build(deps): Bump streamdown from 1.1.4 to 2.5.0

[dependabot]

Bumps streamdown from 1.1.4 to 2.5.0.

Release notes

Sourced from streamdown's releases.

streamdown@2.5.0

Minor Changes

• d6666b6: Add lineNumbers prop to disable line numbers in code blocks
• d4ec6c0: Add meta prop to CustomRendererProps. Custom renderers now receive the raw metastring from the code fence (everything after the language identifier, e.g. ```rust {1} title="foo" → meta = '{1} title="foo"'). The prop is optional (meta?: string) and is undefined when no metastring is present. Existing custom renderers are unaffected.

Patch Changes

• ac8d839: Add staggered animation-delay to streaming word/character animations so new content cascades in sequentially instead of all animating simultaneously. Configurable via the new stagger option (default 40ms). Set stagger: 0 to restore the previous behavior.

• add5374: Enable horizontal scrolling on code blocks so long lines are accessible instead of being clipped by overflow-hidden.

• 75845c0: Fix unnecessary re-renders of code blocks during streaming updates.

  Problem: In streaming mode, when new content arrives (e.g. a paragraph is appended), completed code blocks that haven't changed were still re-rendering. This happened because the Streamdown component used inline object literals as default parameter values for linkSafety ({ enabled: true }). Every time children changed and Streamdown re-rendered, these inline defaults created new references, which caused the contextValue useMemo to recompute a new StreamdownContext object. Since React propagates context changes through memo boundaries, any context consumer inside a memoized Block (such as CodeBlock) would re-render even though the block's own props were unchanged.

  Fix: Extract the inline default values for linkSafety into module-level constants (defaultLinkSafetyConfig). This ensures referential stability across renders, so contextValue only recomputes when the actual values change — not just because children updated.

• 8b1c262: fix: prepend UTF-8 BOM to CSV downloads for Excel compatibility

  • save() now prepends \uFEFF for text/csv string content so Excel on Windows detects UTF-8 encoding instead of falling back to ANSI.
  • TableDownloadButton refactored to use save() instead of inline Blob creation, ensuring the public API also gets the BOM fix.

• b105c64: Fix custom tag content being prematurely split when content follows the opening tag on the same line and contains double newlines (\n\n). The preprocessor now ensures proper HTML block structure so the parser treats the entire tag as a single unit.

• 9e6f991: Increase dropdown z-index for table copy and download menus to prevent clipping by surrounding elements.

• 9c18748: docs: document required CSS custom properties (shadcn/ui design tokens) in README

• 7b62e9a: Replace Tailwind v4-only *:last: and *:first: variant syntax with [&>*:last-child]: and [&>*:first-child]: arbitrary variants for compatibility with both Tailwind CSS v3 and v4. Fixes caret rendering on every line instead of only the last child in v3.

• Updated dependencies [e50b0c4]

• Updated dependencies [716a5f0]

  • remend@1.3.0

streamdown@2.4.0

Minor Changes

• 5edff75: Clarified Tailwind @source configuration for Streamdown and optional plugins. Updated documentation to keep the global @source for core streamdown only, move plugin @source guidance to plugin docs with examples, and add a caveat to include plugin entries only if installed.

• 57cd3b5: Add support for custom starting line numbers in code blocks via the startLine meta option.

  Code blocks can now specify a starting line number in the meta string:

  ```js startLine=10

... (truncated)

Changelog

Sourced from streamdown's changelog.

2.5.0

Minor Changes

• d6666b6: Add lineNumbers prop to disable line numbers in code blocks
• d4ec6c0: Add meta prop to CustomRendererProps. Custom renderers now receive the raw metastring from the code fence (everything after the language identifier, e.g. ```rust {1} title="foo" → meta = '{1} title="foo"'). The prop is optional (meta?: string) and is undefined when no metastring is present. Existing custom renderers are unaffected.

Patch Changes

• ac8d839: Add staggered animation-delay to streaming word/character animations so new content cascades in sequentially instead of all animating simultaneously. Configurable via the new stagger option (default 40ms). Set stagger: 0 to restore the previous behavior.

• add5374: Enable horizontal scrolling on code blocks so long lines are accessible instead of being clipped by overflow-hidden.

• 75845c0: Fix unnecessary re-renders of code blocks during streaming updates.

  Problem: In streaming mode, when new content arrives (e.g. a paragraph is appended), completed code blocks that haven't changed were still re-rendering. This happened because the Streamdown component used inline object literals as default parameter values for linkSafety ({ enabled: true }). Every time children changed and Streamdown re-rendered, these inline defaults created new references, which caused the contextValue useMemo to recompute a new StreamdownContext object. Since React propagates context changes through memo boundaries, any context consumer inside a memoized Block (such as CodeBlock) would re-render even though the block's own props were unchanged.

  Fix: Extract the inline default values for linkSafety into module-level constants (defaultLinkSafetyConfig). This ensures referential stability across renders, so contextValue only recomputes when the actual values change — not just because children updated.

• 8b1c262: fix: prepend UTF-8 BOM to CSV downloads for Excel compatibility

  • save() now prepends \uFEFF for text/csv string content so Excel on Windows detects UTF-8 encoding instead of falling back to ANSI.
  • TableDownloadButton refactored to use save() instead of inline Blob creation, ensuring the public API also gets the BOM fix.

• b105c64: Fix custom tag content being prematurely split when content follows the opening tag on the same line and contains double newlines (\n\n). The preprocessor now ensures proper HTML block structure so the parser treats the entire tag as a single unit.

• 9e6f991: Increase dropdown z-index for table copy and download menus to prevent clipping by surrounding elements.

• 9c18748: docs: document required CSS custom properties (shadcn/ui design tokens) in README

• 7b62e9a: Replace Tailwind v4-only *:last: and *:first: variant syntax with [&>*:last-child]: and [&>*:first-child]: arbitrary variants for compatibility with both Tailwind CSS v3 and v4. Fixes caret rendering on every line instead of only the last child in v3.

• Updated dependencies [e50b0c4]

• Updated dependencies [716a5f0]

  • remend@1.3.0

2.4.0

Minor Changes

• 5edff75: Clarified Tailwind @source configuration for Streamdown and optional plugins. Updated documentation to keep the global @source for core streamdown only, move plugin @source guidance to plugin docs with examples, and add a caveat to include plugin entries only if installed.

• 57cd3b5: Add support for custom starting line numbers in code blocks via the startLine meta option.

  Code blocks can now specify a starting line number in the meta string:

  ```js startLine=10
  const x = 1;
  ```

  This renders line numbers beginning at 10 instead of the default 1. The feature works by parsing the startLine=N value from the fenced-code meta string and applying counter-reset: line N-1 to the <code> element.

... (truncated)

Commits

• 15ba1ae Version Packages (#457)
• b752b44 fix(streamdown): move mermaid from devDependencies to dependencies (#466)
• 90a7b58 Run fix
• 9e6f991 fix(streamdown): increase dropdown z-index (#463)
• d6666b6 feat: add lineNumbers prop to disable line numbers in code blocks (#460)
• 6a79e04 fix(streamdown): preserve double newlines in literalTagContent tags (#459)
• b9796c8 Improve test coverage
• 6b49db1 Fix polynomial regular expression issue
• 6d4100a Update utils.test.ts
• 9f8ed4c Lint fixes
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for streamdown since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

PR-Codex overview

This PR focuses on updating various package dependencies in the package.json and pnpm-lock.yaml files, enhancing compatibility and performance by upgrading to newer versions.

Detailed summary

• Updated streamdown from ^1.1.4 to ^2.5.0.
• Updated @noble/hashes from 1.8.0 to 2.2.0.
• Updated next from 15.3.8 with @babel/core from 7.28.4 to 7.29.0.
• Updated @storybook related packages to version 9.0.15 with utf-8-validate from 6.0.5 to 6.0.6.
• Updated @babel plugins and presets to the latest versions.
• Updated @expo packages to newer versions for compatibility.
• Updated @emotion packages to the latest versions.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[changeset-bot]

⚠️ No Changeset found

Latest commit: fe012e6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs-v2	Ready	Preview, Comment	Apr 28, 2026 0:08am
nebula	Ready	Preview, Comment	Apr 28, 2026 0:08am
thirdweb_playground	Error		Apr 28, 2026 0:08am
thirdweb-www	Error		Apr 28, 2026 0:08am
wallet-ui	Ready	Preview, Comment	Apr 28, 2026 0:08am

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​wagmi/​cli@​2.8.0 ⏵ 2.10.0	-20			-2
	streamdown@​1.1.4 ⏵ 2.5.0	+29		+1	-5

View full report