chore(deps): bump the website group across 1 directory with 2 updates

[dependabot]

Bumps the website group with 2 updates in the /website directory: @excalidraw/excalidraw and posthog-js.

Updates @excalidraw/excalidraw from 0.17.6 to 0.18.0

Release notes

Sourced from @​excalidraw/excalidraw's releases.

v0.18.0 (2025-03-11)

Excalidraw Library

0.18.0 (2025-03-11)

Highlights

• Command palette #7804

• Multiplayer undo / redo #7348

• Editable element stats #6382

• Text element wrapping #7999

• Font picker with more fonts #8012

• Font for Chinese, Japanese, and Korean #8530

• Font subsetting for SVG export #8384

• Elbow arrows #8299, #8952

• Flowcharts #8329

• Scene search #8438

• Image cropping #8613

• Element linking #8812

Breaking changes

Deprecated UMD bundle in favor of ES modules #7441, #9127

We've transitioned from UMD to ESM bundle format. Our new dist folder inside @excalidraw/excalidraw package now contains only bundled source files, making any dependencies tree-shakable. The package comes with the following structure:

Note: The structure is simplified for the sake of brevity, omitting lazy-loadable modules, including locales (previously treated as JSON assets) and source maps in the development bundle.

@excalidraw/excalidraw/
├── dist/
│   ├── dev/
│   │   ├── fonts/
│   │   ├── index.css
│   │   ├── index.js
│   │   ├── index.js.map
│   ├── prod/
│   │   ├── fonts/
│   │   ├── index.css
</tr></table> 

... (truncated)

Commits

• 817d8c5 docs: update CHANGELOG (#9243)
• 69bc5bd chore: post publish docs & examples changes (#9217)
• d587b8a fix: Do not rebind undragged elbow arrow endpoint (#9191)
• 4ec812b fix: Bound elbow arrow on duplication does not route correctly (#9236)
• a9e2d23 chore: Logging and fixing extremely large scenes (#9225)
• 70c3e92 fix: package env vars (#9221)
• d92384b revert: vite@6 -> vite@5 (#9220)
• c5d3bb0 fix: #8475 Arrow updated on both sides (#8593)
• d21c6a1 chore: bump vite@6.x (#9210)
• d1112bb fix: docked sidebar width (#9213)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mrazator, a new releaser for @​excalidraw/excalidraw since your current version.

Updates posthog-js from 1.280.0 to 1.297.2

Release notes

Sourced from posthog-js's releases.

posthog-js@1.297.2

1.297.2

Patch Changes

• Updated dependencies [83f5d07]:
  • @​posthog/core@​1.5.5

posthog-js@1.297.1

1.297.1

Patch Changes

• Updated dependencies [c242702]:
  • @​posthog/core@​1.5.4

posthog-js@1.297.0

1.297.0

Minor Changes

• #2578 91f41ee Thanks @​rafaeelaudibert! - Output confirmation log message to the user when overriding feature flags to improve user feedback on whether the action actually did something or not (2025-11-19)

Patch Changes

• #2575 8acd88f Thanks @​hpouillot! - fix frame platform property for $exception events (2025-11-19)
• Updated dependencies [8acd88f]:
  • @​posthog/core@​1.5.3

posthog-js@1.296.1

1.296.1

Patch Changes

• #2590 ab85422 Thanks @​pauldambra! - fix: don't rely on order of method calls to gate calling url

posthog-js@1.296.0

1.296.0

Minor Changes

• #2595 17d12f5 Thanks @​adboio! - fix(surveys): clean up popover surveys from dom on close

posthog-js@1.295.0

1.295.0

Minor Changes

... (truncated)

Commits

• d264b63 chore: update versions and lockfile
• 83f5d07 feat(err): add webpack plugin package (#2589)
• 599f0c0 Update generated references
• 1112e7c chore: update versions and lockfile
• c242702 feat(err): add rollup plugin package (#2587)
• 48a73df Update generated references
• 505eef6 chore: update versions and lockfile
• 1dee703 ci: Fix turbo command not found (#2602)
• 8972000 fix(node): Make sure fetch calls have no bound context (#2600)
• 05c6255 fix: add date to changelog (#2598)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: javascript. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[mergify]

Warning

This PR exceeds the recommended limit of 1,000 lines.

Large PRs are difficult to review and may be rejected due to their size.

Please verify that this PR does not address multiple issues.
Consider refactoring it into smaller, more focused PRs to facilitate a smoother review process.

[github-actions]

Dependency Review

The following issues were found:

• ❌ 4 vulnerable package(s)
• ❌ 2 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

website/pnpm-lock.yaml

Name	Version	Vulnerability	Severity
dompurify	3.1.6	DOMPurify allows Cross-site Scripting (XSS)	moderate
mermaid	10.9.3	Mermaid improperly sanitizes sequence diagram labels leading to XSS	moderate
nanoid	3.3.3	Predictable results in nanoid generation when given non-integer values	moderate
nanoid	4.0.2	Predictable results in nanoid generation when given non-integer values	moderate

Only included vulnerabilities with severity moderate or higher.

License Issues

website/pnpm-lock.yaml

Package	Version	License	Issue Type
elkjs	0.9.3	EPL-2.0	Incompatible License
pako	2.0.3	MIT AND Zlib	Incompatible License
@posthog/core	1.5.5	Null	Unknown License
posthog-js	1.297.2	Null	Unknown License

Allowed Licenses:

MIT, MIT-0, Apache-2.0, BSD-2-Clause, BSD-2-Clause-Views, BSD-3-Clause, ISC, MPL-2.0, 0BSD, Unlicense, CC0-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-3.0, Python-2.0, OFL-1.1, LicenseRef-scancode-generic-cla, LicenseRef-scancode-unknown-license-reference, LicenseRef-scancode-unicode

Scanned Files

• website/pnpm-lock.yaml

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.64%. Comparing base (755d4ee) to head (98fb8d7).
⚠️ Report is 17 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1838   +/-   ##
=======================================
  Coverage   72.63%   72.64%           
=======================================
  Files         521      521           
  Lines       49598    49598           
=======================================
+ Hits        36025    36028    +3     
+ Misses      10829    10827    -2     
+ Partials     2744     2743    -1     

Flag	Coverage Δ
unittests	72.64% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.