search

tleunen / eslint-import-resolver-babel-module

Custom eslint resolve for babel-plugin-module-resolver
https://github.com/tleunen/babel-plugin-module-resolver
MIT License
248 stars 31 forks source link

Prototype Pollution in JSON5 via Parse Method #121

Closed pedroresende closed 1 year ago

pedroresende commented 1 year ago

Please update babel-plugin-module-resolver to version 5.0.0 in order to address the Prototype Pollution in JSON5 via Parse Method

nchevsky commented 1 year ago

@tleunen Could we please get a new release that depends on the latest babel-plugin-module-resolver v5.0.0? 🙏🏻 This is the last dependency we need updated to finally stop all reliance on vulnerable versions of JSON5.

tleunen commented 1 year ago

Released :) Thanks!

dlong500 commented 1 year ago

@tleunen Is this dependency update going to make this module incompatible with versions of nodejs earlier than 16.x? Version 5.0.0 of babel-plugin-module-resolver has a breaking change dropping support for earlier versions of nodejs.

tleunen commented 1 year ago

For this plugin, nope because we still build it with node10 in the babel config, but the babel plugin is not guaranteed to work properly as it has node 16 in its config. The breaking change is mostly that the minimum tested/built version is now 16.x