-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Prototype Pollution in JSON5 via Parse Method #2628
Comments
Thanks for all the info Jordan.
Sorry to waste your time, I did hunt using json5 and looked through the
issues & PRs for a few months. Will dig deeper next time
Cheers Annette
Annette Drapalski
Software Engineer
QANTAS HOTELS - QANTAS LOYALTY
E. ***@***.*** ***@***.***>
I *acknowledge the Traditional Owners and Custodians of the land on which I
live and work -* the Gundungurra Clan* - and pay my respect to Elders past,
present and emerging.*
[image: Qantas Hotels]
Powering qantas.com/hotels <https://www.qantas.com/hotels>and
jetstar.com/hotels <https://www.jetstar.com/hotels>
*We work flexibly at Qantas Loyalty. If you receive an email from me
outside of normal business hours, I'm sending it at a time that suits me.
Unless it's urgent, I'm not expecting you to read or reply until normal
business hours.*
This e-mail is intended only to be read or used by the addressee. It is
confidential and may contain legally privileged information. If you are not
the addressee indicated in this message (or responsible for delivery of the
message to such person), you may not copy or deliver this message to
anyone, and you should destroy this message and kindly notify the sender by
reply e-mail. Confidentiality and legal privilege are not waived or lost by
reason of mistaken delivery to you.
…On Fri, 30 Dec 2022 at 18:39, Jordan Harband ***@***.***> wrote:
Closed #2628
<https://urldefense.com/v3/__https://github.com/import-js/eslint-plugin-import/issues/2628__;!!PUxuPyJo!3vKcU_9Hu_agHQU2PCw7zDFd8V_1aKFg974dcMAs8otSOCiz97cWHVRj81g77rqY4blaSJNUPhGOAb930L2R5VyQ_O7hAXqJsr8$>
as not planned.
—
Reply to this email directly, view it on GitHub
<https://urldefense.com/v3/__https://github.com/import-js/eslint-plugin-import/issues/2628*event-8129340989__;Iw!!PUxuPyJo!3vKcU_9Hu_agHQU2PCw7zDFd8V_1aKFg974dcMAs8otSOCiz97cWHVRj81g77rqY4blaSJNUPhGOAb930L2R5VyQ_O7hYpI9ess$>,
or unsubscribe
<https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AFHZ76TQMZUYTNMB4ULMEYLWP2GT5ANCNFSM6AAAAAATMV6NZ4__;!!PUxuPyJo!3vKcU_9Hu_agHQU2PCw7zDFd8V_1aKFg974dcMAs8otSOCiz97cWHVRj81g77rqY4blaSJNUPhGOAb930L2R5VyQ_O7hkOy4mK0$>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
com>
|
json5 v1.0.2 is published, so update your lockfiles and you're all set. No need to do anything. |
This was referenced Dec 31, 2022
Closed
This was referenced Jan 10, 2023
Closed
This was referenced Feb 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could be bump the tsconfig-paths version to fix the json5 vulnerability please
https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856
The text was updated successfully, but these errors were encountered: