Vulnerabilities in current version of i18next
krisha2 opened this issue · comments
I'm submitting a feature request
- Library Version:
3.1.4
Please tell us about your environment:
-
Operating System:
Windows 10 -
Node Version:
12.20.1
- NPM Version:
6.14.10
- JSPM OR Webpack AND Version
require
-
Browser:
all -
Language:
ESNext
Current behavior:
Vulnerabilities for i18next is reported by Snyk:
https://app.snyk.io/vuln/SNYK-JS-I18NEXT-1065979
https://app.snyk.io/vuln/SNYK-JS-I18NEXT-585930
https://app.snyk.io/vuln/SNYK-JS-I18NEXT-575536
Expected/desired behavior:
- What is the motivation / use case for changing the behavior?
All these are fixed in i18next version 19.8.5 or higher. Could this dependency be updated?
@zewa666 Do you think we can modify the our i18next dependency specification to allow >19.8.5 in general? It has been a relatively stable package wrt to the usage in aurelia-i18n. Probably we can have same version specifier for v2.
I guess the probably we could do, although it would result in a breaking change.