Minimist vulnerability CVE-2021-44906

[IronGeek]

Please bump tsconfig-paths dependencies.

minimist <=v1.2.5 brings in security vulnerability which affect all packages that depends on tsconfig-paths, including the json5 package also used in this package.

json5 already addresses this minimist issue in their latest version v2.2.1.
As for minimist it self, based on discussion here a migration to an alternative package or other up-to-date fork maybe needed.

[IronGeek]

minimist has released new version to address the security issue.
So I guess the only thing left todo is just bumping the minimist version in tsconfig-paths to v1.2.6

[F3n67u]

this issue is already fixed by #197

[jon-shipley]

I am waiting on the the [email protected] dependency to be updated. As the original comment says, the latest json5 version is v2.2.1

If there is a work-around please do let me know.

[lightzane]

@F3n67u it seems that the issue did not actually got fixed by #197
Upon checking npm ls json5, the [email protected] is still depending on [email protected]

[IronGeek]

I'm closing this since all the problematic dependencies have been updated in v4.
Related PR: #197, #198