-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need to update dependent package version "tsconfig-paths": "^3.14.1" to "tsconfig-paths": "^4.1.2" #2636
Comments
same here
|
json5 v1.0.2 has already been updated with this fix, and either way, it's not a valid vulnerability. As is the case with almost every JS CVE, the best course of action is to do nothing until the ecosystem fixes it for you. This is a duplicate of #2625; a duplicate of #2628; a duplicate of #2626; a duplicate of #2627; a duplicate of #2631; a duplicate of #2632; a duplicate of #2634; a duplicate of #2635. Please stop filing issues about a vulnerability on "not the vulnerable package", it doesn't help. |
Issue of JSON5 has being fixed by tsconfig-paths and JSON5
Issue is this
Prototype Pollution in JSON5 via Parse Method - GHSA-9c47-m6qq-7p4h
now to fix the issue in eslint-plugin-import.
need to update package dependency of tsconfig-paths from ^3.14.1 to ^4.1.2
Which will resolve vulnerability of JSON5
The text was updated successfully, but these errors were encountered: