[Snyk] Security upgrade i18next from 19.4.4 to 19.6.0#8

Open

snyk-bot wants to merge 1 commit intomasterfrom

snyk-fix-e92836a4a187b7f082ee781f1d98e714

snyk-bot commented Sep 6, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	459/1000 Why? Has a fix available, CVSS 4.9	Buffer Overflow SNYK-JS-I18NEXT-575536	No	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Prototype Pollution SNYK-JS-I18NEXT-585930	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: i18next

The new version differs by 46 commits.

8c63160 19.6.0
2a6d7e7 changelog
26d5719 introduce new option skipOnVariables to fix An automatic error report on IPFS Desktop ipfs/ipfs-desktop#1479 (chore(deps-dev): bump electron from 8.2.4 to 8.2.5 ipfs/ipfs-desktop#1483)
44c2e76 fix prototype pollution (Crash. Just bad internet . ipfs/ipfs-desktop#1482)
8a3b93b 19.5.6
1b32fc1 fix local usage of nsSeparator option
c9be7ad 19.5.5
41431ba changelog
360c8a9 fix nesting recursion An automatic error report on IPFS Desktop ipfs/ipfs-desktop#1479 (chore(deps): bump countly-sdk-nodejs from 19.8.0 to 20.4.0 ipfs/ipfs-desktop#1480)
2108da8 additional interpolation with nesting test case
457768b 19.5.4
93f17d9 changelog
9be2ed6 fix type declarion of exposed EventEmitter#off methods (chore(deps-dev): bump @svgr/cli from 5.3.1 to 5.4.0 ipfs/ipfs-desktop#1460)
c883ddb fix: getDataByLanguage typings & test (fix: open directory from webui ipfs/ipfs-desktop#1472)
4bfa7a3 19.5.3
39b09ed changelog
e3ad1ad fix: Macedonian plural formula - *11 (11, 111, 211, 311, 58711...) is plural (Update zh-CN.json ipfs/ipfs-desktop#1476)
72c5009 19.5.2
6dc82bb changelog
1b78398 fix nesting interpolation with prepended namespace, fixes After last update IPFS-Desktop fails duet macOS signature virification ipfs/ipfs-desktop#1474 (Issue with the app after updating to v0.11.1 ipfs/ipfs-desktop#1475)
67e2569 19.5.1
0e1ba26 rebuild
80a3810 Merge pull request chore(deps-dev): bump electron-builder from 22.5.1 to 22.6.0 ipfs/ipfs-desktop#1471 from i18next/fix-getBestMatchFromCodes
ba5c120 getBestMatchFromCodes: use fallbackLng if nothing found, fixes chore(deps): bump ipfsd-ctl from 4.0.1 to 4.1.0 ipfs/ipfs-desktop#1470

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

e8aac5a

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-I18NEXT-575536
- https://snyk.io/vuln/SNYK-JS-I18NEXT-585930


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746

pull-assistant bot commented Sep 6, 2020

Best reviewed: commit by commit

Optimal code review plan

fix: package.json, package-lock.json & .snyk to reduce vulnerabilities...

Powered by Pull Assistant. Last update e8aac5a ... e8aac5a. Read the comment docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet