feat: Update `next-intl` to support latest release

[amannn]

Adds support for:

• getTranslations
• t.markup

Thanks!

[ajnart]

~Is it possible to make a temporary patch to the extension while this is not merged ?~

Edit: By following this wiki entry I was able to come up with the following .vscode/i18n-ally-custom-framework.yml

languageIds:
  - javascript
  - typescript
  - javascriptreact
  - typescriptreact

usageMatchRegex:

  - "[^\\w\\d]t\\(['\"`]({key})['\"`]"

scopeRangeRegex: "getTranslations\\(\\s*\\[?\\s*['\"`](.*?)['\"`]"
monopoly: true

[amannn]

@terales Any chance this could be reviewed and possibly released? Thank you for your help!

[QinjianZheng]

~Is it possible to make a temporary patch to the extension while this is not merged ?~

Edit: By following this wiki entry I was able to come up with the following .vscode/i18n-ally-custom-framework.yml

languageIds:
  - javascript
  - typescript
  - javascriptreact
  - typescriptreact

usageMatchRegex:

  - "[^\\w\\d]t\\(['\"`]({key})['\"`]"

scopeRangeRegex: "getTranslations\\(\\s*\\[?\\s*['\"`](.*?)['\"`]"
monopoly: true

This one doesn't work for me.

I wrote this one based on the changes in the PR.

languageIds:
  - javascript
  - typescript
  - javascriptreact
  - typescriptreact

usageMatchRegex:
  - "[^\\w\\d]t\\s*\\(\\s*['\"`]({key})['\"`]"
  - "[^\\w\\d]t\\s*\\.rich\\s*\\(\\s*['\"`]({key})['\"`]"
  - "[^\\w\\d]t\\s*\\.markup\\s*\\(\\s*['\"`]({key})['\"`]"
  - "[^\\w\\d]t\\s*\\.raw\\s*\\(\\s*['\"`]({key})['\"`]"

scopeRangeRegex: "(?:useTranslations|getTranslations)\\(\\s*\\[?\\s*['\"`](.*?)['\"`]"
monopoly: true

Key thing here is to group useTranslations and getTranslations without capturing it.

[felixhaeberle]

Alternative: VS Code extension Sherlock i18n does now also support next-intl 🎉

Guide: Setting up next-intl with Sherlock VS Code extension

[stijn-vk]

~Is it possible to make a temporary patch to the extension while this is not merged ?~ Edit: By following this wiki entry I was able to come up with the following .vscode/i18n-ally-custom-framework.yml

languageIds:
  - javascript
  - typescript
  - javascriptreact
  - typescriptreact

usageMatchRegex:

  - "[^\\w\\d]t\\(['\"`]({key})['\"`]"

scopeRangeRegex: "getTranslations\\(\\s*\\[?\\s*['\"`](.*?)['\"`]"
monopoly: true

This one doesn't work for me.

I wrote this one based on the changes in the PR.

languageIds:
  - javascript
  - typescript
  - javascriptreact
  - typescriptreact

usageMatchRegex:
  - "[^\\w\\d]t\\s*\\(\\s*['\"`]({key})['\"`]"
  - "[^\\w\\d]t\\s*\\.rich\\s*\\(\\s*['\"`]({key})['\"`]"
  - "[^\\w\\d]t\\s*\\.markup\\s*\\(\\s*['\"`]({key})['\"`]"
  - "[^\\w\\d]t\\s*\\.raw\\s*\\(\\s*['\"`]({key})['\"`]"

scopeRangeRegex: "(?:useTranslations|getTranslations)\\(\\s*\\[?\\s*['\"`](.*?)['\"`]"
monopoly: true

Key thing here is to group useTranslations and getTranslations without capturing it.

I was having issues when I used getTranslations({ namespace: 'page' }) so I replaced the scopeRangeRegex

scopeRangeRegex: "(?:getTranslations|useTranslations)\\((?:\\s*['\"`]|{\\s*namespace:\\s*['\"`])(.*?)['\"`]"

Now it matches this as long as you pass in namespace as the first key of the object.

It still does not match something like getTranslations({ locale: 'en', namespace: 'page' }), maybe some regex genius can figure that one out!

[LarsFlieger]

@kibertoad we need this :)

[mvdbastos]

UP! Looking forward to use this feature!

[tecoad]

@kibertoad Can you look into this? Support for getTranslations is very much needed.

Thanks!

[thomaslenaour]

Hey, I'm waiting for this support too!

Thanks

[tecoad]

Seems that this extension is no longer maintained. Anyways, I forked the PR repo and build / installed the custom version myself!

[ScreamZ]

@antfu No longer works at lokalise, now part of Nuxt team it seems... Maybe you could add some people as maintainer, like @amannn Anthony, therefore some PR could be merged.

For others, you might try https://next-intl-docs.vercel.app/docs/workflows/vscode-integration#sherlock ?

[felixhaeberle]

@ScreamZ Hi, Felix from Sherlock team here, happy to help anyone onboard if there are any issues, just hmu 🤙

[ScreamZ]

@ScreamZ Hi, Felix from Sherlock team here, happy to help anyone onboard if there are any issues, just hmu 🤙

Just installed IT, works like a charm. Thank you Different display but this is okay, fine enough and working well. I'm pretty sure your tool will be better than i18n ally really soon, you just lack the interface in vscode, the fink monorepo cloning is a bit too obstrusive for my requirements atm. :)

Also could've been better if options were in .vscode folder, but this is not really important.

[felixhaeberle]

@ScreamZ Feel free to open issues & PR's if anything is missing what you have loved in i18n-ally.

A lot of decisions in Sherlock are based in "convention over configuration" so we handle a lot of things ootb with minimal upfront configuration.

At the same time, we want to offer great flexibility where it makes sense. We still testing the amount of flexibility and are keen to invest resources into making Sherlock the best i18n extension in VS Code.

@ScreamZ What do you refer to with "fink monorepo cloning"? 😅

[ixartz]

In case you want to keep using this extension (i18n-ally), I just found a solution to make it work with next-intl using the "Custom Framework" feature. And, no need to install another extension with a different display or fork the extension.

The solution works with useTranslations and getTranslations (including getTranslations('page') and getTranslations({ locale: 'en', namespace: 'page' })

You can find the solution at Next.js Boilerplate and you just need to copy the file i18n-ally-custom-framework.yml

PS: @stijn-vk, I found a solution to make it work with getTranslations({ locale: 'en', namespace: 'page' })

[ScreamZ]

In case you want to keep using this extension (i18n-ally), I just found a solution to make it work with next-intl using the "Custom Framework" feature. And, no need to install another extension with a different display or fork the extension.

The solution works with useTranslations and getTranslations (including getTranslations('page') and getTranslations({ locale: 'en', namespace: 'page' })

You can find the solution at Next.js Boilerplate and you just need to copy the file i18n-ally-custom-framework.yml

PS: @stijn-vk, I found a solution to make it work with getTranslations({ locale: 'en', namespace: 'page' })

@amannn you could add this to the doc, it works :)

[amannn]

@ScreamZ The plugin support from i18n-ally does a bit more than the custom config, e.g. providing more options for replacement upon extraction, so generally a merged PR would be preferable :).

Thanks to @ixartz for the idea with matching namespace: too in the regex! I've updated the PR accordingly.

[felixhaeberle]

Out of curiosity, I did a security check for i18n-ally: and it seems at this point, you have to be VERY careful to use it.

[!CAUTION] There are several critical vulnerabilities (at this point 4) and lots of high ones (over 40), that said – please go for an alternative.

106 vulnerabilities (60 moderate, 42 high, 4 critical)

npm audit report

@antfu/utils <0.7.3 Severity: moderate antfu/utils vulnerable to prototype pollution - https://github.com/advisories/GHSA-p2fh-2h23-6grg fix available via npm audit fix --force Will install @antfu/[email protected], which is a breaking change node_modules/@antfu/utils

@babel/traverse <7.23.2 Severity: critical Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92 fix available via npm audit fix node_modules/@babel/traverse

ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0 Severity: high Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via npm audit fix node_modules/ansi-align/node_modules/ansi-regex node_modules/ansi-regex node_modules/strip-ansi/node_modules/ansi-regex node_modules/webpack-cli/node_modules/ansi-regex

axios <=0.27.2 Severity: high axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx fix available via npm audit fix node_modules/axios

browserify-sign 2.6.0 - 4.2.1 Severity: high browserify-sign upper bound check issue in dsaVerify leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw fix available via npm audit fix node_modules/browserify-sign

decode-uri-component <0.2.1 Severity: high decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq fix available via npm audit fix node_modules/decode-uri-component

dot-prop <4.2.1 Severity: high dot-prop Prototype Pollution vulnerability - https://github.com/advisories/GHSA-ff7x-qrg7-qggm fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/dot-prop compare-func <=1.3.4 Depends on vulnerable versions of dot-prop node_modules/compare-func conventional-changelog-angular 0.0.1 - 5.0.10 Depends on vulnerable versions of compare-func node_modules/conventional-changelog-angular conventional-changelog 1.0.0 - 2.0.3 Depends on vulnerable versions of conventional-changelog-angular node_modules/conventional-changelog conventional-github-releaser >=1.1.0 Depends on vulnerable versions of conventional-changelog Depends on vulnerable versions of gh-got Depends on vulnerable versions of git-semver-tags Depends on vulnerable versions of semver-regex node_modules/conventional-github-releaser

follow-redirects <=1.15.5 Severity: high Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp fix available via npm audit fix node_modules/follow-redirects

get-func-name <2.0.1 Severity: high Chaijs/get-func-name vulnerable to ReDoS - https://github.com/advisories/GHSA-4q6p-r6v2-jvc5 fix available via npm audit fix node_modules/get-func-name

glob-parent <5.1.2 Severity: high glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/@parcel/watcher/node_modules/glob-parent node_modules/parcel-bundler/node_modules/glob-parent node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/@parcel/watcher/node_modules/chokidar node_modules/watchpack-chokidar2/node_modules/chokidar @parcel/watcher <=1.12.1 Depends on vulnerable versions of chokidar node_modules/@parcel/watcher parcel-bundler * Depends on vulnerable versions of @parcel/watcher Depends on vulnerable versions of css-modules-loader-core Depends on vulnerable versions of cssnano Depends on vulnerable versions of fast-glob Depends on vulnerable versions of node-forge Depends on vulnerable versions of postcss Depends on vulnerable versions of terser node_modules/parcel-bundler parcel-plugin-inliner * Depends on vulnerable versions of parcel-bundler node_modules/parcel-plugin-inliner watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.47.0 Depends on vulnerable versions of watchpack node_modules/webpack fast-glob <=2.2.7 Depends on vulnerable versions of glob-parent node_modules/parcel-bundler/node_modules/fast-glob

got <=11.8.3 Severity: high Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 Depends on vulnerable versions of cacheable-request fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/got node_modules/package-json/node_modules/got gh-got <=9.0.0 Depends on vulnerable versions of got node_modules/gh-got package-json <=6.5.0 Depends on vulnerable versions of got node_modules/package-json latest-version 0.2.0 - 5.1.0 Depends on vulnerable versions of package-json node_modules/latest-version update-notifier 0.2.0 - 5.1.0 Depends on vulnerable versions of latest-version node_modules/update-notifier nodemon 1.3.5 - 2.0.16 || 2.0.18 Depends on vulnerable versions of update-notifier node_modules/nodemon

http-cache-semantics <4.1.1 Severity: high http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/http-cache-semantics node_modules/package-json/node_modules/http-cache-semantics cacheable-request 0.1.0 - 2.1.4 Depends on vulnerable versions of http-cache-semantics node_modules/cacheable-request

jsdom <=16.5.3 Severity: moderate Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-native Depends on vulnerable versions of tough-cookie fix available via npm audit fix node_modules/jsdom uncss >=0.7.0 Depends on vulnerable versions of jsdom Depends on vulnerable versions of postcss Depends on vulnerable versions of request node_modules/uncss htmlnano >=0.1.1 Depends on vulnerable versions of cssnano Depends on vulnerable versions of purgecss Depends on vulnerable versions of svgo Depends on vulnerable versions of uncss node_modules/htmlnano

json-schema <0.4.0 Severity: critical json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via npm audit fix node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/jsprim

json5 <1.0.2 || >=2.0.0 <2.2.2 Severity: high Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h fix available via npm audit fix node_modules/json5 node_modules/loader-utils/node_modules/json5 node_modules/parcel-bundler/node_modules/json5

loader-utils <=1.4.1 || 2.0.0 - 2.0.3 Severity: critical Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g fix available via npm audit fix node_modules/loader-utils node_modules/ts-loader/node_modules/loader-utils

lodash.template * Severity: high Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm fix available via npm audit fix node_modules/lodash.template git-raw-commits 0.0.6 - 2.0.9 Depends on vulnerable versions of lodash.template Depends on vulnerable versions of meow node_modules/git-raw-commits conventional-changelog-core <=4.2.1 Depends on vulnerable versions of git-raw-commits Depends on vulnerable versions of git-semver-tags node_modules/conventional-changelog-core

markdown-it <12.3.2 Severity: moderate Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/markdown-it vsce 1.26.0 - 2.6.3 Depends on vulnerable versions of markdown-it node_modules/vsce

minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3 fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/minimatch mocha 5.1.0 - 9.2.1 Depends on vulnerable versions of minimatch Depends on vulnerable versions of nanoid node_modules/mocha

nanoid 3.0.0 - 3.1.30 Severity: moderate Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2 fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/mocha/node_modules/nanoid node_modules/nanoid

node-fetch <2.6.7 Severity: high node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g fix available via npm audit fix node_modules/node-fetch

node-forge <=1.2.1 Severity: high Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-2r2c-g63r-vccr Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g No fix available node_modules/node-forge

nth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via npm audit fix node_modules/cheerio-select/node_modules/nth-check node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo postcss-svgo <=5.0.0-rc.2 Depends on vulnerable versions of postcss Depends on vulnerable versions of svgo node_modules/postcss-svgo

postcss <=8.4.30 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3 Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j No fix available node_modules/@vue/component-compiler-utils/node_modules/postcss node_modules/css-declaration-sorter/node_modules/postcss node_modules/css-modules-loader-core/node_modules/postcss node_modules/cssnano-preset-default/node_modules/postcss node_modules/cssnano-util-raw-cache/node_modules/postcss node_modules/cssnano/node_modules/postcss node_modules/parcel-bundler/node_modules/postcss node_modules/postcss node_modules/postcss-calc/node_modules/postcss node_modules/postcss-colormin/node_modules/postcss node_modules/postcss-convert-values/node_modules/postcss node_modules/postcss-discard-comments/node_modules/postcss node_modules/postcss-discard-duplicates/node_modules/postcss node_modules/postcss-discard-empty/node_modules/postcss node_modules/postcss-discard-overridden/node_modules/postcss node_modules/postcss-merge-longhand/node_modules/postcss node_modules/postcss-merge-rules/node_modules/postcss node_modules/postcss-minify-font-values/node_modules/postcss node_modules/postcss-minify-gradients/node_modules/postcss node_modules/postcss-minify-params/node_modules/postcss node_modules/postcss-minify-selectors/node_modules/postcss node_modules/postcss-modules-extract-imports/node_modules/postcss node_modules/postcss-modules-local-by-default/node_modules/postcss node_modules/postcss-modules-scope/node_modules/postcss node_modules/postcss-modules-values/node_modules/postcss node_modules/postcss-normalize-charset/node_modules/postcss node_modules/postcss-normalize-display-values/node_modules/postcss node_modules/postcss-normalize-positions/node_modules/postcss node_modules/postcss-normalize-repeat-style/node_modules/postcss node_modules/postcss-normalize-string/node_modules/postcss node_modules/postcss-normalize-timing-functions/node_modules/postcss node_modules/postcss-normalize-unicode/node_modules/postcss node_modules/postcss-normalize-url/node_modules/postcss node_modules/postcss-normalize-whitespace/node_modules/postcss node_modules/postcss-ordered-values/node_modules/postcss node_modules/postcss-reduce-initial/node_modules/postcss node_modules/postcss-reduce-transforms/node_modules/postcss node_modules/postcss-svgo/node_modules/postcss node_modules/postcss-unique-selectors/node_modules/postcss node_modules/purgecss/node_modules/postcss node_modules/stylehacks/node_modules/postcss node_modules/uncss/node_modules/postcss @vue/component-compiler-utils * Depends on vulnerable versions of postcss node_modules/@vue/component-compiler-utils vue-i18n-locale-message <=1.16.0 Depends on vulnerable versions of @vue/component-compiler-utils node_modules/vue-i18n-locale-message css-declaration-sorter <=5.1.2 Depends on vulnerable versions of postcss node_modules/css-declaration-sorter css-modules-loader-core * Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-modules-extract-imports Depends on vulnerable versions of postcss-modules-local-by-default Depends on vulnerable versions of postcss-modules-scope Depends on vulnerable versions of postcss-modules-values node_modules/css-modules-loader-core cssnano <=4.1.11 Depends on vulnerable versions of cssnano-preset-default Depends on vulnerable versions of postcss node_modules/cssnano cssnano-preset-default <=4.0.8 Depends on vulnerable versions of css-declaration-sorter Depends on vulnerable versions of cssnano-util-raw-cache Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-calc Depends on vulnerable versions of postcss-colormin Depends on vulnerable versions of postcss-convert-values Depends on vulnerable versions of postcss-discard-comments Depends on vulnerable versions of postcss-discard-duplicates Depends on vulnerable versions of postcss-discard-empty Depends on vulnerable versions of postcss-discard-overridden Depends on vulnerable versions of postcss-merge-longhand Depends on vulnerable versions of postcss-merge-rules Depends on vulnerable versions of postcss-minify-font-values Depends on vulnerable versions of postcss-minify-gradients Depends on vulnerable versions of postcss-minify-params Depends on vulnerable versions of postcss-minify-selectors Depends on vulnerable versions of postcss-normalize-charset Depends on vulnerable versions of postcss-normalize-display-values Depends on vulnerable versions of postcss-normalize-positions Depends on vulnerable versions of postcss-normalize-repeat-style Depends on vulnerable versions of postcss-normalize-string Depends on vulnerable versions of postcss-normalize-timing-functions Depends on vulnerable versions of postcss-normalize-unicode Depends on vulnerable versions of postcss-normalize-url Depends on vulnerable versions of postcss-normalize-whitespace Depends on vulnerable versions of postcss-ordered-values Depends on vulnerable versions of postcss-reduce-initial Depends on vulnerable versions of postcss-reduce-transforms Depends on vulnerable versions of postcss-svgo Depends on vulnerable versions of postcss-unique-selectors node_modules/cssnano-preset-default cssnano-util-raw-cache * Depends on vulnerable versions of postcss node_modules/cssnano-util-raw-cache postcss-calc 4.1.0 - 7.0.5 Depends on vulnerable versions of postcss node_modules/postcss-calc postcss-colormin <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-colormin postcss-convert-values <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-convert-values postcss-discard-comments <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-comments postcss-discard-duplicates 1.1.0 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-duplicates postcss-discard-empty 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-empty postcss-discard-overridden <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-overridden postcss-merge-longhand <=4.0.11 Depends on vulnerable versions of postcss Depends on vulnerable versions of stylehacks node_modules/postcss-merge-longhand postcss-merge-rules <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-merge-rules postcss-minify-font-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-font-values postcss-minify-gradients <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-gradients postcss-minify-params <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-params postcss-minify-selectors <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-selectors postcss-modules-extract-imports <=1.2.1 Depends on vulnerable versions of postcss node_modules/postcss-modules-extract-imports postcss-modules-local-by-default <=1.2.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-local-by-default postcss-modules-scope <=1.1.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-scope postcss-modules-values <=1.3.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-values postcss-normalize-charset <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-charset postcss-normalize-display-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-display-values postcss-normalize-positions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-positions postcss-normalize-repeat-style <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-repeat-style postcss-normalize-string <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-string postcss-normalize-timing-functions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-timing-functions postcss-normalize-unicode <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-unicode postcss-normalize-url 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-url postcss-normalize-whitespace <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-whitespace postcss-ordered-values <=4.1.2 Depends on vulnerable versions of postcss node_modules/postcss-ordered-values postcss-reduce-initial <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-reduce-initial postcss-reduce-transforms <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-reduce-transforms postcss-unique-selectors <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-unique-selectors purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0 Depends on vulnerable versions of postcss node_modules/purgecss stylehacks <=4.0.3 Depends on vulnerable versions of postcss node_modules/stylehacks

pug <=3.0.2 Severity: high Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597 fix available via npm audit fix node_modules/pug

qs 6.5.0 - 6.5.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via npm audit fix node_modules/request/node_modules/qs

request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie fix available via npm audit fix node_modules/request request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core Depends on vulnerable versions of tough-cookie node_modules/request-promise-native

semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via npm audit fix node_modules/@babel/core/node_modules/semver node_modules/@babel/eslint-parser/node_modules/semver node_modules/@babel/helper-compilation-targets/node_modules/semver node_modules/@babel/helper-define-polyfill-provider/node_modules/semver node_modules/@babel/preset-env/node_modules/semver node_modules/babel-plugin-polyfill-corejs2/node_modules/semver node_modules/conventional-changelog-writer/node_modules/read-pkg/node_modules/semver node_modules/conventional-changelog-writer/node_modules/semver node_modules/conventional-commits-parser/node_modules/read-pkg/node_modules/semver node_modules/conventional-github-releaser/node_modules/semver node_modules/conventional-recommended-bump/node_modules/read-pkg/node_modules/semver node_modules/conventional-recommended-bump/node_modules/semver node_modules/core-js-compat/node_modules/semver node_modules/eslint-plugin-node/node_modules/semver node_modules/find-cache-dir/node_modules/semver node_modules/git-semver-tags/node_modules/semver node_modules/jsonc-eslint-parser/node_modules/semver node_modules/make-dir/node_modules/semver node_modules/nodemon/node_modules/semver node_modules/normalize-package-data/node_modules/semver node_modules/npm-run-all/node_modules/semver node_modules/package-json/node_modules/semver node_modules/parcel-bundler/node_modules/semver node_modules/parse-semver/node_modules/semver node_modules/semver-diff/node_modules/semver node_modules/standard-version/node_modules/conventional-changelog-writer/node_modules/read-pkg/node_modules/semver node_modules/standard-version/node_modules/conventional-changelog-writer/node_modules/semver node_modules/standard-version/node_modules/git-raw-commits/node_modules/semver node_modules/standard-version/node_modules/git-semver-tags/node_modules/read-pkg/node_modules/semver node_modules/standard-version/node_modules/git-semver-tags/node_modules/semver node_modules/stylus/node_modules/semver node_modules/vsce/node_modules/semver node_modules/vue-eslint-parser/node_modules/semver node_modules/webpack-cli/node_modules/semver core-js-compat 3.6.0 - 3.25.0 Depends on vulnerable versions of semver node_modules/core-js-compat

semver-regex <=3.1.3 Severity: high semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/semver-regex

tar <6.2.1 Severity: moderate Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36 fix available via npm audit fix node_modules/tar

terser >=5.0.0 <5.14.2 || <4.8.1 Severity: high Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc No fix available node_modules/htmlnano/node_modules/terser node_modules/terser node_modules/terser-webpack-plugin/node_modules/terser

tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 fix available via npm audit fix node_modules/tough-cookie

trim-newlines <3.0.1 Severity: high Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/get-pkg-repo/node_modules/trim-newlines node_modules/git-raw-commits/node_modules/trim-newlines node_modules/git-semver-tags/node_modules/trim-newlines meow 3.4.0 - 5.0.0 Depends on vulnerable versions of trim-newlines node_modules/get-pkg-repo/node_modules/meow node_modules/git-raw-commits/node_modules/meow node_modules/git-semver-tags/node_modules/meow git-semver-tags 1.3.4 - 3.0.1 Depends on vulnerable versions of meow node_modules/git-semver-tags

trim-off-newlines <1.0.3 Severity: moderate Uncontrolled Resource Consumption in trim-off-newlines - https://github.com/advisories/GHSA-38fc-wpqx-33j7 fix available via npm audit fix node_modules/trim-off-newlines

106 vulnerabilities (60 moderate, 42 high, 4 critical)

To address issues that do not require attention, run: npm audit fix

To address all issues possible (including breaking changes), run: npm audit fix --force

Some issues need review, and may require choosing a different dependency.

[kibertoad]

thanks a lot!