Skip to content
This repository was archived by the owner on Jul 7, 2025. It is now read-only.

Security - Bump json5 from 1.0.1 to 1.0.2 #59

Closed
kj4ezj wants to merge 1 commit into from
Closed

Security - Bump json5 from 1.0.1 to 1.0.2 #59

kj4ezj wants to merge 1 commit into from

Conversation

@kj4ezj
Copy link

@kj4ezj kj4ezj commented Jan 25, 2023
edited
Loading

This pull request addresses a high severity (7.1/10) security vulnerability, CVE-2022-46175 - Prototype Pollution in JSON5 via Parse Method, that Dependabot identified by updating the json5 dependency.

Bumps json5 from 1.0.1 to 1.0.2.

updated-dependencies:

  • dependency-name: json5 dependency-type: indirect ...

Signed-off-by: dependabot[bot] [email protected]

See Also

@dependabot
Bump json5 from 1.0.1 to 1.0.2
56013a6 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@kj4ezj kj4ezj mentioned this pull request Jan 25, 2023
Merged
@kj4ezj kj4ezj changed the title Bump json5 from 1.0.1 to 1.0.2 Security - Bump json5 from 1.0.1 to 1.0.2 Jan 25, 2023
This was referenced Jan 25, 2023
Closed
Merged
Merged
Merged
Merged
Merged
@tibdex tibdex mentioned this pull request Jan 26, 2023
Merged
@tibdex tibdex closed this in #64 Jan 26, 2023
@kj4ezj kj4ezj deleted the dependabot/npm_and_yarn/json5-1.0.2 branch January 27, 2023 06:17
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kj4ezj