eslint icon indicating copy to clipboard operation
eslint copied to clipboard

Published 20 hours ago verified publisher icon nuxt

Vulnerability to track resulting from eslint-plugin-import dependency

Open silverbackdan opened this issue 2 years ago • 2 comments

In case there is a major semver in the eslint-plugin-import I wanted to raise this so we can track the progress and ensure that this dependency vulnerability is resolved.

See: https://github.com/import-js/eslint-plugin-import/issues/2632

The result is that we are using a version of json5 with a high vulnerability. <2.2.2

silverbackdan avatar Dec 31 '22 11:12 silverbackdan

For now overrides will resolve this in anybody's package.json:

"overrides": {
    "@nuxtjs/eslint-config-typescript": {
      "@nuxtjs/eslint-config": {
        "eslint-plugin-import": {
          "tsconfig-paths": {
            "json5": "^2.2.2"
          }
        }
      }
    }
  }

silverbackdan avatar Dec 31 '22 11:12 silverbackdan

Is it still relevant with the new @nuxt/eslint-config ?

atinux avatar Jan 16 '23 10:01 atinux