Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability issue #270

Closed
chirag-rakholiya opened this issue Apr 6, 2022 · 1 comment
Closed

Security Vulnerability issue #270

chirag-rakholiya opened this issue Apr 6, 2022 · 1 comment
Assignees
@jordanbtucker
Labels
question ❓

Comments

@chirag-rakholiya
Copy link

As we are using JSON5 , we have analyze that there is one of dependency of the json5 named as "minimist@1.2.5" having security vulnerability issue . the latest version of "json5 @2.2.1" and "json5@2.2.0" used the same dependency which causing the security vulnerability issue.

for more information :- https://snyk.io/test/npm/minimist/1.2.5

is there any way to resolve this issue ?
@jordanbtucker jordanbtucker self-assigned this Apr 6, 2022
@jordanbtucker
Copy link
Member

Thanks for asking about this. json5 has zero production dependencies. This was fixed in #267 and released in v2.2.1. If json5 is being flagged as having minimist as a dependency, then it is a dev dependency only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jordanbtucker jordanbtucker

Labels
question ❓
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jordanbtucker @chirag-rakholiya