chore(deps): bump i18next-http-backend from 1.4.5 to 3.0.5

[dependabot]

Bumps i18next-http-backend from 1.4.5 to 3.0.5.

Changelog

Sourced from i18next-http-backend's changelog.

3.0.5

Security release — all issues found via an internal audit. See published advisory GHSA-q89c-q3h5-w34g.

• security: refuse to build request URLs when lng or ns values contain path-traversal, URL-structure (?, #, %, @, whitespace), path separators, control characters, prototype keys, or exceed 128 chars. Prevents path traversal / SSRF / URL injection via attacker-controlled language-code values. isSafeUrlSegment is permissive for legitimate i18next language codes (any BCP-47-like shape, underscores, hyphens, dots, +-joined multi-language requests) (GHSA-q89c-q3h5-w34g)
• security: per-instance omitFetchOptions — the fetch-options-stripping fallback is now scoped to a single backend instance via options._omitFetchOptions instead of a module-level boolean. One instance hitting a "not implemented" fetch error no longer permanently strips requestOptions (including credentials, mode, cache) from every other backend instance in the same process
• security: strip CR/LF/NUL and other C0/C1 control characters from lng/ns / URL values before they appear in error-callback strings (CWE-117 log forging)
• security: redact user:password credentials from URLs before including them in error-callback strings — prevents leaking basic-auth credentials embedded in loadPath / addPath
• security: iterate own enumerable keys only (Object.keys + prototype-key guard) in addQueryString and in the customHeaders loop in XHR mode — prevents prototype-pollution amplification into the URL and request headers
• chore: ignore .env* and *.pem/*.key files in .gitignore

3.0.4

• use own interpolation function for loadPath and addPath instead of relying on i18next's interpolator i18next#2420 — this means only {{lng}} and {{ns}} placeholders are supported; custom interpolation prefix/suffix from i18next config no longer applies to backend paths

3.0.2

• optimize fetchApi selector

3.0.1

• try to get rid of top-level await

3.0.0

• fix for Deno 2 and removal of unnecessary .cjs file
• for esm build environments not supporting top-level await, you should import the i18next-http-backend/cjs export or stay at v2.6.2 or v2.7.1

2.7.3

• optimize fetchApi selector [backported]

2.7.1

• same as 2.6.2

2.7.0

• deprecated, same as v3.0.0

2.6.2

• improve network error detection across browsers 152

2.6.1

• optimize "Failed to fetch" retry case 147

2.6.0

... (truncated)

Commits

• 5757fa3 3.0.5
• 4cee84f security: hardening for 3.0.5
• 4cbc487 Bump next from 16.2.1 to 16.2.3 in /example/next (#180)
• 0d7dcbb make last change more clear
• c740e01 year
• e1dc72b changelog fix
• 4dbb485 3.0.4
• 5f33a0c use own interpolation function for loadPath and addPath instead of relying on...
• 681c09d update ci actions
• e63ff16 adjust deno test
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 91e1223

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Storybook for this PR deployed on this github page

[github-actions]

Title	Lines	Statements	Branches	Functions
assets-api		28.4% (25/88)	30.76% (16/52)	21.42% (3/14)
cmf		89.43% (1244/1391)	83.46% (626/750)	89.76% (351/391)
cmf-cqrs		86.33% (158/183)	71.42% (60/84)	82.45% (47/57)
cmf-router		69.23% (135/195)	55.71% (78/140)	56.81% (25/44)
components		90.63% (5564/6139)	82.41% (3228/3917)	88.14% (1390/1577)
containers		83.44% (1391/1667)	75.16% (702/934)	75% (327/436)
dataviz		85.67% (329/384)	65% (156/240)	75.94% (120/158)
design-system		66.96% (1038/1550)	51.68% (552/1068)	53.92% (220/408)
faceted-search		85.35% (641/751)	80% (292/365)	82.24% (227/276)
flow-designer		72.31% (674/932)	77.71% (415/534)	71.02% (201/283)
forms		86.17% (1645/1909)	76.71% (939/1224)	84.77% (462/545)
http		100% (85/85)	98.07% (51/52)	100% (34/34)
sagas		92.3% (24/26)	66.66% (4/6)	50% (2/4)
stepper		81.81% (153/187)	60.43% (55/91)	81.25% (39/48)
utils		100% (73/73)	90.9% (10/11)	100% (24/24)