[vscode-go] package-lock.json: update json5 to v2.2.3

180 views
Skip to first unread message

Hyang-Ah Hana Kim (Gerrit)

unread,
Jan 3, 2023, 10:55:34 PM1/3/23
to Hyang-Ah Hana Kim, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, kokoro, Jamal Carvalho, golang-co...@googlegroups.com

Hyang-Ah Hana Kim submitted this change.

View Change



1 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.

Approvals: Hyang-Ah Hana Kim: Run TryBots kokoro: TryBots succeeded Jamal Carvalho: Looks good to me, approved 
package-lock.json: update json5 to v2.2.3

This is dev dependency.

CVE-2022-46175

$ npm audit

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

1 high severity vulnerability

$ npm ls json5
g...@0.38.0-dev /Users/hakim/projects/vscode-go
└─┬ g...@4.0.0
  └── js...@2.2.0

Change-Id: I5398807b0070fb25baf30fd0c809f20d3b21501d
Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/459565
Run-TryBot: Hyang-Ah Hana Kim <hya...@gmail.com>
Reviewed-by: Jamal Carvalho <ja...@golang.org>
TryBot-Result: kokoro <noreply...@google.com>
---
M package-lock.json
1 file changed, 39 insertions(+), 13 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 733e3c3..70b31ee 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2552,13 +2552,10 @@
       "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
     },
     "node_modules/json5": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz",
-      "integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==",
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
       "dev": true,
-      "dependencies": {
-        "minimist": "^1.2.5"
-      },
       "bin": {
         "json5": "lib/cli.js"
       },
@@ -6339,13 +6336,10 @@
       "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
     },
     "json5": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz",
-      "integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==",
-      "dev": true,
-      "requires": {
-        "minimist": "^1.2.5"
-      }
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
+      "dev": true
     },
     "jsonfile": {
       "version": "6.1.0",

To view, visit change 459565. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: vscode-go
Gerrit-Branch: master
Gerrit-Change-Id: I5398807b0070fb25baf30fd0c809f20d3b21501d
Gerrit-Change-Number: 459565
Gerrit-PatchSet: 5
Gerrit-Owner: Hyang-Ah Hana Kim <hya...@gmail.com>
Gerrit-Reviewer: Hyang-Ah Hana Kim <hya...@gmail.com>
Gerrit-Reviewer: Jamal Carvalho <ja...@golang.org>
Gerrit-Reviewer: kokoro <noreply...@google.com>
Gerrit-MessageType: merged
Reply all
Reply to author
Forward
0 new messages