) Bob Ippolito
• v0.43.0 (#​8319) Bob Ippolito
• v0.43.0 Lexical GitHub Actions Bot

v0.43.0

Compare Source

• lexical-link Bug Fix Preserve cursor position when merging adjacent identical links (#​8309) Sathvik Veerapaneni
• Breaking Changelexical Bug Fix Use asynchronous parent editor delegation when needed (#​8308) Bob Ippolito
• Chore Upgrade vite to 7.3.2 (#​8307) Bob Ippolito
• lexical Chore Upgrade ESLint 8 to ESLint 10 with flat configuration (#​8287) Bob Ippolito
• lexical-website Documentation Update clarify Yjs custom node property syncing (#​8288) Ved Thakar
• lexical-react Feature Add lexicalreactuseExtensionSignalValue module for reading signals (#​8286) Bob Ippolito
• example Feature Add a new agent-example using a local LLM (#​8281) Bob Ippolito
• lexical-yjs Feature Add CSS classes to collaboration cursor elements (#​8271) Mike Burton
• build(deps) bump lodash-es from 4.17.22 to 4.18.1 (#​8279) dependabotbot
• lexical-utilslexical-extension Bug Fix Fix insertNodeIntoLeaf edge case and update preactsignals-core, hermes, and flow related dependencies (#​8276) Bob Ippolito
• lexical-website Chore community page updates (#​8270) Bob Ippolito
• lexical-markdown Bug Fix Preserve markdown hard line breaks during import when newlines are preserved (#​8265) joshjryan
• Bump flow and replace legacy flow syntax with modern ones (#​8277) Sam Zhou
• lexical-headless Bug Fix Use window.happyDOM.close() to ensure proper cleanup (#​8274) Bob Ippolito
• lexical Fix merge TextNodes when state contains different number of default values (#​8273) James Fitzsimmons
• lexical-website Feature ui improvement in the homepage of lexical.dev (#​8216) Matheus SantAnna
• build(deps) bump happy-dom from 20.8.8 to 20.8.9 (#​8269) dependabotbot
• lexical Fix Replaced the function insertNodes with insertNodeIntoLeaf for consistent behavior of Decorator Node within MarkNode (#​8266) Ajinkya Nikam
• examples Feature Added examples (for the website) (#​8258) Matheus SantAnna
• lexical Fix exclude Android WebView from ISSAFARI browser detection (#​8267) K
• lexical-playground Bug Fix Use isExactShortcutMatch for Dvorak keyboard compatibility (#​8260) Sathvik Veerapaneni
• build(deps) bump happy-dom from 20.0.11 to 20.8.8 (#​8264) dependabotbot
• lexical-table Bug Fix Infer column header state from position during DOM import (#​8259) Sathvik Veerapaneni
• lexical-selection Bug Fix Make getSelectionStyleValueForProperty direction-independent (#​8261) Sathvik Veerapaneni
• build(deps) bump astro from 5.18.0 to 5.18.1 in scriptstestsintegrationfixtureslexical-esm-astro-react (#​8262) dependabotbot
• lexical-code-prismlexical-code-shiki Bug Fix Remove usage of skipTransforms in CodeHighlighterPrism and CodeHighlighterShiki (#​8254) Bob Ippolito
• Chore Update flow-bin to 0.306.0 and add incompatible-variance workaround (#​8253) Bob Ippolito
• Chore Github CI workflows action updates and run with node 24 (#​8248) Bob Ippolito
• Chore Update unit tests with extensions to use explicit resource management (using) (#​8243) Bob Ippolito
• examples Chore Update examples for v0.42.0 (#​8246) Bob Ippolito
• build(deps) bump next from 15.5.11 to 15.5.14 in scriptstestsintegrationfixtureslexical-esm-nextjs (#​8242) dependabotbot
• v0.42.0 (#​8245) Bob Ippolito
• v0.42.0 Lexical GitHub Actions Bot

v0.42.0

Compare Source

• lexical-table Bug Fix handle table selections crossing intoout of nested tables (#​8234) Randal
• lexical-link Feature Merge adjacent LinkNodes with identical attributes (#​8236) Achal Jhawar
• build(deps) bump next from 15.5.11 to 16.1.7 in scriptstestsintegrationfixtureslexical-esm-nextjs (#​8232) dependabotbot
• lexical-rich-text Bug Fix use writable node in HeadingNode.setTag (#​8235) Karesansui
• lexical-devtools-core Bug Fix Clean up strict mode useLexicalCommandsLog behavior (#​8230) Bob Ippolito
• lexical-playground Chore Remove unused code from playground TablePlugin (#​8231) Bob Ippolito
• lexical-extensionlexical-react Feature LexicalExtensionEditorComposer, NestedEditorExtension, and fixed SharedHistoryExtension with playground refactor (#​8202) Bob Ippolito
• lexical-codelexical-marklexical-reactlexical-tablelexical-rich-textlexical-link Bug Fix Add and fix afterCloneFrom implementations (#​8229) Bob Ippolito
• lexical-playground Bug fix make clear formatting work on multiple paragraphs (#​8224) Piotr Dbrowski
• lexical-eslint-plugin Chore update lexicaleslint-plugin for better eslint 9 support, finish jest to vitest migration (#​8227) Bob Ippolito
• lexical Fix Fixing cursor position after inline equation, fix block equations (#​8228) Ajinkya Nikam
• lexical-link Refactor add afterCloneFrom method to LinkNodeAutoLinkNode (#​8226) Sergey Gorbachev
• lexical-list Fix create copies ListNodeListItemNode in split-like operations (#​8213) Sergey Gorbachev
• lexical-website Fix Correct the mistake in the argument in the example on the Updates page (#​8225) Sergey Gorbachev
• lexical-tablelexical-playground Breaking change Move hasFitNestedTables logic to Playground plugin (#​8210) Randal
• lexical Fix Consecutive Linebreak insertion resets selection format (#​8222) Ajinkya Nikam
• lexical-markdownlexical-playground Bug Fix Convert tabs in TabNode at import (#​8211) Simon
• lexical Feature LexicalEditor RootListener and EditableListener can return unregister callbacks (#​8219) Bob Ippolito
• lexicallexical-listlexical-markdown Feature resetOnCopyNode configuration to NodeState and LexicalNode.resetOnCopyNodeFrom hook (#​8221) Bob Ippolito
• lexical Bug Fix When the editor starts with an empty list item, pressing ctrlbackspace (deleteWord) should replace the list with a paragraph (#​8220) Ajinkya Nikam
• lexical Bug Fix respect CSS scroll-padding in scrollIntoViewIfNeeded (#​8218) Takenosuke Nagata
• lexical-utilslexical-playground Feature Add insertNodeIntoLeaf and insert deeply DateTimeNode (#​8206) Sergey Gorbachev
• lexical-table Chore add test for mouse leaving browser window during table selection (#​8215) Takenosuke Nagata
• lexical-playground Fix use inline style for LayoutContainerNode import (#​8214) ByungGyu-Yu
• lexical-website Bug Fix Removed blog route from lexical.dev (#​8209) Matheus SantAnna
• lexical-table Refactor Call handleTableSelectionChangeCommand once instead of per-table (#​8200) Randal
• lexical-react Revert revert Remove deprecated ContextMenu, consolidate menu rendering with backward-compatible menuRenderFn (#​8199) Michael
• lexical-table Bug Fix Prevent single-cell table selection after exiting table selection (#​8195) Randal
• lexical-code Breaking Change Extract Prism code highlighting to lexicalcode-prism (with internal module lexicalcode-core to avoid circular import) (#​8198) Bob Ippolito
• lexical-table Bug Fix Improve nested table selection by using monolithic pointer event handling (#​8193) Randal
• lexical-markdown Bug Fix update backslash escape handling to align with CommonMark (#​8192) kimseongyu
• lexical-tablelexical-playground Feature nested tables resize themselves if hasFitNestedTables true (#​8183) Randal
• lexical-table Refactor use monolithic listener for table SELECTIONCHANGECOMMAND and deselection handler (#​8187) Randal
• lexical Chore Change alias from type to interface for EditorThemeClasses (#​8190) Sergey Gorbachev
• lexical-playground Chore Remove legacy-events mode (#​8188) Sergey Gorbachev
• lexical-playground Fix add fallback for dimensionless images to prevent collapse (#​8186) Sa-Te
• lexical-link Bug Fix Enable autolink matching when it unlinked (#​8165) Sergey Gorbachev
• Fix rollup CVE-2026-27606 in example project lockfiles (#​8182) Michael
• lexical Chore Fix rollup CVE-2026-27606 across all lockfiles (#​8173) Michael
• lexical Security Fix isaacsbrace-expansion vulnerability (CVE-2026-25547) (#​8175) Michael
• lexical Chore Fix form-data CVE-2025-7783 in root lockfile (#​8174) Michael
• lexical-markdown Fix enforce CommonMark flanking rules for trailing spaces (#​8170) Sa-Te
• lexical Security Fix qs vulnerability (CVE-2025-15284) (#​8176) Michael
• Fix cross-spawn vulnerability (CVE-2024-21538) by removing child-process-promise (#​8177) Michael
• lexical Chore Fix minimatch CVE-2026-26996 in example projects (#​8169) Michael
• Update examples for v0.41.0 (#​8171) Bob Ippolito
• v0.41.0 (#​8166) Bob Ippolito
• v0.41.0 Lexical GitHub Actions Bot

v0.41.0

Compare Source

• lexical Bug Fix Move new paragraph outside inline element in insertParagraph (#​8158) Achal Jhawar
• lexical-markdown Bug Fix Prevent nesting links creation (#​8164) Sergey Gorbachev
• tests Chore Update yaml-language-server in lexical-esm-astro-react integration fixture (#​8163) PikkaPikkachu
• lexical Bug Fix Maintain format when replace multiple formatted text nodes with composition text (#​8162) kimseongyu
• lexical-markdown Fix Prevent markdown shortcut link transformer from being too greedy (#​8161) Bob Ippolito
• feat add focus event option for the checklist extension (#​8105) Tulio
• lexical Bug Fix Fix selected text not properly deleted after IME input on Safari (macOS) (#​8154) Kawashima Shota (shiba)
• lexical-core Bug fix support dom selection for elements with slots (#​8159) Maksim Horbachevsky
• lexical-rich-text Bug Fix Inherit format and style when inserting tab (#​8152) kimseongyu
• lexical-playground Bug Fix Code block formatting in unintended adjacent lines (#​8149) Achal Jhawar
• lexical Bug Fix Do not apply format and style when moving to different node in composition (#​8148) kimseongyu
• lexical-history Bug Fix History not record composing character (#​8142) Senasiko
• lexical-website Chore Add a website build step to Github Actions in CI (#​8146) Bob Ippolito
• docs fix formatting and update browser support table (#​8144) IkyssOffc
• lexical-extension Feature Implement DecoratorTextExtension applying format to DecoratorTextNode (#​8114) Sergey Gorbachev
• lexical-markdown Feature Support Enter key after to create code block (#​8140) Achal Jhawar
• lexical-link Bug Fix toggleLink removes link when selection is collapsed (#​8138) Senasiko
• lexical-website Chore Update supported browsers list to Safari 15, Chrome 86, Firefox 115 (#​8141) Bob Ippolito
• lexical-playground Clean up old Table Hover Actions (#​8139) Ivaylo Pavlov
• lexical-link Bug Fix Add AutoLinkNode to AutoLinkExtension node dependencies (#​8137) Bob Ippolito
• lexical-playground Fix Increase toolbar z-index to prevent content overlap (#​8134) Sa-Te
• Breaking Changelexical Bug Fix Fix --lexical-indent-base-value CSS variable override (#​8132) Achal Jhawar
• lexical-code Bug Fix Allow moving caret outside code block (#​7918) Simon
• lexical-table Fix Preserve Background Color when pasting table rows inside table. (#​8131) Sa-Te
• lexical Bug Fix Do not move anchor when inserting composition start char (#​8121) kimseongyu
• lexical-react Annotate deprecated to menuRenderFn with NodeContext (#​8001) Michael
• lexical-playgroundlexical-link Bug Fix Prevent AutoLinkNode from creating extra paragraphs (#​8127) Sebastian
• lexical-playground Rearrange table columns (#​8063) Ivaylo Pavlov
• lexical-link Bug Fix Prevent AutoLink from linking URLs inside code blocks (#​8123) Achal Jhawar
• lexical-extensionlexical-rich-textlexical-react Feature Support configuration of indentable nodes (#​8122) Sergey Gorbachev
• lexical Bug Fix Remove empty parent node in nested list (#​8118) Senasiko
• lexical-playground tests for ComponentPickerMenuPlugin (#​8128) Syed Umar Anis
• lexical-markdown Bug Fix Fix nested fenced code blocks parsing and export (#​8116) Abdul Alim
• lexical-list Feature Preserve ordered list numbering when split by blocks or paragraphs (#​8092) Sa-Te
• lexical Feature Support legacy align attribute in ParagraphNode importDOM (#​8115) Sa-Te
• Fix(table) Support scope attribute in HTML import. (#​8094) Sa-Te
• lexical Chore Stabilize playground collab WebKit E2E test waits (#​8113) Szymon Rczka
• lexical-tablelexical-playground Feature Implement fit nested tables for nested table pasting (#​8097) Randal
• Update examples for v0.40.0 and pnpm (#​8110) Bob Ippolito
• lexical Bug Fix Prevent layout thrashing when setting element indent for no indent case (#​8111) InanBerkin
• v0.40.0 (#​8104) Bob Ippolito
• v0.40.0 Lexical GitHub Actions Bot

v0.40.0

Compare Source

• lexical Bug Fix Refactor RootNode.cachedText computation for coherency (#​8099) Bob Ippolito
• lexical-markdown Bug Fix Replace regex-based format matching with (#​8093) kimseongyu
• Fix(Playground) Prevent code block line wrapping to keep line number (#​8087) Sa-Te
• lexical-table Chore Fix test for nested table pasting (#​8088) Randal
• lexicallexicaltable Bug Fix Fix inconsistent multi-cell selection in 2x2 tables (#​8081) Aldo Lata Soba
• lexical-markdown Bug Fix Fix incorrect format tag placement at link boundaries (#​8085) kimseongyu
• lexical-link Bug Fix Toggle links with nested children (#​8078) Patrick Moody
• lexical-react Chore Expose onReposition prop on SelectionAlwaysOnDisplay (#​8071) Daniel Teo
• lexicallexicaltable Fix CtrlA to select all cells in table with merged cells #​8074 (#​8076) Aldo Lata Soba
• lexicallexicallink Bug Fix Fix infinite transform loop in AutoLinkPlugin (#​8070) Aldo Lata Soba
• lexical-list Bug Fix Treat whitespace-only list items as empty when pressing Enter (#​8068) Michael Shafer
• lexical Bug Fix format removed on multi selection after replace (#​8069) kimseongyu
• lexicallexicalreact Bug Fix Fix cursor disappearing in Firefox when dragging blocks (#​8065) Aldo Lata Soba
• lexical-playground Add button shows the Component Picker (#​8066) Ivaylo Pavlov
• lexical-react Bug Fix Clear remote cursor immediately on collaborator refresh (#​8062) Aldo Lata Soba
• lexical-playground Column Sort for Basic Table (#​8060) Ivaylo Pavlov
• lexical-playground New Table Hover Actions Plugin (#​8057) Ivaylo Pavlov
• lexical-playground Draggable handle and dropdown CSS zoom fix (#​8052) Ivaylo Pavlov
• docs Documentation Update Fix incorrect and broken links in README (#​8055) Haafiz
• lexical-list Bug Fix fix selection issue from list transform on linebreak (#​8049) Miklos Ballo
• Allow publish to run on detached head (#​8054) Gerard Rovira
• lexical-playground Draggable block handle gliding effect (#​8042) Ivaylo Pavlov
• Override workspace with actual version on npm bundle (#​8051) Gerard Rovira
• Use PNPM workspace feature for publish (#​8050) Gerard Rovira
• lexical-playground Color table resize handle (#​8043) Ivaylo Pavlov
• Nightlies fix frozen lockfile (#​8048) Gerard Rovira
• Nightlies publish param (#​8045) Gerard Rovira
• npm - pnpm (#​8035) Gerard Rovira
• README tweaks (#​8033) Gerard Rovira
• Agent documentation (#​8031) Gerard Rovira
• Chore Update examples for v0.39.0 (#​8024) Bob Ippolito
• Chore Add an ignore-previously-published arg to the publish action (#​8023) Bob Ippolito
• v0.39.0 (#​8021) Bob Ippolito
• v0.39.0 Lexical GitHub Actions Bot

date-fns/date-fns (date-fns)

v4.3.0

Compare Source

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #​4193.

• Fixed pt locale first day of week to be Sunday. See #​4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #​4194 by @​puneetdixit200.

v4.2.1

Compare Source

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

Compare Source

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

vercel/geist-font (geist)

v1.7.1

Compare Source

Patch Changes

• c8ed578: Fix Geist Mono rendering source-code text with unintended programming ligatures.

  v1.7.0 unintentionally activated programming-ligature substitutions (-->, ==, !=, ..., --, etc.) under the liga (Standard Ligatures) OpenType feature, which is on by default in every renderer. As a result, text like --debug-prerender, [id...], [...id], or NODE_OPTIONS='--debug-prerender' node rendered with ligated glyphs and broke monospace alignment in code.

  The source-level fix is in #​217; this release ships the rebuilt binaries.

v1.7.0

Compare Source

Minor Changes

• d7ef63c: We're excited to announce a new member to our font family: Geist Pixel

  It's a display typeface family featuring five unique pixel-based variants, each with a distinct visual style. It is designed for decorative use in headlines, logos, and other display contexts where a pixelated aesthetic is desired.

  It includes five distinct variants, each exported separately:

  Export	CSS Variable	Description
  GeistPixelSquare	--font-geist-pixel-square	Square pixel shapes
  GeistPixelGrid	--font-geist-pixel-grid	Grid-based pixel pattern
  GeistPixelCircle	--font-geist-pixel-circle	Circular pixel shapes
  GeistPixelTriangle	--font-geist-pixel-triangle	Triangular pixel shapes
  GeistPixelLine	--font-geist-pixel-line	Line-based pixel pattern

  import {
    GeistPixelSquare,
    GeistPixelGrid,
    GeistPixelCircle,
    GeistPixelTriangle,
    GeistPixelLine,
  } from "geist/font/pixel";

remarkablemark/html-react-parser (html-react-parser)

v5.2.17

Compare Source

Bug Fixes

• deps: bump html-dom-parser from 5.1.7 to 5.1.8 (#​2113) (c53a612)

v5.2.16

Compare Source

Build System

• deps: bump html-dom-parser from 5.1.4 to 5.1.7 (#​2100) (461624b)

v5.2.15

Compare Source

Bug Fixes

• esm: set explicit file extension for ./lib/utilities (d8fd0c5)

i18next/i18next-browser-languageDetector (i18next-browser-languagedetector)

v8.2.1

Compare Source

• Add missing typescript definition for hash options 33154

i18next/i18next-http-backend (i18next-http-backend)

v3.0.6

Compare Source

• fix: allow forward slashes in ns values so nested namespace names (mapping to URL layouts such as /locales/en/a/b.json) fetch correctly again. 3.0.5's security fix applied the same strict URL-segment check to both lng and ns, which was correct for lng (no BCP-47 shape contains /) but over-strict for ns — nested namespaces containing / were never officially supported, but the behaviour fell out of the implicit string-substitution semantics of loadPath and is common enough in the wild to be worth accommodating. isSafeUrlSegment is now split into isSafeLangUrlSegment (strict — still rejects /) and isSafeNsUrlSegment (loose — allows / but still rejects .., \, URL-structure characters, control chars, prototype keys, and oversized inputs). isSafeUrlSegment is kept as a backwards-compatible alias for the strict check. The 3.0.5 security fix remains in force for every concrete attack pattern from the original advisory.

v3.0.5

Compare Source

Security release — all issues found via an internal audit. See published advisory GHSA-q89c-q3h5-w34g.

• security: refuse to build request URLs when lng or ns values contain path-traversal, URL-structure (?, #, %, @, whitespace), path separators, control characters, prototype keys, or exceed 128 chars. Prevents path traversal / SSRF / URL injection via attacker-controlled language-code values. isSafeUrlSegment is permissive for legitimate i18next language codes (any BCP-47-like shape, underscores, hyphens, dots, +-joined multi-language requests) (GHSA-q89c-q3h5-w34g)
• security: per-instance omitFetchOptions — the fetch-options-stripping fallback is now scoped to a single backend instance via options._omitFetchOptions instead of a module-level boolean. One instance hitting a "not implemented" fetch error no longer permanently strips requestOptions (including credentials, mode, cache) from every other backend instance in the same process
• security: strip CR/LF/NUL and other C0/C1 control characters from lng/ns / URL values before they appear in error-callback strings (CWE-117 log forging)
• security: redact user:password credentials from URLs before including them in error-callback strings — prevents leaking basic-auth credentials embedded in loadPath / addPath
• security: iterate own enumerable keys only (Object.keys + prototype-key guard) in addQueryString and in the customHeaders loop in XHR mode — prevents prototype-pollution amplification into the URL and request headers
• chore: ignore .env* and *.pem/*.key files in .gitignore

v3.0.4

Compare Source

• use own interpolation function for loadPath and addPath instead of relying on i18next's interpolator i18next#2420 — this means only {{lng}} and {{ns}} placeholders are supported; custom interpolation prefix/suffix from i18next config no longer applies to backend paths

lodash/lodash (lodash)

v4.18.1

Compare Source

v4.18.0

Compare Source

lucide-icons/lucide (lucide-react)

v0.577.0: Version 0.577.0

Compare Source

What's Changed

• chore(deps): bump rollup from 4.53.3 to 4.59.0 by @​dependabot[bot] in #​4106
• fix(repo): correctly ignore docs/releaseMetadata via .gitignore by @​bhavberi in #​4100
• feat(icons): added ellipse icon by @​KISHORE-KUMAR-S in #​3749

New Contributors

• @​bhavberi made their first contribution in #​4100
• @​KISHORE-KUMAR-S made their first contribution in #​3749

Full Changelog: lucide-icons/lucide@0.576.0...0.577.0

v0.576.0: Version 0.576.0

Compare Source

What's Changed

• Added zodiac signs by @​karsa-mistmere in #​712
• fix(icons): fixes guideline violations in package-* icons. by @​karsa-mistmere in #​4074
• fix(icons): changed receipt icon by @​karsa-mistmere in #​4075
• fix(icons): updated cuboid icon tags and categories by @​karsa-mistmere in #​4095
• fix(icons): changed cuboid icon by @​jamiemlaw in #​4098
• fix(lucide-font, lucide-static): Fixing stable code points by @​ericfennis in #​3894
• feat(icons): added fishing-rod icon by @​7ender in #​3839

Full Changelog: lucide-icons/lucide@0.575.0...0.576.0

v0.575.0: Version 0.575.0

Compare Source

What's Changed

• feat(icons): added message-square-check icon by @​karsa-mistmere in #​4076
• fix(lucide): Fix ESM Module output path in build by @​ericfennis in #​4084
• feat(icons): added metronome icon by @​edwloef in #​4063
• fix(icons): remove execution permission of SVG files by @​duckafire in #​4053
• fix(icons): changed file-pen-line icon by @​jguddas in #​3970
• feat(icons): added square-arrow-right-exit and square-arrow-right-enter icons by @​EthanHazel in #​3958
• fix(icons): renamed flip-* to square-centerline-dashed-* by @​jguddas in [#​3945](https://r

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
2do-txt	Error		May 23, 2026 2:00am