-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Package is dependent on vulnerable versions of json5 #2642
Comments
json5 v1.0.2 has already been updated with this fix, and either way, it's not a valid vulnerability for eslint-plugin-import. As is the case with almost every JS CVE, the best course of action is to do nothing until the ecosystem fixes it for you. This is a duplicate of #2625; a duplicate of #2628; a duplicate of #2626; a duplicate of #2627; a duplicate of #2631; a duplicate of #2632; a duplicate of #2634; a duplicate of #2635; a duplicate of #2636; a duplicate of #2637; a duplicate of #2639. Please stop filing issues about a vulnerability on "not the vulnerable package", it doesn't help. |
According to yarn audit:
tsconfig-paths had a dependency with JSON5 which was recently updated. I suggest that the version of this library is updated in order to avoid this vulnerability.
The text was updated successfully, but these errors were encountered: