Closed woutervanvliet closed 1 year ago
socket-security[bot]
commented
1 year ago New dependencies detected. Learn more about Socket for GitHub ↗︎
| Packages | Version | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|---|
| vinyl-fs | 4.0.0 | None | +23 |
971 kB | phated |
woutervanvliet
commented
1 year ago Turned out glob-stream, used by vinyl-fs, only scans from the current directory and upwards, thus not finding temporary files created by Broccoli and in turn not creating translation files.
I don't have experience with Broccoli though, so I'm a bit unsure if this change will have any implications on projects using i18next-parser with Broccoli. Added a note though to the readme file that hopefully provides enough information for Broccoli users.
karellm
commented
1 year ago Thanks! This is deployed as 8.9.0
Why am I submitting this PR
There is a high vulnerability attached to vinyl-fs' dependency tree, blocking me from being able to use this package in my own project. The automatic dependabot PR can't merge, due to changes in glob-handling, which I'm also handling in this PR.
Does it fix an existing ticket?
Yes #684
Checklist
yarn test(see details here)