search

i18next / react-i18next

Internationalization for react done right. Using the i18next i18n ecosystem.
https://react.i18next.com
MIT License
9.32k stars 1.03k forks source link

chore: update babel-plugin-tester to v11 #1784

Closed ripecosta closed 3 months ago

ripecosta commented 3 months ago

Description

Updates babel-plugin-tester to v11 (latest)

Checklist

socket-security[bot] commented 3 months ago

Report too large to display inline

View full report↗︎

coveralls commented 3 months ago

Coverage Status

coverage: 97.094%. remained the same when pulling 6a6e3ab538eb1f8901850eee24c72118fea81d99 on ripecosta:rc/babel-tester into 35b4821c753ed3a9679e580591e5c3ece2a9c430 on i18next:master.

socket-security[bot] commented 3 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Known Malware npm/fsevents@1.2.4
  • Note: This package downloads prebuilt artifacts from a domain which has been compromised. Your system may be infected if you installed this package prior to April 27, 2023
 🚫
Install scripts npm/fsevents@1.2.4
  • Install script: install
  • Source: node install
 🚫

View full report↗︎

Next steps

What is known malware?

This package is malware. We have asked the package registry to remove it.

It is strongly recommended that malware is removed from your codebase.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/fsevents@1.2.4