search

intlify / vue-cli-plugin-i18n

:globe_with_meridians: Vue CLI plugin to add vue-i18n to your Vue Project
MIT License
196 stars 41 forks source link

Bump vue-i18n-extract to version 1.2.3 #279

Closed mateuscruz closed 1 year ago

mateuscruz commented 2 years ago

Version 1.0.2 depends on dot-object@^1.7.1 which is vulnerable to prototype pollution.

Closes #262

trim0039 commented 2 years ago

Any idea when this will be reviewed?

mateuscruz commented 2 years ago

@trim0039 it looks like this project is abandoned. The latest PR merge, excluding dependabot updates, was done last year (#253), that's over 8 months ago. I wrote the PR because it was a very simple change. I wouldn't count on it being merged anytime soon.

What I did on my repos was to update the references in package.json to my cloned repo like this (I use yarn):

"vue-cli-plugin-i18n": "mateuscruz/vue-cli-plugin-i18n#bump-vue-i18n-extract"

I use it as a dev dependency so I don't anticipate any issues with it that could affect production. Use it with caution if you need it on production.

I'll keep my cloned repo and branch online until this is merged.

gazben commented 1 year ago

We ran into the same reporting after a dependency update.

@kazupon Can you merge this? It would be much appriciated.

sbourouis commented 1 year ago

@kazupon any progress on this, this would be much needed 🙏

mateuscruz commented 1 year ago

Thanks for merging @kazupon! For those who are using my branch as a temp workaround, I'll delete this branch on April 27th.