Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade i18n from 0.8.3 to 0.15.1 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jan 8, 2023

Snyk has created this PR to upgrade i18n from 0.8.3 to 0.15.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 19 versions ahead of your current version.
  • The recommended version was released 4 months ago, on 2022-09-22.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MINIMIST-559764
387/1000
Why? Proof of Concept exploit, CVSS 5.6
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
387/1000
Why? Proof of Concept exploit, CVSS 5.6
No Known Exploit
Prototype Pollution
SNYK-JS-MINIMIST-2429795
387/1000
Why? Proof of Concept exploit, CVSS 5.6
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: i18n
  • 0.15.1 - 2022-09-22
  • 0.15.0 - 2022-05-19

    add YAML support by parser config

  • 0.14.2 - 2022-03-05

    Fixed

    Fixes #493 - using i18n with a combination of retry and sync settings lead to a 'Maximum call stack size exceeded' exception due to an infinite loop while writing phrases to all locale files.

    const i18n = new I18n({
        // [...]
        retryInDefaultLocale: true,
        syncFiles: true,
    })
  • 0.14.1 - 2022-01-30

    Fixed

    • upgrade all dev dependencies without breaking changes
    • upgrade all dependencies without breaking changes

    This also updates to mocha 9.2.0 (mochajs/mocha#4814) which fixes GHSA-qrpm-p2h7-hrv2

  • 0.14.0 - 2022-01-23

    Changed

    • replaces sprintf-js with fast-printf #453
    • replaces deprecated messageformat with @ messageformat/core #472
    • drops node support <10
    • local dev defaults to node 16
  • 0.13.4 - 2021-12-29

    Fixed

    • upgrade all dev dependencies without breaking changes
    • upgrade all dependencies without breaking changes

    see aa60ac7, 3139881 and 4e6963f for details

    Added

    • test directory traversal (#486)
  • 0.13.3 - 2021-05-08

    Fixed

    • upgrade transitive dev dependency of eslint, mocha, zombie to lodash@4.17.21
    • upgrade transitive dev dependency of zombie to url-parse@1.5.1
    • upgrade transitive dev dependency of eslint-plugin-import to hosted-git-info@2.8.9
  • 0.13.2 - 2020-08-21

    Fixed

    • moved devDeps from dependencies to devDependencies #446
    • removed unused packages from all dependencies
  • 0.13.1 - 2020-08-20

    Fixed

    • npx npm-force-resolutions failed #445

    Details

    A preinstall script was added to force resolving specific versions of lodash and ajv. Those are sub-dependencies of zombie and its packages. Zombie is devDependency of i18n. But zombie still refers to older versions reported to vulnerable - so I decided to force fixed versions.

    Of course that preinstall should count on any npm install i18n, it's renamed to force-resolutions so I can still resolve audit issues in dev while also supporting clean installs.

    "scripts": {
      "preinstall": "npx npm-force-resolutions"
    }

    now reads as

    "scripts": {
      "force-resolutions": "npx npm-force-resolutions"
    }

    And doesn't get triggered by npm install.

  • 0.13.0 - 2020-08-20

    Added

    • new option retryInDefaultLocale as proposed by PR #206
    • new option header as proposed by PRs #390 and #407
    • pre-commit hooks to ensure code-style (even on contributions)

    Fixed

    • typos in README

    Changed

    • tooling: eslint with standard.js & prettier presets replaces jshint
  • 0.12.0 - 2020-08-16
  • 0.11.1 - 2020-08-04
  • 0.11.0 - 2020-08-03
  • 0.10.0 - 2020-05-24
  • 0.9.1 - 2020-05-03
  • 0.9.0 - 2020-04-17
  • 0.8.6 - 2020-03-17
  • 0.8.5 - 2020-01-26
  • 0.8.4 - 2019-10-24
  • 0.8.3 - 2016-06-21
from i18n GitHub release notes
Commit messages
Package name: i18n
  • c55f794 drop node < 14 on CI
  • ee598f0 fix locked version for CI
  • 866c568 Merge tag '0.15.0'
  • 04d8058 Merge branch 'release/0.15.0' into npm
  • 6628de2 0.15.0
  • cf23f42 upgrade devDeps
  • 7bddaec Merge pull request #488 from mathiashsteffensen/custom-parser
  • e55a597 Merge branch 'master' into custom-parser
  • 192086f Merge pull request #496 from mashpie/dependabot/npm_and_yarn/minimist-1.2.6
  • c09d331 Bump minimist from 1.2.5 to 1.2.6
  • 83509b8 Merge pull request #495 from pokir/patch-1
  • 2bc09df Fix comment
  • 291c0ea Merge branch 'release/0.14.2' into npm
  • 7a7ad5e Merge tag '0.14.2'
  • a210c07 version bump
  • 1d956f3 fix #493 (call stack bug) & tests
  • 388642f Merge pull request #492 from mashpie/dependabot/npm_and_yarn/url-parse-1.5.10
  • bf5525f Bump url-parse from 1.5.7 to 1.5.10
  • ce26074 Merge pull request #491 from mashpie/dependabot/npm_and_yarn/url-parse-1.5.7
  • c9e4742 Bump url-parse from 1.5.3 to 1.5.7
  • 3dcc53b Merge branch 'release/0.14.1' into npm
  • 769b804 Merge tag '0.14.1'
  • 2c90fc4 pkg updates
  • e110662 Adds fixture locale file in YAML format, so writing back to the file doesn't interfere with subsequent tests

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant