tsconfig-paths update from 3.14.1 to 4.1.2 to resolve json5 vulnerability

[edwardlee-msft]

eslint-plugin-import/package.json

Line 117 in 6304ddc

"tsconfig-paths": "^3.14.1"

Hi team,

Can you please update tsconfig-paths from 3.14.1 to 4.1.2 to resolve a vulnerability with its json5 dependency?

We were notified of a dependabot issue with json5 and were recommended to update it to 2.2.2.

The package tsconfig-paths is dependant on json5 and is used in esling-plugin-import. Their latest 4.1.2 version updates their json5 dependency.

Thanks,
-Edward

[edwardlee-msft]

I can see that the vulnerability fix was backported to json5 v1.0.2. Closing issue as tsconfig-paths uses 1.0.2

[ljharb]

In addition, this isn't a valid vulnerability for this plugin in the first place.

This is a duplicate of #2625; a duplicate of #2628; a duplicate of #2626; a duplicate of #2627; a duplicate of #2631; a duplicate of #2632; a duplicate of #2634; a duplicate of #2635; a duplicate of #2636; a duplicate of #2637; a duplicate of #2639; a duplicate of #2642; a duplicate of #2643; a duplicate of #2649.