Skip to content

Bump json5 from 2.2.0 to 2.2.3#6

Merged
valbeat merged 1 commit intomainfrom
dependabot/npm_and_yarn/json5-2.2.3
Apr 17, 2026
Merged

Bump json5 from 2.2.0 to 2.2.3#6
valbeat merged 1 commit intomainfrom
dependabot/npm_and_yarn/json5-2.2.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jan 7, 2023
edited
Loading

Bumps json5 from 2.2.0 to 2.2.3.

Release notes

Sourced from json5's releases.

v2.2.3

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jan 7, 2023
@valbeat
Copy link
Copy Markdown
Member

valbeat commented Apr 1, 2026

Automated Dependency Update Review

Summary

  • Package: json5
  • Version Change: 2.2.0 → 2.2.3
  • Update Type: patch

Decision

This update has been reviewed and approved for auto-merge.

Reviewed by Claude Code

valbeat
valbeat approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@valbeat valbeat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - automated review by Claude

@valbeat
Copy link
Copy Markdown
Member

valbeat commented Apr 15, 2026

@dependabot rebase

@dependabot
Bump json5 from 2.2.0 to 2.2.3
c4bc3bc 
Bumps [json5](https://github.com/json5/json5) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.2.0...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/json5-2.2.3 branch from a7f4de0 to c4bc3bc Compare April 15, 2026 19:12
valbeat
valbeat approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@valbeat valbeat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - automated review by Claude

@valbeat valbeat merged commit 875698b into main Apr 17, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/json5-2.2.3 branch April 17, 2026 05:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valbeat valbeat valbeat approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@valbeat