Bump tsconfig-paths dependency version to fix CVE-2022-46175
#2634
Comments
|
json5 v1.0.2 has already been updated with this fix, and either way, it's not a valid vulnerability. As is the case with almost every JS CVE, the best course of action is to do nothing until the ecosystem fixes it for you. This is a duplicate of #2625; a duplicate of #2628; a duplicate of #2626; a duplicate of #2627; a duplicate of #2631; a duplicate of #2632. Please stop filing issues about a vulnerability on "not the vulnerable package", it doesn't help. |
This was referenced Jan 2, 2023
This was referenced Jan 10, 2023
Closed
This was referenced Feb 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
eslint-plugin-import depends on tsconfig-paths that depends on json5 2.2.1 which is susceptible to CVE-2022-46175.
Once that tsconfig-paths releases a fix (see discussion here), eslint-plugin-import should update its
tsconfig-pathsdependency to this new version to correct the vulnerability.The text was updated successfully, but these errors were encountered: