Need to update dependent package version "tsconfig-paths": "^3.14.1" to "tsconfig-paths": "^4.1.2"

[saunish]

Issue of JSON5 has being fixed by tsconfig-paths and JSON5

Issue is this
Prototype Pollution in JSON5 via Parse Method - GHSA-9c47-m6qq-7p4h

now to fix the issue in eslint-plugin-import.

need to update package dependency of tsconfig-paths from ^3.14.1 to ^4.1.2
Which will resolve vulnerability of JSON5

[LennyLip]

same here

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/eslint-plugin-import/node_modules/json5
  tsconfig-paths  3.5.0 - 3.9.0 || 3.11.0 - 3.14.1
  Depends on vulnerable versions of json5
  node_modules/eslint-plugin-import/node_modules/tsconfig-paths

[ljharb]

json5 v1.0.2 has already been updated with this fix, and either way, it's not a valid vulnerability.

As is the case with almost every JS CVE, the best course of action is to do nothing until the ecosystem fixes it for you.

This is a duplicate of #2625; a duplicate of #2628; a duplicate of #2626; a duplicate of #2627; a duplicate of #2631; a duplicate of #2632; a duplicate of #2634; a duplicate of #2635.

Please stop filing issues about a vulnerability on "not the vulnerable package", it doesn't help.