CVE-2022-46175 #153
Description
Describe the issue you're facing
Dashboard affected by a security vulnerability in json5 - CVE-2022-46175
How to fix it?
This can be mitigated by updating json5 package to version 1.0.2, 2.2.2, and later.
Dependent of json5:
$ yarn why json5
yarn why v1.22.17
[1/4] Why do we have the module "json5"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "json5@2.2.0"
info Has been hoisted to "json5"
info Reasons this module exists
- Hoisted from "@babel#core#json5"
- Hoisted from "react-scripts#@pmmmwh#react-refresh-webpack-plugin#loader-utils#json5"
- Hoisted from "react-scripts#@svgr#webpack#loader-utils#json5"
- Hoisted from "react-scripts#file-loader#loader-utils#json5"
- Hoisted from "react-scripts#resolve-url-loader#loader-utils#json5"
- Hoisted from "react-scripts#resolve-url-loader#adjust-sourcemap-loader#loader-utils#json5"
- Hoisted from "react-scripts#workbox-webpack-plugin#workbox-build#@surma#rollup-plugin-off-main-thread#json5"
info Disk size without dependencies: "304KB"
info Disk size with unique dependencies: "408KB"
info Disk size with transitive dependencies: "408KB"
info Number of shared dependencies: 1
=> Found "loader-utils#json5@1.0.1"
info This module exists because "loader-utils" depends on it.
info Disk size without dependencies: "124KB"
info Disk size with unique dependencies: "228KB"
info Disk size with transitive dependencies: "228KB"
info Number of shared dependencies: 1
=> Found "tsconfig-paths#json5@1.0.1"
info This module exists because "react-scripts#eslint-config-react-app#eslint-plugin-import#tsconfig-paths" depends on it.
info Disk size without dependencies: "124KB"
info Disk size with unique dependencies: "228KB"
info Disk size with transitive dependencies: "228KB"
info Number of shared dependencies: 1
Done in 1.36s.