eloquence / lib.reviews

A free/libre code and information platform for reviews of anything
Creative Commons Zero v1.0 Universal
173 stars 13 forks source link

[Snyk] Security upgrade i18n from 0.8.3 to 0.14.0 #311

Open eloquence opened 1 year ago

eloquence commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: i18n The new version differs by 194 commits.
  • 02dd49d tests: use arrow function
  • fa50268 eslint refactor var -> const,let
  • abb05ec refactor to arrow functions
  • 5855724 drop node support < 10
  • 9e6559a Merge branch 'gajus-master'
  • 234b94b (re-)added tests fast-printf #453
  • ef5675c Merge branch 'master' of git://github.com/gajus/i18n-node into gajus-master
  • 2461a97 typo
  • 737b67d refactored test to cover mf plurals
  • 42f12d3 Merge branch 'calmonr-fix-messageformat'
  • 0faeee0 Merge branch 'fix-messageformat' of https://github.com/calmonr/i18n-node into calmonr-fix-messageformat
  • 6018b9f Merge tag '0.13.4'
  • 9683cc6 Merge branch 'release/0.13.4' into npm
  • bdce606 v0.13.4
  • 4e6963f upgrade tested
  • 3139881 save update
  • aa60ac7 upgraded devDeps
  • b6e672d Merge pull request #482 from Justman10000/patch-1
  • ed5c03f should fix coverage report
  • 10daf65 publish coverage
  • 84008b8 sad to see travis go paid only
  • d433ebe Update node.js.yml
  • 7b4a0a2 Create node.js.yml
  • 5a08ecc #486 - test path traversal vulnerability
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/eloquence/project/807bf6a0-8c80-45cd-97dc-7ce38f3725e8?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/eloquence/project/807bf6a0-8c80-45cd-97dc-7ce38f3725e8?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"2a67f88d-f930-44b1-b12f-805aeb04100c","prPublicId":"2a67f88d-f930-44b1-b12f-805aeb04100c","dependencies":[{"name":"i18n","from":"0.8.3","to":"0.14.0"}],"packageManager":"npm","projectPublicId":"807bf6a0-8c80-45cd-97dc-7ce38f3725e8","projectUrl":"https://app.snyk.io/org/eloquence/project/807bf6a0-8c80-45cd-97dc-7ce38f3725e8?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)