Update json5 to 2.2.x

[stianjensen]

The new version bundles typescript types.

[airarrazaval]

json5@2.2.0 has a vulnerability inherited by one of its dependencies (minimist).

https://security.snyk.io/vuln/SNYK-JS-MINIMIST-2429795

This must be updated to json5@2.2.1 which removes minimist as dependency. Also update to minimist@1.2.6 which solves this vulnerability si required (see PR #197)

[stianjensen]

Updated

[jonaskello]

Upgrade of json5 from 1.x to 2.x was previously attempted in #158 and then reverted in #173. I'm not sure if we can upgrade to 2.x.

[stianjensen]

Ah! Node 4 has been unsupported for 4 years, so I didn't realize that was still breaking. I guess whenever you're shipping a new major version, then.

[jonaskello]

Let's merge this now when we are doing a new major.

[F3n67u]

This breaking change will potentially block https://github.com/import-js/eslint-plugin-import and https://github.com/alexgorbatchev/eslint-import-resolver-typescript to upgrade to 4..0.0 as far as I know. Those package's minimum nodejs version is v4.

[stianjensen]

This breaking change will potentially block https://github.com/import-js/eslint-plugin-import and https://github.com/alexgorbatchev/eslint-import-resolver-typescript to upgrade to 4..0.0 as far as I know. Those package's minimum nodejs version is v4.

Node 4 has been unsupported for 4(!) years now, so I really hope no one is still using that in production and are also depending on new versions of those packages still supporting it.

eslint itself doesn't support anything below 12 as of version 8, and anyone on old eslint version can also continue using old versions of eslint-plugin-import if they have to.

[F3n67u]

This breaking change will potentially block https://github.com/import-js/eslint-plugin-import and https://github.com/alexgorbatchev/eslint-import-resolver-typescript to upgrade to 4..0.0 as far as I know. Those package's minimum nodejs version is v4.

Node 4 has been unsupported for 4(!) years now, so I really hope no one is still using that in production and are also depending on new versions of those packages still supporting it.

eslint itself doesn't support anything below 12 as of version 8, and anyone on old eslint version can also continue using old versions of eslint-plugin-import if they have to.

I agree with you. I make draft pr to bump tsconfig-paths version to v4 on import-js/eslint-plugin-import#2447 and import-js/eslint-import-resolver-typescript#104 to collect some feedback.

[ljharb]

@stianjensen being unsupported is irrelevant; eslint-plugin-import supports down to eslint 2 (and associated node version) and will continue to do so.