Update json5 to 2.2.3 to fix vulnerabilities in v1 of this package

tleunen / find-babel-config

Find the closest babel config based on a directory

MIT License

13 stars 7 forks source link

Update json5 to 2.2.3 to fix vulnerabilities in v1 of this package #71

Closed LucasHill closed 7 months ago

LucasHill commented 7 months ago

This package is heavily used, and unfortunately, over 50% of downloads are still using the 1.2.0 version which has a vulnerability in the version of json5 it is using. This was patched in version 2.0 of this library, but so many people are stuck on 1.2.0 it would be great to release a patch version just removing this critical vulnerability. This commit is based off the 1.2.0 tag.

tleunen commented 7 months ago

Closing as v1 and v2 have been updated