Bump JSON5 dependency to 2.2.2 to fix CVE-2022-46175 (#232)

oparisblue · web-flow · commit 9721a98718c9 · 2023-01-02T00:28:20.000+01:00
* bump JSON5 dependency to 2.2.2 to fix CVE-2022-46175 * bump version to v.1.2 * Revert "bump version to v.1.2" This reverts commit 1603bab.
diff --git a/package.json b/package.json
@@ -41,7 +41,7 @@
     "typescript": "^4.5.2"
   },
   "dependencies": {
-    "json5": "^2.2.1",
+    "json5": "^2.2.2",
     "minimist": "^1.2.6",
     "strip-bom": "^3.0.0"
   },
diff --git a/yarn.lock b/yarn.lock
@@ -2848,10 +2848,10 @@ json5@^1.0.1:
   dependencies:
     minimist "^1.2.0"
 
-json5@^2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
-  integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==
+json5@^2.2.2:
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.2.tgz#64471c5bdcc564c18f7c1d4df2e2297f2457c5ab"
+  integrity sha512-46Tk9JiOL2z7ytNQWFLpj99RZkVgeHf87yGQKsIkaPz1qSH9UczKH1rO7K3wgRselo0tYMUNfecYpm/p1vC7tQ==
 
 kleur@^3.0.3:
   version "3.0.3"
