[Snyk] Upgrade i18n from 0.11.1 to 0.14.2

[mathild3r]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade i18n from 0.11.1 to 0.14.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-03-05.

Release notes

Package name: i18n

• 0.14.2 - 2022-03-05
  

  Fixed

  Fixes #493 - using i18n with a combination of retry and sync settings lead to a 'Maximum call stack size exceeded' exception due to an infinite loop while writing phrases to all locale files.

  const i18n = new I18n({
      // [...]
      retryInDefaultLocale: true,
      syncFiles: true,
  })

• 0.14.1 - 2022-01-30
  

  Fixed

  • upgrade all dev dependencies without breaking changes
  • upgrade all dependencies without breaking changes

  This also updates to mocha 9.2.0 (mochajs/mocha#4814) which fixes GHSA-qrpm-p2h7-hrv2

• 0.14.0 - 2022-01-23
  

  Changed

  • replaces sprintf-js with fast-printf #453
  • replaces deprecated messageformat with @ messageformat/core #472
  • drops node support <10
  • local dev defaults to node 16
• 0.13.4 - 2021-12-29
  

  Fixed

  • upgrade all dev dependencies without breaking changes
  • upgrade all dependencies without breaking changes

  see aa60ac7, 3139881 and 4e6963f for details

  Added

  • test directory traversal (#486)
• 0.13.3 - 2021-05-08
  

  Fixed

  • upgrade transitive dev dependency of eslint, mocha, zombie to lodash@4.17.21
  • upgrade transitive dev dependency of zombie to url-parse@1.5.1
  • upgrade transitive dev dependency of eslint-plugin-import to hosted-git-info@2.8.9
• 0.13.2 - 2020-08-21
  

  Fixed

  • moved devDeps from dependencies to devDependencies #446
  • removed unused packages from all dependencies
• 0.13.1 - 2020-08-20
  

  Fixed

  • npx npm-force-resolutions failed #445

  Details

  A preinstall script was added to force resolving specific versions of lodash and ajv. Those are sub-dependencies of zombie and its packages. Zombie is devDependency of i18n. But zombie still refers to older versions reported to vulnerable - so I decided to force fixed versions.

  Of course that preinstall should count on any npm install i18n, it's renamed to force-resolutions so I can still resolve audit issues in dev while also supporting clean installs.

  "scripts": {
    "preinstall": "npx npm-force-resolutions"
  }

  now reads as

  "scripts": {
    "force-resolutions": "npx npm-force-resolutions"
  }

  And doesn't get triggered by npm install.

• 0.13.0 - 2020-08-20
  

  Added

  • new option retryInDefaultLocale as proposed by PR #206
  • new option header as proposed by PRs #390 and #407
  • pre-commit hooks to ensure code-style (even on contributions)

  Fixed

  • typos in README

  Changed

  • tooling: eslint with standard.js & prettier presets replaces jshint
• 0.12.0 - 2020-08-16
  

  Added

  • backward compatible default to singleton with const i18n = require('i18n')
  • create an instance of i18n by const i18n = new I18n()

  Example:

  /**
  * require I18n with capital I as constructor
  */
  const { I18n } = require("i18n");

/**
* create a new instance with it's configuration
*/
const i18n = new I18n({
locales:['en', 'de'],
directory: __dirname + '/locales'
});

0.11.1 - 2020-08-04

Fixed

• dependabot bumbed minimist

---

Minimist is a sub-dependency of mocha and messageformat:

$ npm ls minimist
i18n@0.11.0 
├─┬ messageformat@2.3.0
│ └─┬ make-plural@4.3.0
│   └── minimist@1.2.5
└─┬ mocha@7.1.2
  └─┬ mkdirp@0.5.5
    └── minimist@1.2.5  deduped

from i18n GitHub release notes

Commit messages

Package name: i18n

• 1d956f3 fix An in-range update of standard is breaking the build 🚨 juice-shop/juice-shop#493 (call stack bug) & tests
• 388642f Merge pull request Replaced Apple Pressings Image juice-shop/juice-shop#492 from mashpie/dependabot/npm_and_yarn/url-parse-1.5.10
• bf5525f Bump url-parse from 1.5.7 to 1.5.10
• ce26074 Merge pull request Replaced necessary product images juice-shop/juice-shop#491 from mashpie/dependabot/npm_and_yarn/url-parse-1.5.7
• c9e4742 Bump url-parse from 1.5.3 to 1.5.7
• 769b804 Merge tag '0.14.1'
• 3dcc53b Merge branch 'release/0.14.1' into npm
• 2c90fc4 pkg updates
• 995392d version bump
• 02dd49d tests: use arrow function
• fa50268 eslint refactor var -> const,let
• abb05ec refactor to arrow functions
• 5855724 drop node support < 10
• 9e6559a Merge branch 'gajus-master'
• 234b94b (re-)added tests fast-printf Update jasmine to the latest version 🚀 juice-shop/juice-shop#453
• ef5675c Merge branch 'master' of git://github.com/gajus/i18n-node into gajus-master
• 2461a97 typo
• 737b67d refactored test to cover mf plurals
• 42f12d3 Merge branch 'calmonr-fix-messageformat'
• 0faeee0 Merge branch 'fix-messageformat' of https://github.com/calmonr/i18n-node into calmonr-fix-messageformat
• 6018b9f Merge tag '0.13.4'
• 9683cc6 Merge branch 'release/0.13.4' into npm
• bdce606 v0.13.4
• 4e6963f upgrade tested

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs