[Snyk] Security upgrade i18next from 17.3.1 to 19.8.5 #10

m0nhawk · 2021-02-18T06:06:57Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- extensions/vtk/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-I18NEXT-1065979	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: i18next

The new version differs by 162 commits.

aeab3ca 19.8.5
f58c423 new version
932f5f6 fix potential prototype pollution when backend plugin resolves a malicious language value
2dc8267 Merge pull request feat: 🎸 Filter/promote multiple series instances OHIF/Viewers#1533 from pravi/update-rollup-plugin-babel
dae2b32 chore: update build dependency (use @ rollup/plugin-babel)
4f9ef14 Merge pull request Query params to filter/promote multiple series instances OHIF/Viewers#1532 from pravi/update-node-resolve-plugin
a90fb69 chore: update rollup and plugins
ad88092 use fallbackLng as default lng
ba564b3 19.8.4
1816290 prepare new release
1ed5a71 Updated FormatFunction signature to match codebase (onClick or doubleClick on Thumbnail not working on upload local OHIF/Viewers#1520)
2516e89 Update config.yml
94dd384 Update config.yml
877e250 commit build result
fa98508 Merge pull request Magnify tool freezes on multiple viewports OHIF/Viewers#1518 from KristjanESPERANTO/patch-1
749519e Update URLs
03ef4ed 19.8.3
ed6169f fix prototype pollution with constructor
5d808cd updated @ babel/runtime to ^7.12.0, runtime file extensions issue resolved (OHIF-35: Issues on StudyList Filter OHIF/Viewers#1513)
cb780ad 19.8.2
d736006 allow nesting recursively with context (could theoretically generate infinite loop, prevented in Accesing current image in series OHIF/Viewers#1480)
685aa0f 19.8.1
b44f64c log optimizations for clone instances
ba2613b 19.8.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-I18NEXT-1065979

* feat(imageLoader):Add an nth image loader strategy (#10) * Updates for PR for nth menu * performance:Prior implementation was O(n^2), taking about 50 ms * feat:Nth image loader, added docs as requested

fix: extensions/vtk/package.json to reduce vulnerabilities

50969ee

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-I18NEXT-1065979

m0nhawk closed this Mar 11, 2021

m0nhawk deleted the snyk-fix-f7ab30d9b2f1131849a6a5f056cd1350 branch March 11, 2021 05:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade i18next from 17.3.1 to 19.8.5 #10

[Snyk] Security upgrade i18next from 17.3.1 to 19.8.5 #10

m0nhawk commented Feb 18, 2021

[Snyk] Security upgrade i18next from 17.3.1 to 19.8.5 #10

[Snyk] Security upgrade i18next from 17.3.1 to 19.8.5 #10

Conversation

m0nhawk commented Feb 18, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: