Replace unmaintained i18n-ally extension for Sherlock

[felixhaeberle]

This PR aims to replace the unmaintained i18n-ally extension for Sherlock.

https://marketplace.visualstudio.com/items?itemName=inlang.vs-code-extension

Sherlock is a new & lightweight library for VS Code which offers the same functionalities & is well maintained.

Feel free to request changes in order to get this merged.

[vercel[bot]]

@felixhaeberle is attempting to deploy a commit to the Ixartz's projects Team on Vercel.

A member of the Team first needs to authorize it.

[ixartz]

@felixhaeberle Thank you for your PR. Unfortunately, i18n-ally has still more features: https://github.com/lokalise/i18n-ally/pull/1048#issuecomment-2110462158

Not a huge fan about the inlang folder, the configuration of the extension should be done directly in VSCode and not in a new folder. It seems the extension was built for inlang project and not for next-intl.

Another thing project.inlang/project_id file, how this value is generated?

[felixhaeberle]

@ixartz

i18n-ally has still more features

What features do you miss in Sherlock that i18n-ally provides? We're keen to build them for you, and are fast to do so.

Not a huge fan about the inlang folder, the configuration of the extension should be done directly in VSCode

What is the downside of having this folder?

"done directly in VSCode" -> the .inlang folder is exactly that, configuration as code inside your project in VSCode

But its not only that, you get the possibility to join the inlang ecosystem with lots of i18n apps all working seamlessly together, like Fink – a git based i18n editor. Or have you already seen Ninja – GitHub action which saves you from broken / missing translations.

It seems the extension was built for inlang project and not for next-intl.

Sherlock is built completely unopinionated, supporting a wide margin of libraries.

Links See: https://inlang.com/m/r7kp499g/app-inlang-ideExtension/supported-i18n-libraries And even the nex-intl docs recommend Sherlock: https://next-intl-docs.vercel.app/docs/workflows/vscode-integration#sherlock

Another thing project.inlang/project_id file, how this value is generated?

This value is based on the first git commit hash & needed for internal processing of a project inside a repository, as all inlang ecosystem tools build on top of git.

[ixartz]

I also join the opinion shared on this discussion: https://github.com/lokalise/i18n-ally/pull/1048, several people has tried the extension

Having the .inlang folder makes the Sherlock opinionated. You are somehow "required" to join the inlang ecosystem.

For all the extensions suggested by the project, all the configurations happens in .vscode and there is not need to have extra files or folders outside of .vscode folder.

The author of next-intl himself still have a preference for i18n-ally: https://github.com/lokalise/i18n-ally/pull/1048#issuecomment-2110462158

[felixhaeberle]

I also join the opinion shared on this discussion: https://github.com/lokalise/i18n-ally/pull/1048, several people has tried the extension

You mean this one? https://github.com/lokalise/i18n-ally/pull/1048#issuecomment-2093253531

Having the .inlang folder makes the Sherlock opinionated. You are somehow "required" to join the inlang ecosystem.

There is really no downside to it. It completely free & open source, has good support and a active discord with 24/7 support right at your fingertips. If you think about it, i18n-ally also does settings in the setting.json of VS Code, with the difference that for Sherlock you have a different settings.json, making it possible to use all the other tools in the inlang ecosystem.

The author of next-intl himself still have a preference for i18n-ally: https://github.com/lokalise/i18n-ally/pull/1048#issuecomment-2110462158

I don't know. The linked comment was regarding the plugin support of next-intl in i18n-ally vs the custom one – not compared to Sherlock. We support the latest next-intl syntax and in terms of parsing source code, you get better results.

Apart from that, your users get a maintained VS Code extension, machine translations via the inlang CLI, and CI/CD i18n checking with Ninja & lots more. https://inlang.com/c/apps

It's a bit strange to trust an unmaintained solution that sooner or later will introduce security issues (especially crucial for a SAAS boilerplate which recommends this) based on that fact instead of a new & thriving extension where they can wish for everything they want; issues open: https://github.com/opral/inlang-sherlock

i18n ally audit report: 106 vulnerabilities (60 moderate, 42 high, 4 critical)

# npm audit report @antfu/utils <0.7.3 Severity: moderate antfu/utils vulnerable to prototype pollution - https://github.com/advisories/GHSA-p2fh-2h23-6grg fix available via `npm audit fix --force` Will install @antfu/utils@0.7.8, which is a breaking change node_modules/@antfu/utils @babel/traverse <7.23.2 Severity: critical Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92 fix available via `npm audit fix` node_modules/@babel/traverse ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0 Severity: high Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix` node_modules/ansi-align/node_modules/ansi-regex node_modules/ansi-regex node_modules/strip-ansi/node_modules/ansi-regex node_modules/webpack-cli/node_modules/ansi-regex axios <=0.27.2 Severity: high axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx fix available via `npm audit fix` node_modules/axios browserify-sign 2.6.0 - 4.2.1 Severity: high browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw fix available via `npm audit fix` node_modules/browserify-sign decode-uri-component <0.2.1 Severity: high decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq fix available via `npm audit fix` node_modules/decode-uri-component dot-prop <4.2.1 Severity: high dot-prop Prototype Pollution vulnerability - https://github.com/advisories/GHSA-ff7x-qrg7-qggm fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/dot-prop compare-func <=1.3.4 Depends on vulnerable versions of dot-prop node_modules/compare-func conventional-changelog-angular 0.0.1 - 5.0.10 Depends on vulnerable versions of compare-func node_modules/conventional-changelog-angular conventional-changelog 1.0.0 - 2.0.3 Depends on vulnerable versions of conventional-changelog-angular node_modules/conventional-changelog conventional-github-releaser >=1.1.0 Depends on vulnerable versions of conventional-changelog Depends on vulnerable versions of gh-got Depends on vulnerable versions of git-semver-tags Depends on vulnerable versions of semver-regex node_modules/conventional-github-releaser follow-redirects <=1.15.5 Severity: high Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp fix available via `npm audit fix` node_modules/follow-redirects get-func-name <2.0.1 Severity: high Chaijs/get-func-name vulnerable to ReDoS - https://github.com/advisories/GHSA-4q6p-r6v2-jvc5 fix available via `npm audit fix` node_modules/get-func-name glob-parent <5.1.2 Severity: high glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install webpack@5.91.0, which is a breaking change node_modules/@parcel/watcher/node_modules/glob-parent node_modules/parcel-bundler/node_modules/glob-parent node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/@parcel/watcher/node_modules/chokidar node_modules/watchpack-chokidar2/node_modules/chokidar @parcel/watcher <=1.12.1 Depends on vulnerable versions of chokidar node_modules/@parcel/watcher parcel-bundler * Depends on vulnerable versions of @parcel/watcher Depends on vulnerable versions of css-modules-loader-core Depends on vulnerable versions of cssnano Depends on vulnerable versions of fast-glob Depends on vulnerable versions of node-forge Depends on vulnerable versions of postcss Depends on vulnerable versions of terser node_modules/parcel-bundler parcel-plugin-inliner * Depends on vulnerable versions of parcel-bundler node_modules/parcel-plugin-inliner watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.47.0 Depends on vulnerable versions of watchpack node_modules/webpack fast-glob <=2.2.7 Depends on vulnerable versions of glob-parent node_modules/parcel-bundler/node_modules/fast-glob got <=11.8.3 Severity: high Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 Depends on vulnerable versions of cacheable-request fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/got node_modules/package-json/node_modules/got gh-got <=9.0.0 Depends on vulnerable versions of got node_modules/gh-got package-json <=6.5.0 Depends on vulnerable versions of got node_modules/package-json latest-version 0.2.0 - 5.1.0 Depends on vulnerable versions of package-json node_modules/latest-version update-notifier 0.2.0 - 5.1.0 Depends on vulnerable versions of latest-version node_modules/update-notifier nodemon 1.3.5 - 2.0.16 || 2.0.18 Depends on vulnerable versions of update-notifier node_modules/nodemon http-cache-semantics <4.1.1 Severity: high http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/http-cache-semantics node_modules/package-json/node_modules/http-cache-semantics cacheable-request 0.1.0 - 2.1.4 Depends on vulnerable versions of http-cache-semantics node_modules/cacheable-request jsdom <=16.5.3 Severity: moderate Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-native Depends on vulnerable versions of tough-cookie fix available via `npm audit fix` node_modules/jsdom uncss >=0.7.0 Depends on vulnerable versions of jsdom Depends on vulnerable versions of postcss Depends on vulnerable versions of request node_modules/uncss htmlnano >=0.1.1 Depends on vulnerable versions of cssnano Depends on vulnerable versions of purgecss Depends on vulnerable versions of svgo Depends on vulnerable versions of uncss node_modules/htmlnano json-schema <0.4.0 Severity: critical json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/jsprim json5 <1.0.2 || >=2.0.0 <2.2.2 Severity: high Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h fix available via `npm audit fix` node_modules/json5 node_modules/loader-utils/node_modules/json5 node_modules/parcel-bundler/node_modules/json5 loader-utils <=1.4.1 || 2.0.0 - 2.0.3 Severity: critical Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g fix available via `npm audit fix` node_modules/loader-utils node_modules/ts-loader/node_modules/loader-utils lodash.template * Severity: high Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm fix available via `npm audit fix` node_modules/lodash.template git-raw-commits 0.0.6 - 2.0.9 Depends on vulnerable versions of lodash.template Depends on vulnerable versions of meow node_modules/git-raw-commits conventional-changelog-core <=4.2.1 Depends on vulnerable versions of git-raw-commits Depends on vulnerable versions of git-semver-tags node_modules/conventional-changelog-core markdown-it <12.3.2 Severity: moderate Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c fix available via `npm audit fix --force` Will install vsce@2.15.0, which is a breaking change node_modules/markdown-it vsce 1.26.0 - 2.6.3 Depends on vulnerable versions of markdown-it node_modules/vsce minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3 fix available via `npm audit fix --force` Will install mocha@10.4.0, which is a breaking change node_modules/minimatch mocha 5.1.0 - 9.2.1 Depends on vulnerable versions of minimatch Depends on vulnerable versions of nanoid node_modules/mocha nanoid 3.0.0 - 3.1.30 Severity: moderate Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2 fix available via `npm audit fix --force` Will install mocha@10.4.0, which is a breaking change node_modules/mocha/node_modules/nanoid node_modules/nanoid node-fetch <2.6.7 Severity: high node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g fix available via `npm audit fix` node_modules/node-fetch node-forge <=1.2.1 Severity: high Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g No fix available node_modules/node-forge nth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via `npm audit fix` node_modules/cheerio-select/node_modules/nth-check node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo postcss-svgo <=5.0.0-rc.2 Depends on vulnerable versions of postcss Depends on vulnerable versions of svgo node_modules/postcss-svgo postcss <=8.4.30 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3 Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j No fix available node_modules/@vue/component-compiler-utils/node_modules/postcss node_modules/css-declaration-sorter/node_modules/postcss node_modules/css-modules-loader-core/node_modules/postcss node_modules/cssnano-preset-default/node_modules/postcss node_modules/cssnano-util-raw-cache/node_modules/postcss node_modules/cssnano/node_modules/postcss node_modules/parcel-bundler/node_modules/postcss node_modules/postcss node_modules/postcss-calc/node_modules/postcss node_modules/postcss-colormin/node_modules/postcss node_modules/postcss-convert-values/node_modules/postcss node_modules/postcss-discard-comments/node_modules/postcss node_modules/postcss-discard-duplicates/node_modules/postcss node_modules/postcss-discard-empty/node_modules/postcss node_modules/postcss-discard-overridden/node_modules/postcss node_modules/postcss-merge-longhand/node_modules/postcss node_modules/postcss-merge-rules/node_modules/postcss node_modules/postcss-minify-font-values/node_modules/postcss node_modules/postcss-minify-gradients/node_modules/postcss node_modules/postcss-minify-params/node_modules/postcss node_modules/postcss-minify-selectors/node_modules/postcss node_modules/postcss-modules-extract-imports/node_modules/postcss node_modules/postcss-modules-local-by-default/node_modules/postcss node_modules/postcss-modules-scope/node_modules/postcss node_modules/postcss-modules-values/node_modules/postcss node_modules/postcss-normalize-charset/node_modules/postcss node_modules/postcss-normalize-display-values/node_modules/postcss node_modules/postcss-normalize-positions/node_modules/postcss node_modules/postcss-normalize-repeat-style/node_modules/postcss node_modules/postcss-normalize-string/node_modules/postcss node_modules/postcss-normalize-timing-functions/node_modules/postcss node_modules/postcss-normalize-unicode/node_modules/postcss node_modules/postcss-normalize-url/node_modules/postcss node_modules/postcss-normalize-whitespace/node_modules/postcss node_modules/postcss-ordered-values/node_modules/postcss node_modules/postcss-reduce-initial/node_modules/postcss node_modules/postcss-reduce-transforms/node_modules/postcss node_modules/postcss-svgo/node_modules/postcss node_modules/postcss-unique-selectors/node_modules/postcss node_modules/purgecss/node_modules/postcss node_modules/stylehacks/node_modules/postcss node_modules/uncss/node_modules/postcss @vue/component-compiler-utils * Depends on vulnerable versions of postcss node_modules/@vue/component-compiler-utils vue-i18n-locale-message <=1.16.0 Depends on vulnerable versions of @vue/component-compiler-utils node_modules/vue-i18n-locale-message css-declaration-sorter <=5.1.2 Depends on vulnerable versions of postcss node_modules/css-declaration-sorter css-modules-loader-core * Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-modules-extract-imports Depends on vulnerable versions of postcss-modules-local-by-default Depends on vulnerable versions of postcss-modules-scope Depends on vulnerable versions of postcss-modules-values node_modules/css-modules-loader-core cssnano <=4.1.11 Depends on vulnerable versions of cssnano-preset-default Depends on vulnerable versions of postcss node_modules/cssnano cssnano-preset-default <=4.0.8 Depends on vulnerable versions of css-declaration-sorter Depends on vulnerable versions of cssnano-util-raw-cache Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-calc Depends on vulnerable versions of postcss-colormin Depends on vulnerable versions of postcss-convert-values Depends on vulnerable versions of postcss-discard-comments Depends on vulnerable versions of postcss-discard-duplicates Depends on vulnerable versions of postcss-discard-empty Depends on vulnerable versions of postcss-discard-overridden Depends on vulnerable versions of postcss-merge-longhand Depends on vulnerable versions of postcss-merge-rules Depends on vulnerable versions of postcss-minify-font-values Depends on vulnerable versions of postcss-minify-gradients Depends on vulnerable versions of postcss-minify-params Depends on vulnerable versions of postcss-minify-selectors Depends on vulnerable versions of postcss-normalize-charset Depends on vulnerable versions of postcss-normalize-display-values Depends on vulnerable versions of postcss-normalize-positions Depends on vulnerable versions of postcss-normalize-repeat-style Depends on vulnerable versions of postcss-normalize-string Depends on vulnerable versions of postcss-normalize-timing-functions Depends on vulnerable versions of postcss-normalize-unicode Depends on vulnerable versions of postcss-normalize-url Depends on vulnerable versions of postcss-normalize-whitespace Depends on vulnerable versions of postcss-ordered-values Depends on vulnerable versions of postcss-reduce-initial Depends on vulnerable versions of postcss-reduce-transforms Depends on vulnerable versions of postcss-svgo Depends on vulnerable versions of postcss-unique-selectors node_modules/cssnano-preset-default cssnano-util-raw-cache * Depends on vulnerable versions of postcss node_modules/cssnano-util-raw-cache postcss-calc 4.1.0 - 7.0.5 Depends on vulnerable versions of postcss node_modules/postcss-calc postcss-colormin <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-colormin postcss-convert-values <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-convert-values postcss-discard-comments <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-comments postcss-discard-duplicates 1.1.0 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-duplicates postcss-discard-empty 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-empty postcss-discard-overridden <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-overridden postcss-merge-longhand <=4.0.11 Depends on vulnerable versions of postcss Depends on vulnerable versions of stylehacks node_modules/postcss-merge-longhand postcss-merge-rules <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-merge-rules postcss-minify-font-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-font-values postcss-minify-gradients <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-gradients postcss-minify-params <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-params postcss-minify-selectors <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-selectors postcss-modules-extract-imports <=1.2.1 Depends on vulnerable versions of postcss node_modules/postcss-modules-extract-imports postcss-modules-local-by-default <=1.2.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-local-by-default postcss-modules-scope <=1.1.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-scope postcss-modules-values <=1.3.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-values postcss-normalize-charset <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-charset postcss-normalize-display-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-display-values postcss-normalize-positions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-positions postcss-normalize-repeat-style <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-repeat-style postcss-normalize-string <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-string postcss-normalize-timing-functions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-timing-functions postcss-normalize-unicode <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-unicode postcss-normalize-url 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-url postcss-normalize-whitespace <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-whitespace postcss-ordered-values <=4.1.2 Depends on vulnerable versions of postcss node_modules/postcss-ordered-values postcss-reduce-initial <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-reduce-initial postcss-reduce-transforms <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-reduce-transforms postcss-unique-selectors <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-unique-selectors purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0 Depends on vulnerable versions of postcss node_modules/purgecss stylehacks <=4.0.3 Depends on vulnerable versions of postcss node_modules/stylehacks pug <=3.0.2 Severity: high Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597 fix available via `npm audit fix` node_modules/pug qs 6.5.0 - 6.5.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via `npm audit fix` node_modules/request/node_modules/qs request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie fix available via `npm audit fix` node_modules/request request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core Depends on vulnerable versions of tough-cookie node_modules/request-promise-native semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via `npm audit fix` node_modules/@babel/core/node_modules/semver node_modules/@babel/eslint-parser/node_modules/semver node_modules/@babel/helper-compilation-targets/node_modules/semver node_modules/@babel/helper-define-polyfill-provider/node_modules/semver node_modules/@babel/preset-env/node_modules/semver node_modules/babel-plugin-polyfill-corejs2/node_modules/semver node_modules/conventional-changelog-writer/node_modules/read-pkg/node_modules/semver node_modules/conventional-changelog-writer/node_modules/semver node_modules/conventional-commits-parser/node_modules/read-pkg/node_modules/semver node_modules/conventional-github-releaser/node_modules/semver node_modules/conventional-recommended-bump/node_modules/read-pkg/node_modules/semver node_modules/conventional-recommended-bump/node_modules/semver node_modules/core-js-compat/node_modules/semver node_modules/eslint-plugin-node/node_modules/semver node_modules/find-cache-dir/node_modules/semver node_modules/git-semver-tags/node_modules/semver node_modules/jsonc-eslint-parser/node_modules/semver node_modules/make-dir/node_modules/semver node_modules/nodemon/node_modules/semver node_modules/normalize-package-data/node_modules/semver node_modules/npm-run-all/node_modules/semver node_modules/package-json/node_modules/semver node_modules/parcel-bundler/node_modules/semver node_modules/parse-semver/node_modules/semver node_modules/semver-diff/node_modules/semver node_modules/standard-version/node_modules/conventional-changelog-writer/node_modules/read-pkg/node_modules/semver node_modules/standard-version/node_modules/conventional-changelog-writer/node_modules/semver node_modules/standard-version/node_modules/git-raw-commits/node_modules/semver node_modules/standard-version/node_modules/git-semver-tags/node_modules/read-pkg/node_modules/semver node_modules/standard-version/node_modules/git-semver-tags/node_modules/semver node_modules/stylus/node_modules/semver node_modules/vsce/node_modules/semver node_modules/vue-eslint-parser/node_modules/semver node_modules/webpack-cli/node_modules/semver core-js-compat 3.6.0 - 3.25.0 Depends on vulnerable versions of semver node_modules/core-js-compat semver-regex <=3.1.3 Severity: high semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/semver-regex tar <6.2.1 Severity: moderate Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36 fix available via `npm audit fix` node_modules/tar terser >=5.0.0 <5.14.2 || <4.8.1 Severity: high Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc No fix available node_modules/htmlnano/node_modules/terser node_modules/terser node_modules/terser-webpack-plugin/node_modules/terser tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 fix available via `npm audit fix` node_modules/tough-cookie trim-newlines <3.0.1 Severity: high Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/get-pkg-repo/node_modules/trim-newlines node_modules/git-raw-commits/node_modules/trim-newlines node_modules/git-semver-tags/node_modules/trim-newlines meow 3.4.0 - 5.0.0 Depends on vulnerable versions of trim-newlines node_modules/get-pkg-repo/node_modules/meow node_modules/git-raw-commits/node_modules/meow node_modules/git-semver-tags/node_modules/meow git-semver-tags 1.3.4 - 3.0.1 Depends on vulnerable versions of meow node_modules/git-semver-tags trim-off-newlines <1.0.3 Severity: moderate Uncontrolled Resource Consumption in trim-off-newlines - https://github.com/advisories/GHSA-38fc-wpqx-33j7 fix available via `npm audit fix` node_modules/trim-off-newlines 106 vulnerabilities (60 moderate, 42 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. felixhaberle@MBP-von-Felix ~/D/i18n-ally-main> npm audit # npm audit report @antfu/utils <0.7.3 Severity: moderate antfu/utils vulnerable to prototype pollution - https://github.com/advisories/GHSA-p2fh-2h23-6grg fix available via `npm audit fix --force` Will install @antfu/utils@0.7.8, which is a breaking change node_modules/@antfu/utils @babel/traverse <7.23.2 Severity: critical Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92 fix available via `npm audit fix` node_modules/@babel/traverse ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0 Severity: high Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix` node_modules/ansi-align/node_modules/ansi-regex node_modules/ansi-regex node_modules/strip-ansi/node_modules/ansi-regex node_modules/webpack-cli/node_modules/ansi-regex axios <=0.27.2 Severity: high axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx fix available via `npm audit fix` node_modules/axios browserify-sign 2.6.0 - 4.2.1 Severity: high browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw fix available via `npm audit fix` node_modules/browserify-sign decode-uri-component <0.2.1 Severity: high decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq fix available via `npm audit fix` node_modules/decode-uri-component dot-prop <4.2.1 Severity: high dot-prop Prototype Pollution vulnerability - https://github.com/advisories/GHSA-ff7x-qrg7-qggm fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/dot-prop compare-func <=1.3.4 Depends on vulnerable versions of dot-prop node_modules/compare-func conventional-changelog-angular 0.0.1 - 5.0.10 Depends on vulnerable versions of compare-func node_modules/conventional-changelog-angular conventional-changelog 1.0.0 - 2.0.3 Depends on vulnerable versions of conventional-changelog-angular node_modules/conventional-changelog conventional-github-releaser >=1.1.0 Depends on vulnerable versions of conventional-changelog Depends on vulnerable versions of gh-got Depends on vulnerable versions of git-semver-tags Depends on vulnerable versions of semver-regex node_modules/conventional-github-releaser follow-redirects <=1.15.5 Severity: high Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp fix available via `npm audit fix` node_modules/follow-redirects get-func-name <2.0.1 Severity: high Chaijs/get-func-name vulnerable to ReDoS - https://github.com/advisories/GHSA-4q6p-r6v2-jvc5 fix available via `npm audit fix` node_modules/get-func-name glob-parent <5.1.2 Severity: high glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install webpack@5.91.0, which is a breaking change node_modules/@parcel/watcher/node_modules/glob-parent node_modules/parcel-bundler/node_modules/glob-parent node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/@parcel/watcher/node_modules/chokidar node_modules/watchpack-chokidar2/node_modules/chokidar @parcel/watcher <=1.12.1 Depends on vulnerable versions of chokidar node_modules/@parcel/watcher parcel-bundler * Depends on vulnerable versions of @parcel/watcher Depends on vulnerable versions of css-modules-loader-core Depends on vulnerable versions of cssnano Depends on vulnerable versions of fast-glob Depends on vulnerable versions of node-forge Depends on vulnerable versions of postcss Depends on vulnerable versions of terser node_modules/parcel-bundler parcel-plugin-inliner * Depends on vulnerable versions of parcel-bundler node_modules/parcel-plugin-inliner watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.47.0 Depends on vulnerable versions of watchpack node_modules/webpack fast-glob <=2.2.7 Depends on vulnerable versions of glob-parent node_modules/parcel-bundler/node_modules/fast-glob got <=11.8.3 Severity: high Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 Depends on vulnerable versions of cacheable-request fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/got node_modules/package-json/node_modules/got gh-got <=9.0.0 Depends on vulnerable versions of got node_modules/gh-got package-json <=6.5.0 Depends on vulnerable versions of got node_modules/package-json latest-version 0.2.0 - 5.1.0 Depends on vulnerable versions of package-json node_modules/latest-version update-notifier 0.2.0 - 5.1.0 Depends on vulnerable versions of latest-version node_modules/update-notifier nodemon 1.3.5 - 2.0.16 || 2.0.18 Depends on vulnerable versions of update-notifier node_modules/nodemon http-cache-semantics <4.1.1 Severity: high http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/http-cache-semantics node_modules/package-json/node_modules/http-cache-semantics cacheable-request 0.1.0 - 2.1.4 Depends on vulnerable versions of http-cache-semantics node_modules/cacheable-request jsdom <=16.5.3 Severity: moderate Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-native Depends on vulnerable versions of tough-cookie fix available via `npm audit fix` node_modules/jsdom uncss >=0.7.0 Depends on vulnerable versions of jsdom Depends on vulnerable versions of postcss Depends on vulnerable versions of request node_modules/uncss htmlnano >=0.1.1 Depends on vulnerable versions of cssnano Depends on vulnerable versions of purgecss Depends on vulnerable versions of svgo Depends on vulnerable versions of uncss node_modules/htmlnano json-schema <0.4.0 Severity: critical json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/jsprim json5 <1.0.2 || >=2.0.0 <2.2.2 Severity: high Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h fix available via `npm audit fix` node_modules/json5 node_modules/loader-utils/node_modules/json5 node_modules/parcel-bundler/node_modules/json5 loader-utils <=1.4.1 || 2.0.0 - 2.0.3 Severity: critical Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g fix available via `npm audit fix` node_modules/loader-utils node_modules/ts-loader/node_modules/loader-utils lodash.template * Severity: high Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm fix available via `npm audit fix` node_modules/lodash.template git-raw-commits 0.0.6 - 2.0.9 Depends on vulnerable versions of lodash.template Depends on vulnerable versions of meow node_modules/git-raw-commits conventional-changelog-core <=4.2.1 Depends on vulnerable versions of git-raw-commits Depends on vulnerable versions of git-semver-tags node_modules/conventional-changelog-core markdown-it <12.3.2 Severity: moderate Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c fix available via `npm audit fix --force` Will install vsce@2.15.0, which is a breaking change node_modules/markdown-it vsce 1.26.0 - 2.6.3 Depends on vulnerable versions of markdown-it node_modules/vsce minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3 fix available via `npm audit fix --force` Will install mocha@10.4.0, which is a breaking change node_modules/minimatch mocha 5.1.0 - 9.2.1 Depends on vulnerable versions of minimatch Depends on vulnerable versions of nanoid node_modules/mocha nanoid 3.0.0 - 3.1.30 Severity: moderate Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2 fix available via `npm audit fix --force` Will install mocha@10.4.0, which is a breaking change node_modules/mocha/node_modules/nanoid node_modules/nanoid node-fetch <2.6.7 Severity: high node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g fix available via `npm audit fix` node_modules/node-fetch node-forge <=1.2.1 Severity: high Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g No fix available node_modules/node-forge nth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via `npm audit fix` node_modules/cheerio-select/node_modules/nth-check node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo postcss-svgo <=5.0.0-rc.2 Depends on vulnerable versions of postcss Depends on vulnerable versions of svgo node_modules/postcss-svgo postcss <=8.4.30 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3 Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j No fix available node_modules/@vue/component-compiler-utils/node_modules/postcss node_modules/css-declaration-sorter/node_modules/postcss node_modules/css-modules-loader-core/node_modules/postcss node_modules/cssnano-preset-default/node_modules/postcss node_modules/cssnano-util-raw-cache/node_modules/postcss node_modules/cssnano/node_modules/postcss node_modules/parcel-bundler/node_modules/postcss node_modules/postcss node_modules/postcss-calc/node_modules/postcss node_modules/postcss-colormin/node_modules/postcss node_modules/postcss-convert-values/node_modules/postcss node_modules/postcss-discard-comments/node_modules/postcss node_modules/postcss-discard-duplicates/node_modules/postcss node_modules/postcss-discard-empty/node_modules/postcss node_modules/postcss-discard-overridden/node_modules/postcss node_modules/postcss-merge-longhand/node_modules/postcss node_modules/postcss-merge-rules/node_modules/postcss node_modules/postcss-minify-font-values/node_modules/postcss node_modules/postcss-minify-gradients/node_modules/postcss node_modules/postcss-minify-params/node_modules/postcss node_modules/postcss-minify-selectors/node_modules/postcss node_modules/postcss-modules-extract-imports/node_modules/postcss node_modules/postcss-modules-local-by-default/node_modules/postcss node_modules/postcss-modules-scope/node_modules/postcss node_modules/postcss-modules-values/node_modules/postcss node_modules/postcss-normalize-charset/node_modules/postcss node_modules/postcss-normalize-display-values/node_modules/postcss node_modules/postcss-normalize-positions/node_modules/postcss node_modules/postcss-normalize-repeat-style/node_modules/postcss node_modules/postcss-normalize-string/node_modules/postcss node_modules/postcss-normalize-timing-functions/node_modules/postcss node_modules/postcss-normalize-unicode/node_modules/postcss node_modules/postcss-normalize-url/node_modules/postcss node_modules/postcss-normalize-whitespace/node_modules/postcss node_modules/postcss-ordered-values/node_modules/postcss node_modules/postcss-reduce-initial/node_modules/postcss node_modules/postcss-reduce-transforms/node_modules/postcss node_modules/postcss-svgo/node_modules/postcss node_modules/postcss-unique-selectors/node_modules/postcss node_modules/purgecss/node_modules/postcss node_modules/stylehacks/node_modules/postcss node_modules/uncss/node_modules/postcss @vue/component-compiler-utils * Depends on vulnerable versions of postcss node_modules/@vue/component-compiler-utils vue-i18n-locale-message <=1.16.0 Depends on vulnerable versions of @vue/component-compiler-utils node_modules/vue-i18n-locale-message css-declaration-sorter <=5.1.2 Depends on vulnerable versions of postcss node_modules/css-declaration-sorter css-modules-loader-core * Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-modules-extract-imports Depends on vulnerable versions of postcss-modules-local-by-default Depends on vulnerable versions of postcss-modules-scope Depends on vulnerable versions of postcss-modules-values node_modules/css-modules-loader-core cssnano <=4.1.11 Depends on vulnerable versions of cssnano-preset-default Depends on vulnerable versions of postcss node_modules/cssnano cssnano-preset-default <=4.0.8 Depends on vulnerable versions of css-declaration-sorter Depends on vulnerable versions of cssnano-util-raw-cache Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-calc Depends on vulnerable versions of postcss-colormin Depends on vulnerable versions of postcss-convert-values Depends on vulnerable versions of postcss-discard-comments Depends on vulnerable versions of postcss-discard-duplicates Depends on vulnerable versions of postcss-discard-empty Depends on vulnerable versions of postcss-discard-overridden Depends on vulnerable versions of postcss-merge-longhand Depends on vulnerable versions of postcss-merge-rules Depends on vulnerable versions of postcss-minify-font-values Depends on vulnerable versions of postcss-minify-gradients Depends on vulnerable versions of postcss-minify-params Depends on vulnerable versions of postcss-minify-selectors Depends on vulnerable versions of postcss-normalize-charset Depends on vulnerable versions of postcss-normalize-display-values Depends on vulnerable versions of postcss-normalize-positions Depends on vulnerable versions of postcss-normalize-repeat-style Depends on vulnerable versions of postcss-normalize-string Depends on vulnerable versions of postcss-normalize-timing-functions Depends on vulnerable versions of postcss-normalize-unicode Depends on vulnerable versions of postcss-normalize-url Depends on vulnerable versions of postcss-normalize-whitespace Depends on vulnerable versions of postcss-ordered-values Depends on vulnerable versions of postcss-reduce-initial Depends on vulnerable versions of postcss-reduce-transforms Depends on vulnerable versions of postcss-svgo Depends on vulnerable versions of postcss-unique-selectors node_modules/cssnano-preset-default cssnano-util-raw-cache * Depends on vulnerable versions of postcss node_modules/cssnano-util-raw-cache postcss-calc 4.1.0 - 7.0.5 Depends on vulnerable versions of postcss node_modules/postcss-calc postcss-colormin <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-colormin postcss-convert-values <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-convert-values postcss-discard-comments <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-comments postcss-discard-duplicates 1.1.0 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-duplicates postcss-discard-empty 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-empty postcss-discard-overridden <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-overridden postcss-merge-longhand <=4.0.11 Depends on vulnerable versions of postcss Depends on vulnerable versions of stylehacks node_modules/postcss-merge-longhand postcss-merge-rules <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-merge-rules postcss-minify-font-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-font-values postcss-minify-gradients <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-gradients postcss-minify-params <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-params postcss-minify-selectors <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-selectors postcss-modules-extract-imports <=1.2.1 Depends on vulnerable versions of postcss node_modules/postcss-modules-extract-imports postcss-modules-local-by-default <=1.2.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-local-by-default postcss-modules-scope <=1.1.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-scope postcss-modules-values <=1.3.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-values postcss-normalize-charset <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-charset postcss-normalize-display-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-display-values postcss-normalize-positions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-positions postcss-normalize-repeat-style <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-repeat-style postcss-normalize-string <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-string postcss-normalize-timing-functions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-timing-functions postcss-normalize-unicode <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-unicode postcss-normalize-url 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-url postcss-normalize-whitespace <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-whitespace postcss-ordered-values <=4.1.2 Depends on vulnerable versions of postcss node_modules/postcss-ordered-values postcss-reduce-initial <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-reduce-initial postcss-reduce-transforms <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-reduce-transforms postcss-unique-selectors <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-unique-selectors purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0 Depends on vulnerable versions of postcss node_modules/purgecss stylehacks <=4.0.3 Depends on vulnerable versions of postcss node_modules/stylehacks pug <=3.0.2 Severity: high Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597 fix available via `npm audit fix` node_modules/pug qs 6.5.0 - 6.5.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via `npm audit fix` node_modules/request/node_modules/qs request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie fix available via `npm audit fix` node_modules/request request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core Depends on vulnerable versions of tough-cookie node_modules/request-promise-native semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via `npm audit fix` node_modules/@babel/core/node_modules/semver node_modules/@babel/eslint-parser/node_modules/semver node_modules/@babel/helper-compilation-targets/node_modules/semver node_modules/@babel/helper-define-polyfill-provider/node_modules/semver node_modules/@babel/preset-env/node_modules/semver node_modules/babel-plugin-polyfill-corejs2/node_modules/semver node_modules/conventional-changelog-writer/node_modules/read-pkg/node_modules/semver node_modules/conventional-changelog-writer/node_modules/semver node_modules/conventional-commits-parser/node_modules/read-pkg/node_modules/semver node_modules/conventional-github-releaser/node_modules/semver node_modules/conventional-recommended-bump/node_modules/read-pkg/node_modules/semver node_modules/conventional-recommended-bump/node_modules/semver node_modules/core-js-compat/node_modules/semver node_modules/eslint-plugin-node/node_modules/semver node_modules/find-cache-dir/node_modules/semver node_modules/git-semver-tags/node_modules/semver node_modules/jsonc-eslint-parser/node_modules/semver node_modules/make-dir/node_modules/semver node_modules/nodemon/node_modules/semver node_modules/normalize-package-data/node_modules/semver node_modules/npm-run-all/node_modules/semver node_modules/package-json/node_modules/semver node_modules/parcel-bundler/node_modules/semver node_modules/parse-semver/node_modules/semver node_modules/semver-diff/node_modules/semver node_modules/standard-version/node_modules/conventional-changelog-writer/node_modules/read-pkg/node_modules/semver node_modules/standard-version/node_modules/conventional-changelog-writer/node_modules/semver node_modules/standard-version/node_modules/git-raw-commits/node_modules/semver node_modules/standard-version/node_modules/git-semver-tags/node_modules/read-pkg/node_modules/semver node_modules/standard-version/node_modules/git-semver-tags/node_modules/semver node_modules/stylus/node_modules/semver node_modules/vsce/node_modules/semver node_modules/vue-eslint-parser/node_modules/semver node_modules/webpack-cli/node_modules/semver core-js-compat 3.6.0 - 3.25.0 Depends on vulnerable versions of semver node_modules/core-js-compat semver-regex <=3.1.3 Severity: high semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/semver-regex tar <6.2.1 Severity: moderate Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36 fix available via `npm audit fix` node_modules/tar terser >=5.0.0 <5.14.2 || <4.8.1 Severity: high Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc No fix available node_modules/htmlnano/node_modules/terser node_modules/terser node_modules/terser-webpack-plugin/node_modules/terser tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 fix available via `npm audit fix` node_modules/tough-cookie trim-newlines <3.0.1 Severity: high Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v fix available via `npm audit fix --force` Will install conventional-github-releaser@1.1.7, which is a breaking change node_modules/get-pkg-repo/node_modules/trim-newlines node_modules/git-raw-commits/node_modules/trim-newlines node_modules/git-semver-tags/node_modules/trim-newlines meow 3.4.0 - 5.0.0 Depends on vulnerable versions of trim-newlines node_modules/get-pkg-repo/node_modules/meow node_modules/git-raw-commits/node_modules/meow node_modules/git-semver-tags/node_modules/meow git-semver-tags 1.3.4 - 3.0.1 Depends on vulnerable versions of meow node_modules/git-semver-tags trim-off-newlines <1.0.3 Severity: moderate Uncontrolled Resource Consumption in trim-off-newlines - https://github.com/advisories/GHSA-38fc-wpqx-33j7 fix available via `npm audit fix` node_modules/trim-off-newlines 106 vulnerabilities (60 moderate, 42 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency.

---

To improve Sherlock for next time: What features do you miss in Sherlock that i18n-ally provides?

[kibertoad]

we are going to update i18n-ally very soon, apologies for the delay

[ixartz]

@kibertoad Thank you so much! Extremely existed about i18n-ally new updates!