Fixed potential path traversal attack and remote code injection

PKSA-hvx3-cvjz-ktb4

Affected package: willdurand/js-translation-bundle

Affected version: <2.1.1

Reported by:
FriendsOfPHP/security-advisories