https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37303
Victor Grousset/tuxayo <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] Status|Needs Signoff |Signed Off --- Comment #12 from Victor Grousset/tuxayo <[email protected]> --- It works! :) ---- commit: > It happens because (our version of) po2json are old and no longer maintained, > and just embed them. (In reply to Jonathan Druart from comment #6) > (In reply to Julian Maurice from comment #5) > > Can't we add a "next if $po->fuzzy" in misc/translator/po2json ? It looks > > easier > > Maybe, but I thought it was better to rely on a maintained library and > remove the binary we embedded. About that... The latest version is from 2016 ^^" https://github.com/mikeedwards/po2json/tags And the dates of the alpha version suggest the efforts for the next version have stalled :( That causes worries about the dependencies of po2json https://github.com/mikeedwards/po2json/issues/101 That nomnom dependency was last published 10 years ago and is officially abandoned: https://www.npmjs.com/package/nomnom (still 424 180 Weekly Downloads 💀) And it depends on underscore 1.6.0 which has the security vulnerability mentioned in the po2json ticket. But nomnom seems to be just to parse command line arguments for po2json so it should be okay. Though it shows the need to look at the rest of the dependency tree. That would be bad if malicious translations could be used to remotely execute code at the packaging step. Or on devs machines. Though that's still a worry with the perl po2json. It uses a 2014 version of Locale::PO to read the .po files and a 2011 version of JSON to generate JSON. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
