Bump tsconfig-paths dependency to 4.1.2 to fix high severity vulnerability #2635
Comments
|
Found there was already a lot of discussion here on this: #2447 Will wait for github/advisory-database#1541 to get merged |
|
Indeed, json5 v1.0.2 has already been updated with this fix, and either way, it's not a valid vulnerability. As is the case with almost every JS CVE, the best course of action is to do nothing until the ecosystem fixes it for you. This is a duplicate of #2625; a duplicate of #2628; a duplicate of #2626; a duplicate of #2627; a duplicate of #2631; a duplicate of #2632; a duplicate of #2634. Please stop filing issues about a vulnerability on "not the vulnerable package", it doesn't help. |
This was referenced Jan 2, 2023
This was referenced Jan 10, 2023
Closed
This was referenced Feb 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
json5 high severity vulnerability described here GHSA-9c47-m6qq-7p4h
tsconfig-paths has updated their dependency here dividab/tsconfig-paths#232
Requesting a new eslint-plugin-import version that updates the tsconfig-paths dependency to v4.1.2
The text was updated successfully, but these errors were encountered: