You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
No, it doesn't. The latest version of json5 v1 and v2 both fix the problem, which never actually applied to us in the first place.
YOU need to update json5 in your own lockfiles if you want to avoid being notified by tooling.
Nope, because v4 drops support for engines that we support, so we can't ever upgrade past v3. Also, i'm not sure what vulnerabilities you mean; json5's vulnerability was fixed in v1 so it shouldn't be a problem.
Duplicate of #2447. Duplicate of #2660. Duplicate of #2625; a duplicate of #2628; a duplicate of #2626; a duplicate of #2627; a duplicate of #2631; a duplicate of #2632; a duplicate of #2634; a duplicate of #2635; a duplicate of #2636; a duplicate of #2637; a duplicate of #2639; a duplicate of #2642; a duplicate of #2643; a duplicate of #2649; a duplicate of #2655. Duplicate of #2888.
This project is currently using an older version of the json5 package, which includes [email protected] and has a vulnerability issue (CVE-2021-44906). For more details, you can refer to: https://avd.aquasec.com/nvd/2021/cve-2021-44906/
Please consider upgrading the json5 package to address this issue. You can find the latest version and release information at: https://github.com/json5/json5/blob/de344f0619bda1465a6e25c76f1c0c3dda8108d9/CHANGELOG.md?plain=1#L28
The text was updated successfully, but these errors were encountered: