Vulnerabilities in current version of i18next

[krisha2]

I'm submitting a feature request

• Library Version: 3.1.4

Please tell us about your environment:

• Operating System: Windows 10

• Node Version: 12.20.1

• NPM Version: 6.14.10

• JSPM OR Webpack AND Version require

• Browser: all

• Language: ESNext

Current behavior: Vulnerabilities for i18next is reported by Snyk: https://app.snyk.io/vuln/SNYK-JS-I18NEXT-1065979 https://app.snyk.io/vuln/SNYK-JS-I18NEXT-585930 https://app.snyk.io/vuln/SNYK-JS-I18NEXT-575536

Expected/desired behavior:

• What is the motivation / use case for changing the behavior? All these are fixed in i18next version 19.8.5 or higher. Could this dependency be updated?

[Sayan751]

@zewa666 Do you think we can modify the our i18next dependency specification to allow >19.8.5 in general? It has been a relatively stable package wrt to the usage in aurelia-i18n. Probably we can have same version specifier for v2.

[zewa666]

I guess the probably we could do, although it would result in a breaking change.