Consider updating version of "eslint-import-resolver-typescript" in "eslint-config-next"

[DavideBecker]

Verify canary release

• I verified that the issue exists in Next.js canary release

Provide environment information

Operating System:
  Platform: darwin
  Arch: arm64
  Version: Darwin Kernel Version 21.1.0: Wed Oct 13 17:33:01 PDT 2021; root:xnu-8019.41.5~1/RELEASE_ARM64_T6000
Binaries:
  Node: 14.18.2
  npm: 6.14.15
  Yarn: 1.22.17
  pnpm: N/A
Relevant packages:
  next: 12.1.4
  react: 17.0.2
  react-dom: 17.0.2

What browser are you using? (if relevant)

No response

How are you deploying your application? (if relevant)

No response

Describe the Bug

The minimist package has a security vulnerability in versions <=1.2.5.

npm audit reports the following dependency path:

eslint-config-next > eslint-import-resolver-typescript > tsconfig-paths > json5 > minimist

All other packages and their dependencies have updated to a non-vulnerable version of minimist. However, npm audit still reports a vulnerability since eslint-config-next depends on v2.4.0 of eslint-import-resolver-typescript. The dependency has been updated in v2.6.0 (See: import-js/eslint-import-resolver-typescript#98)

Expected Behavior

Update the eslint-import-resolver-typescript dependency in

next.js/packages/eslint-config-next/package.json

Line 16 in 3069d4b

"eslint-import-resolver-typescript": "2.4.0",

from v2.4.0 to v2.6.0

To Reproduce

Install eslint-config-next and run npm audit

[ijjk]

Closing as this should be resolved by #35781

[github-actions]

This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.