Skip to content

chore(deps-dev): bump json5 from 1.0.1 to 2.2.3#560

Merged
sid88in merged 1 commit into
masterfrom
dependabot/npm_and_yarn/json5-1.0.2
May 22, 2026
Merged

chore(deps-dev): bump json5 from 1.0.1 to 2.2.3#560
sid88in merged 1 commit into
masterfrom
dependabot/npm_and_yarn/json5-1.0.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 20, 2023
edited
Loading

Bumps json5 from 1.0.1 to 2.2.3.

Release notes

Sourced from json5's releases.

v2.2.3

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

v2.2.0

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

  • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
  • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
  • Fix: Spelling mistakes have been fixed. (#196)

v2.1.0

  • New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

v2.0.1

  • Fix: The browser builds in the dist directory support ES5. (#182)

v2.0.0

  • Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

  • New: Support for Unicode 10 has been added.

  • New: The test framework has been migrated from Mocha to Tap.

  • New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

  • Fix: The warning has been made clearer when line and paragraph separators are

... (truncated)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 20, 2023
@AlexHladin
Copy link
Copy Markdown
Collaborator

AlexHladin commented May 22, 2026

@dependabot rebase

@dependabot
chore(deps-dev): bump json5 from 1.0.1 to 2.2.3
f99ae0f 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-version: 1.0.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump json5 from 1.0.1 to 1.0.2 chore(deps-dev): bump json5 from 1.0.1 to 2.2.3 May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/json5-1.0.2 branch from 1507f44 to f99ae0f Compare May 22, 2026 11:29
@sid88in sid88in self-requested a review May 22, 2026 14:33
sid88in
sid88in approved these changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@sid88in sid88in left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@sid88in sid88in merged commit 43c7535 into master May 22, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/json5-1.0.2 branch May 22, 2026 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sid88in sid88in sid88in approved these changes

@AlexHladin AlexHladin AlexHladin approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AlexHladin @sid88in