Vulnerabilities in current version of i18next

Question

Vulnerabilities in current version of i18next

krisha2 opened this issue 3 years ago · comments

krisha2 commented 3 years ago

I'm submitting a feature request

Library Version:
3.1.4

Please tell us about your environment:

Operating System:
Windows 10
Node Version:
12.20.1

NPM Version:
6.14.10

JSPM OR Webpack AND Version
require

Browser:
all
Language:
ESNext

Current behavior:
Vulnerabilities for i18next is reported by Snyk:
https://app.snyk.io/vuln/SNYK-JS-I18NEXT-1065979
https://app.snyk.io/vuln/SNYK-JS-I18NEXT-585930
https://app.snyk.io/vuln/SNYK-JS-I18NEXT-575536

Expected/desired behavior:

What is the motivation / use case for changing the behavior?
All these are fixed in i18next version 19.8.5 or higher. Could this dependency be updated?

Sayan Pal · Answer 1 · Sat Apr 24 2021 19:31:26 GMT+0800 (China Standard Time)

@zewa666 Do you think we can modify the our i18next dependency specification to allow >19.8.5 in general? It has been a relatively stable package wrt to the usage in aurelia-i18n. Probably we can have same version specifier for v2.

Vildan Softic · Answer 2 · Sat Apr 24 2021 20:39:52 GMT+0800 (China Standard Time)

I guess the probably we could do, although it would result in a breaking change.