From 8044d72c6ac80c4706c105909bd5ccf8f8b9e2df Mon Sep 17 00:00:00 2001
From: Sylvain <sylvain@sleede.com>
Date: Tue, 28 Mar 2023 12:51:53 +0200
Subject: [PATCH] (security) updated json5

---
 CHANGELOG.md | 1 +
 yarn.lock    | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 940fcd16c..342e0165f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@
 - Updated the invoices chaining method with a more flexible model
 - Fix a bug: broken display after a plan category was deleted
 - [TODO DEPLOY] `rails fablab:restore_order_number` THEN `rails fablab:fix_references`
+- Fix a security issue: updated json5 to 2.2.2 to fix [CVE-2022-46175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46175)
 
 ## v5.9.1 2023 March 22
 
diff --git a/yarn.lock b/yarn.lock
index c0abcb7e3..ce37f0d1e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7572,9 +7572,9 @@ json5@^1.0.1:
     minimist "^1.2.0"
 
 json5@^2.1.2, json5@^2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
-  integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
+  integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==
 
 "jsx-ast-utils@^2.4.1 || ^3.0.0":
   version "3.2.0"