JSON5 vulnerability in v7.x of ember-cli-babel

[LucasHillDex]

ember-cli-babel version 7.x is still widely used in the ember community, over 65% of downloads from npm are still on 7.x. There is a vulnerability in JSON5 being brought in from a transitive dependency of this package, that has been updated in ember-cli-babel 8.x. However it is impossible to remove version 7.x from ember projects given ember-source itself still depends on 7.x, along with many other ember community packages. I am hoping a patch version of ember 7.x could be released to remove this vulnerability.

This proposed PR should allow projects to get JSON5 0.5.1 out of their lockfiles https://github.com/emberjs/ember-cli-babel/pull/511

See vulnerability: https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856

The dependency chain bringing in 0.5.1:

    └─┬ ember-cli-babel 7.26.11
      └─┬ babel-plugin-module-resolver 3.2.0
        └─┬ find-babel-config 1.2.0
          └── json5 0.5.1

[LucasHillDex]

@chancancode are you primarily maintaining this repository? Just curious on your thoughts.

[LucasHill]

@chancancode I had to remake the PR under a different user, thanks. https://github.com/emberjs/ember-cli-babel/pull/513

[LucasHill]

find-babel-config got updated so this is no longer an issue.