[Snyk] Upgrade i18n from 0.11.1 to 0.15.1

[bugtestingbb]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade i18n from 0.11.1 to 0.15.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

- The recommended version is **11 versions** ahead of your current version. - The recommended version was released **8 months ago**, on 2022-09-22.

Release notes

Package name: i18n

• 0.15.1 - 2022-09-22
• 0.15.0 - 2022-05-19
  

  add YAML support by parser config

    </li>
    <li>
      <b>0.14.2</b> - <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases/tag/0.14.2">2022-03-05</a></br><h1>Fixed</h1>

  Fixes #493 - using i18n with a combination of retry and sync settings lead to a 'Maximum call stack size exceeded' exception due to an infinite loop while writing phrases to all locale files.

  const i18n = new I18n({
  // [...]
  retryInDefaultLocale: true,
  syncFiles: true,
  })

• 0.14.1 - 2022-01-30
  

  Fixed

  • upgrade all dev dependencies without breaking changes
  • upgrade all dependencies without breaking changes

  This also updates to mocha 9.2.0 (mochajs/mocha#4814) which fixes GHSA-qrpm-p2h7-hrv2

  <li>
    <b>0.14.0</b> - <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases/tag/0.14.0">2022-01-23</a></br><h1>Changed</h1>

• replaces sprintf-js with fast-printf #453
• replaces deprecated messageformat with @ messageformat/core #472
• drops node support <10
• local dev defaults to node 16

  </li>
  <li>
    <b>0.13.4</b> - <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases/tag/0.13.4">2021-12-29</a></br><h1>Fixed</h1>

• upgrade all dev dependencies without breaking changes
• upgrade all dependencies without breaking changes

see aa60ac7, 3139881 and 4e6963f for details

Added

• test directory traversal (#486)

  </li>
  <li>
    <b>0.13.3</b> - <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases/tag/0.13.3">2021-05-08</a></br><h1>Fixed</h1>

• upgrade transitive dev dependency of eslint, mocha, zombie to lodash@4.17.21
• upgrade transitive dev dependency of zombie to url-parse@1.5.1
• upgrade transitive dev dependency of eslint-plugin-import to hosted-git-info@2.8.9

  </li>
  <li>
    <b>0.13.2</b> - <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases/tag/0.13.2">2020-08-21</a></br><h1>Fixed</h1>

• moved devDeps from dependencies to devDependencies #446
• removed unused packages from all dependencies

  </li>
  <li>
    <b>0.13.1</b> - <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases/tag/0.13.1">2020-08-20</a></br><h1>Fixed</h1>

• npx npm-force-resolutions failed #445

Details

A preinstall script was added to force resolving specific versions of lodash and ajv. Those are sub-dependencies of zombie and its packages. Zombie is devDependency of i18n. But zombie still refers to older versions reported to vulnerable - so I decided to force fixed versions.

Of course that preinstall should count on any npm install i18n, it's renamed to force-resolutions so I can still resolve audit issues in dev while also supporting clean installs.

"scripts": {
"preinstall": "npx npm-force-resolutions"
}

now reads as

"scripts": {
"force-resolutions": "npx npm-force-resolutions"
}

And doesn't get triggered by npm install.

  </li>
  <li>
    <b>0.13.0</b> - <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases/tag/0.13.0">2020-08-20</a></br><h1>Added</h1>

• new option retryInDefaultLocale as proposed by PR #206
• new option header as proposed by PRs #390 and #407
• pre-commit hooks to ensure code-style (even on contributions)

Fixed

• typos in README

Changed

• tooling: eslint with standard.js & prettier presets replaces jshint

  </li>
  <li>
    <b>0.12.0</b> - 2020-08-16
  </li>
  <li>
    <b>0.11.1</b> - 2020-08-04
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/mashpie/i18n-node/releases">i18n GitHub release notes</a>

Commit messages

Package name: i18n

• c55f794 drop node < 14 on CI
• ee598f0 fix locked version for CI
• 866c568 Merge tag '0.15.0'
• 04d8058 Merge branch 'release/0.15.0' into npm
• 6628de2 0.15.0
• cf23f42 upgrade devDeps
• 7bddaec Merge pull request #488 from mathiashsteffensen/custom-parser
• e55a597 Merge branch 'master' into custom-parser
• 192086f Merge pull request #496 from mashpie/dependabot/npm_and_yarn/minimist-1.2.6
• c09d331 Bump minimist from 1.2.5 to 1.2.6
• 83509b8 Merge pull request #495 from pokir/patch-1
• 2bc09df Fix comment
• 291c0ea Merge branch 'release/0.14.2' into npm
• 7a7ad5e Merge tag '0.14.2'
• a210c07 version bump
• 1d956f3 fix #493 (call stack bug) & tests
• 388642f Merge pull request #492 from mashpie/dependabot/npm_and_yarn/url-parse-1.5.10
• bf5525f Bump url-parse from 1.5.7 to 1.5.10
• ce26074 Merge pull request #491 from mashpie/dependabot/npm_and_yarn/url-parse-1.5.7
• c9e4742 Bump url-parse from 1.5.3 to 1.5.7
• 3dcc53b Merge branch 'release/0.14.1' into npm
• 769b804 Merge tag '0.14.1'
• 2c90fc4 pkg updates
• e110662 Adds fixture locale file in YAML format, so writing back to the file doesn't interfere with subsequent tests

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication