raindigi / reaction

Reaction is a customizable, real-time reactive, JavaScript commerce platform.
https://reactioncommerce.com/
GNU General Public License v3.0
0 stars 0 forks source link

[Snyk] Security upgrade i18next from 10.3.0 to 19.8.5 #125

Open saurabharch opened 3 years ago

saurabharch commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-I18NEXT-1065979
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: i18next The new version differs by 250 commits.
  • aeab3ca 19.8.5
  • f58c423 new version
  • 932f5f6 fix potential prototype pollution when backend plugin resolves a malicious language value
  • 2dc8267 Merge pull request #1533 from pravi/update-rollup-plugin-babel
  • dae2b32 chore: update build dependency (use @ rollup/plugin-babel)
  • 4f9ef14 Merge pull request #1532 from pravi/update-node-resolve-plugin
  • a90fb69 chore: update rollup and plugins
  • ad88092 use fallbackLng as default lng
  • ba564b3 19.8.4
  • 1816290 prepare new release
  • 1ed5a71 Updated FormatFunction signature to match codebase (#1520)
  • 2516e89 Update config.yml
  • 94dd384 Update config.yml
  • 877e250 commit build result
  • fa98508 Merge pull request #1518 from KristjanESPERANTO/patch-1
  • 749519e Update URLs
  • 03ef4ed 19.8.3
  • ed6169f fix prototype pollution with constructor
  • 5d808cd updated @ babel/runtime to ^7.12.0, runtime file extensions issue resolved (#1513)
  • cb780ad 19.8.2
  • d736006 allow nesting recursively with context (could theoretically generate infinite loop, prevented in #1480)
  • 685aa0f 19.8.1
  • b44f64c log optimizations for clone instances
  • ba2613b 19.8.0
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic