search

i18next / react-i18next

Internationalization for react done right. Using the i18next i18n ecosystem.
https://react.i18next.com
MIT License
9.32k stars 1.03k forks source link

chore: update test deps #1782

Closed ripecosta closed 3 months ago

ripecosta commented 3 months ago

 Description

Update all test related dependencies possible at this stage. See comments for more info.

Checklist

coveralls commented 3 months ago

Coverage Status

coverage: 97.094% (-0.08%) from 97.17% when pulling 56395fb94fe1208cbdfddd5ef030242f7eaf52d9 on ripecosta:rc/update-tests into 8a1ebc83c9168c6be3e5f47eab9c8f37efd51238 on i18next:master.

adrai commented 3 months ago

IMHO I think it would be better if react and @types/react have a more recent version, I would go with v18.

This means that we can use more recent version of other test dependencies, as stated in @ripecosta's comments.

What do you think @adrai?

Yes, we can update to v18

ripecosta commented 3 months ago

Sounds good @adrai @marcalexiei. In that case for this PR I'll keep @testing-library/react-hooks at v7 so we can upgrade react in it's own PR. I will require releasing a new major version too so it's another reason to keep it separate.

socket-security[bot] commented 3 months ago

Report too large to display inline

View full report↗︎

socket-security[bot] commented 3 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Install scripts npm/fsevents@1.2.13
  • Install script: install
  • Source: node install.js
 🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/fsevents@1.2.13