tslint-to-eslint-config >=2.0.0 Depends on vulnerable versions of json5
theengineer0101 opened this issue Β· comments
theengineer0101 commented
π Bug Report
tslint-to-eslint-config
version: 2.13.3
Actual Behavior
It is flagged as Severity: high vulnerabilities in audit
Prototype Pollution in JSON5 via Parse Method - GHSA-9c47-m6qq-7p4h
Expected Behavior
Please update the current package dependence json5 package to json5@2.2.2, which is the patch version
Reproduction
Please run 'npm audit' on the latest npm package version.
Josh Goldberg β¨ commented
π published tslint-to-eslint-config@2.13.4
. Thanks for the report!
(the project's source had been upgraded to the newer version in #1652, just not released yet)