vue-i18n-extensions
Advanced tools
vue-i18n-extensions - npm Package Compare versions
Comparing version 0.2.0 to 0.2.1
@@ -0,1 +1,11 @@ | ||
| <a name="0.2.1"></a> | ||
| ## [0.2.1](https://github.com/kazupon/vue-i18n-extensions/compare/v0.2.0...v0.2.1) (2019-03-12) | ||
| ### :lock: Security Fixes | ||
| * **util:** XSS vulnerability ([5f00336](https://github.com/kazupon/vue-i18n-extensions/commit/5f00336)) | ||
| <a name="0.2.0"></a> | ||
@@ -2,0 +12,0 @@ # [0.2.0](https://github.com/kazupon/vue-i18n-extensions/compare/v0.1.0...v0.2.0) (2018-08-11) |
| { | ||
| "name": "vue-i18n-extensions", | ||
| "description": "vue-i18n extensions", | ||
| "version": "0.2.0", | ||
| "version": "0.2.1", | ||
| "author": { | ||
@@ -13,7 +13,6 @@ "name": "kazuya kawaguchi", | ||
| "dependencies": { | ||
| "vm2": "^3.5.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@vue/server-test-utils": "^1.0.0-beta.21", | ||
| "@vue/test-utils": "^1.0.0-beta.21", | ||
| "@vue/server-test-utils": "^1.0.0-beta.29", | ||
| "@vue/test-utils": "^1.0.0-beta.29", | ||
| "babel-eslint": "^8.2.5", | ||
@@ -27,7 +26,7 @@ "conventional-changelog-cli": "^1.2.0", | ||
| "jest-serializer-vue": "^2.0.2", | ||
| "vue": "^2.4.2", | ||
| "vue-i18n": "^8.0.0", | ||
| "vue": "^2.6.8", | ||
| "vue-i18n": "^8.9.0", | ||
| "vue-jest": "^2.6.0", | ||
| "vue-server-renderer": "^2.4.2", | ||
| "vue-template-compiler": "^2.4.2" | ||
| "vue-server-renderer": "^2.6.8", | ||
| "vue-template-compiler": "^2.6.8" | ||
| }, | ||
@@ -34,0 +33,0 @@ "engines": { |
@@ -5,2 +5,3 @@ # :globe_with_meridians: vue-i18n-extensions | ||
| [](https://www.npmjs.com/package/vue-i18n-extensions) | ||
| [](https://devtoken.rocks/package/vue-i18n-extensions) | ||
@@ -7,0 +8,0 @@ > Extensions for vue-i18n |
@@ -47,3 +47,3 @@ const { | ||
| if (status === 'ng') { | ||
| warn('pre-localization with v-t support only static params') | ||
| warn('not support params in pre-localization') | ||
| return | ||
@@ -50,0 +50,0 @@ } |
@@ -1,5 +0,8 @@ | ||
| const { VM } = require('vm2') | ||
| const stringRE = /'(?:[^'\\]|\\.)*'|"(?:[^"\\]|\\.)*"|`(?:[^`\\]|\\.)*\$\{|\}(?:[^`\\]|\\.)*`|`(?:[^`\\]|\\.)*`/g | ||
| const ecmaKeywordsRE = new RegExp('\\b' + ( | ||
| 'delete,typeof,instanceof,void,do,if,for,let,new,try,var,case,else,with,await,break,catch,class,const,' + | ||
| 'alert,eval,super,throw,while,yield,delete,export,import,return,switch,default,' + | ||
| 'extends,finally,continue,debugger,function,arguments' | ||
| ).split(',').join('\\b|\\b') + '\\b') | ||
| const vm = new VM() | ||
| function warn (msg, err) { | ||
@@ -43,7 +46,12 @@ if (typeof console !== 'undefined') { | ||
| const ret = { status: 'ng', value: undefined } | ||
| if (expression.match(ecmaKeywordsRE)) { return ret } | ||
| if (!expression.match(stringRE)) { return ret } | ||
| try { | ||
| const val = vm.run(`(new Function('return ' + ${JSON.stringify(expression)}))()`) | ||
| const val = (new Function(`return ${expression}`))() | ||
| ret.status = 'ok' | ||
| ret.value = val | ||
| } catch (e) { } | ||
| return ret | ||
@@ -50,0 +58,0 @@ } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by7.4%
12094
- Dependency count
- decreased by-100%
0
- Lines of code
- increased by4.55%
138
- Number of lines in readme file
- increased by0.69%
146
- Number of low supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-100%
0
Dependency changes
- Removedvm2@^3.5.0
- Removedacorn@8.14.0(transitive)
- Removedacorn-walk@8.3.4(transitive)
- Removedvm2@3.9.19(transitive)