Closed pedroresende closed 1 year ago
@tleunen Could we please get a new release that depends on the latest babel-plugin-module-resolver v5.0.0
? 🙏🏻 This is the last dependency we need updated to finally stop all reliance on vulnerable versions of JSON5.
Released :) Thanks!
@tleunen Is this dependency update going to make this module incompatible with versions of nodejs earlier than 16.x? Version 5.0.0 of babel-plugin-module-resolver
has a breaking change dropping support for earlier versions of nodejs.
For this plugin, nope because we still build it with node10 in the babel config, but the babel plugin is not guaranteed to work properly as it has node 16 in its config. The breaking change is mostly that the minimum tested/built version is now 16.x
Please update babel-plugin-module-resolver to version 5.0.0 in order to address the Prototype Pollution in JSON5 via Parse Method