fix(security): upgrade i18next-http-backend 2.5.2→3.0.6 (path traversal CVE)

Fixes GHSA-q89c-q3h5-w34g: path traversal & URL injection via unsanitised lng/ns parameters. Remaining open issues are all in devDependencies (commitizen/lodash/tmp) or dev-server-only tools (esbuild/vite), with no runtime impact on the production build. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 16:17:08 -04:00
parent ce2e0ef203
commit 0ef8dc9baf
2 changed files with 16 additions and 14 deletions
@@ -93,7 +93,7 @@
    "html-react-parser": "4.2.0",
    "i18next": "23.12.2",
    "i18next-browser-languagedetector": "8.0.0",
-    "i18next-http-backend": "2.5.2",
+    "i18next-http-backend": "3.0.6",
    "immer": "9.0.16",
    "is-hotkey": "0.2.0",
    "jotai": "2.6.0",