Skip to content
This repository has been archived by the owner on Apr 22, 2024. It is now read-only.

Bump vue-i18n-extract to version 1.2.3 #279

Merged
merged 1 commit into from
Mar 27, 2023

Conversation

mateuscruz
Copy link
Contributor

@mateuscruz mateuscruz commented Jul 12, 2022

Version 1.0.2 depends on dot-object@^1.7.1 which is vulnerable to prototype pollution.

Closes #262

Version 1.0.2 depends on dot-object@^1.7.1 which is vulnerable to prototype pollution.
@mateuscruz mateuscruz closed this Jul 12, 2022
@mateuscruz mateuscruz reopened this Jul 12, 2022
@mateuscruz mateuscruz changed the title Bump vue-i18n-extract to version "1.2.3 Bump vue-i18n-extract to version 1.2.3 Jul 12, 2022
@trim0039
Copy link

Any idea when this will be reviewed?

@mateuscruz
Copy link
Contributor Author

@trim0039 it looks like this project is abandoned. The latest PR merge, excluding dependabot updates, was done last year (#253), that's over 8 months ago. I wrote the PR because it was a very simple change. I wouldn't count on it being merged anytime soon.

What I did on my repos was to update the references in package.json to my cloned repo like this (I use yarn):

"vue-cli-plugin-i18n": "mateuscruz/vue-cli-plugin-i18n#bump-vue-i18n-extract"

I use it as a dev dependency so I don't anticipate any issues with it that could affect production. Use it with caution if you need it on production.

I'll keep my cloned repo and branch online until this is merged.

@gazben
Copy link

gazben commented Jan 4, 2023

We ran into the same reporting after a dependency update.

@kazupon Can you merge this? It would be much appriciated.

@sbourouis
Copy link

@kazupon any progress on this, this would be much needed 🙏

@kazupon kazupon merged commit 4ef7b1a into intlify:master Mar 27, 2023
@kazupon kazupon added the Type: Improvement Includes backwards-compatible fixes label Mar 27, 2023
@mateuscruz
Copy link
Contributor Author

Thanks for merging @kazupon! For those who are using my branch as a temp workaround, I'll delete this branch on April 27th.

@mateuscruz mateuscruz deleted the bump-vue-i18n-extract branch July 7, 2023 17:11
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Type: Improvement Includes backwards-compatible fixes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update to current vue-i18n-extract version
5 participants