Skip to content

chore(deps): bump i18next-fs-backend from 2.6.1 to 2.6.4#5352

Merged
asyncapi-bot merged 1 commit intomasterfrom
dependabot/npm_and_yarn/i18next-fs-backend-2.6.4
Apr 22, 2026
Merged

chore(deps): bump i18next-fs-backend from 2.6.1 to 2.6.4#5352
asyncapi-bot merged 1 commit intomasterfrom
dependabot/npm_and_yarn/i18next-fs-backend-2.6.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026

Bumps i18next-fs-backend from 2.6.1 to 2.6.4.

Changelog

Sourced from i18next-fs-backend's changelog.

2.6.4

Security release — all issues found via an internal audit. See published advisory GHSA-8847-338w-5hcj.

  • security: refuse to build filesystem paths when lng or ns values contain .., path separators (/, \), control characters, prototype keys (__proto__ / constructor / prototype), or exceed 128 chars. Prevents arbitrary filesystem read / write via attacker-controlled language-code values. Any legitimate i18next language-code shape (BCP-47-like, underscores, hyphens, dots, +-joined multi-language requests) is still accepted (GHSA-8847-338w-5hcj)
  • docs: new "Security considerations" README section — documents the filesystem-path sanitiser and clarifies the trust model around .js/.ts locale files (their content is eval-ed, so they must be treated as code). The eval behaviour itself is retained: dynamic expressions in .js/.ts locale files are an intentional feature, and safe replacements like import() are async-only and not viable for this sync-capable code path.
  • chore: ignore .env* and *.pem/*.key files in .gitignore.

2.6.3

  • use own interpolation function instead of relying on i18next's interpolator
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump i18next-fs-backend from 2.6.1 to 2.6.4
631dd7b 
Bumps [i18next-fs-backend](https://github.com/i18next/i18next-fs-backend) from 2.6.1 to 2.6.4.
- [Changelog](https://github.com/i18next/i18next-fs-backend/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next-fs-backend@v2.6.1...v2.6.4)

---
updated-dependencies:
- dependency-name: i18next-fs-backend
  dependency-version: 2.6.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 22, 2026
@github-project-automation github-project-automation Bot moved this to To Be Triaged in Website - Kanban Apr 22, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 22, 2026
edited
Loading

Deploy Preview for asyncapi-website ready!

Name Link
🔨 Latest commit 631dd7b
🔍 Latest deploy log https://app.netlify.com/projects/asyncapi-website/deploys/69e90d197a41a800082ccbbe
😎 Deploy Preview https://deploy-preview-5352--asyncapi-website.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 22, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (621272f) to head (631dd7b).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##            master     #5352   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           22        22           
  Lines          830       830           
  Branches       159       159           
=========================================
  Hits           830       830

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@asyncapi-bot
Copy link
Copy Markdown
Contributor

asyncapi-bot commented Apr 22, 2026

⚡️ Lighthouse report for the changes in this PR:

Category Score
🔴 Performance 43
🟢 Accessibility 98
🟢 Best practices 92
🟢 SEO 100
🔴 PWA 33

Lighthouse ran on https://deploy-preview-5352--asyncapi-website.netlify.app/

@asyncapi-bot asyncapi-bot merged commit b612baf into master Apr 22, 2026
33 of 34 checks passed
@asyncapi-bot asyncapi-bot deleted the dependabot/npm_and_yarn/i18next-fs-backend-2.6.4 branch April 22, 2026 18:07
@github-project-automation github-project-automation Bot moved this from To Be Triaged to Done in Website - Kanban Apr 22, 2026
codxbrexx pushed a commit to codxbrexx/website-asyncapi that referenced this pull request May 5, 2026
@dependabot @codxbrexx
chore(deps): bump i18next-fs-backend from 2.6.1 to 2.6.4 (asyncapi#5352)
a16a1e6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asyncapi-bot-eve asyncapi-bot-eve asyncapi-bot-eve approved these changes

@derberg derberg Awaiting requested review from derberg derberg is a code owner

@akshatnema akshatnema Awaiting requested review from akshatnema akshatnema is a code owner

@anshgoyalevil anshgoyalevil Awaiting requested review from anshgoyalevil anshgoyalevil is a code owner

@sambhavgupta0705 sambhavgupta0705 Awaiting requested review from sambhavgupta0705 sambhavgupta0705 is a code owner

@princerajpoot20 princerajpoot20 Awaiting requested review from princerajpoot20 princerajpoot20 is a code owner

@Mayaleeeee Mayaleeeee Awaiting requested review from Mayaleeeee Mayaleeeee is a code owner

@vishvamsinh28 vishvamsinh28 Awaiting requested review from vishvamsinh28

Assignees

No one assigned

Labels

autoapproved autoupdate dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

Website - Kanban
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asyncapi-bot @asyncapi-bot-eve