search

i18next / i18next-http-backend

i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno.
MIT License
454 stars 70 forks source link

Fix for security issues in Synk #93

Closed nandeshwarshubh closed 2 years ago

nandeshwarshubh commented 2 years ago

Hi,

The following issue was reported in Snyk for i18next-http-backend. Is there a roadmap to update the following dependency to fix the issue?

Snyk i18next-http-backend issues

Regular Expression Denial of Service (ReDoS) - i18next-http-backend@1.4.1 › cross-fetch@3.1.5 › node-fetch@2.6.7

adrai commented 2 years ago

This needs first to be addressed in cross-fetch (@lquixada) and probably also wait for the fixed v2 release in node-fetch (@westy92)

westy92 commented 2 years ago

I emailed Snyk last night about this issue. As far as I can tell, it was introduced in node-fetch 3.1.0 and doesn't affect 2.x.

adrai commented 2 years ago

I emailed Snyk last night about this issue. As far as I can tell, it was introduced in node-fetch 3.1.0 and doesn't affect 2.x.

if it's the case, this is not an issue for i18next-http-backend