vue-cli-plugin-i18n icon indicating copy to clipboard operation
vue-cli-plugin-i18n copied to clipboard

Published 20 hours ago verified publisher icon intlify

Bump vue-i18n-extract to version 1.2.3

Open mateuscruz opened this issue 3 years ago • 2 comments

Version 1.0.2 depends on dot-object@^1.7.1 which is vulnerable to prototype pollution.

Closes #262

mateuscruz avatar Jul 12 '22 16:07 mateuscruz

Any idea when this will be reviewed?

trim0039 avatar Jul 26 '22 21:07 trim0039

@trim0039 it looks like this project is abandoned. The latest PR merge, excluding dependabot updates, was done last year (#253), that's over 8 months ago. I wrote the PR because it was a very simple change. I wouldn't count on it being merged anytime soon.

What I did on my repos was to update the references in package.json to my cloned repo like this (I use yarn):

"vue-cli-plugin-i18n": "mateuscruz/vue-cli-plugin-i18n#bump-vue-i18n-extract"

I use it as a dev dependency so I don't anticipate any issues with it that could affect production. Use it with caution if you need it on production.

I'll keep my cloned repo and branch online until this is merged.

mateuscruz avatar Jul 26 '22 21:07 mateuscruz

We ran into the same reporting after a dependency update.

@kazupon Can you merge this? It would be much appriciated.

gazben avatar Jan 04 '23 14:01 gazben

@kazupon any progress on this, this would be much needed 🙏

sbourouis avatar Mar 27 '23 07:03 sbourouis

Thanks for merging @kazupon! For those who are using my branch as a temp workaround, I'll delete this branch on April 27th.

mateuscruz avatar Mar 28 '23 01:03 mateuscruz