IronGeek
commented
2 years ago minimist has released new version to address the security issue.
So I guess the only thing left todo is just bumping the minimist version in tsconfig-paths to v1.2.6
Closed IronGeek closed 2 years ago
IronGeek
commented
2 years ago minimist has released new version to address the security issue.
So I guess the only thing left todo is just bumping the minimist version in tsconfig-paths to v1.2.6
F3n67u
commented
2 years ago this issue is already fixed by https://github.com/dividab/tsconfig-paths/pull/197
jon-shipley
commented
2 years ago I am waiting on the the json5@1.0.1 dependency to be updated. As the original comment says, the latest json5 version is v2.2.1
If there is a work-around please do let me know.
lightzane
commented
2 years ago @F3n67u it seems that the issue did not actually got fixed by #197
Upon checking npm ls json5, the tsconfig-paths@3.14.1 is still depending on json5@1.0.1
IronGeek
commented
2 years ago I'm closing this since all the problematic dependencies have been updated in v4. Related PR: #197, #198
Please bump
tsconfig-pathsdependencies.minimist <=v1.2.5brings in security vulnerability which affect all packages that depends ontsconfig-paths, including thejson5package also used in this package.json5already addresses thisminimistissue in their latest version v2.2.1. As forminimistit self, based on discussion here a migration to an alternative package or other up-to-date fork maybe needed.