@jordanbtucker would appreciate a 1.0.2 release to npm -- I think the NodeJS 4 error can be ignored as I used git cherry-pick and didn't want to change the code otherwise 🙂

Thanks for this. Technically v2 has slightly more downloads than v1 when you combine all v2 versions, but I agree that it would be good to backport this to v1.

I'm going to merge this even though the Node v4 build is failing. I've also tested these changes with newer versions of Node and the tests pass.

Thanks for the quick turnaround, @jordanbtucker! Is it possible for you to tag and pushing 1.0.2 to npm? 🙂

Need to make a few more changes. The tests are failing on my machine so I can't publish due to the npm scripts. I'll try to get it published tomorrow.

Thanks for being so responsive even in the holiday season, @jordanbtucker! Wish you a happy new year in advance 🎉

Thanks in advance for publishing this backport! It really helps transitive upstream maintainers <3

Thanks for backporting!

@jordanbtucker heads up that if this is failing on node 4, publishing this will be a breaking change for eslint-plugin-import.

(However, if it's just rollup breaking in node 4, then it should work fine, and a good fix for CI would be doing the build in one stage on latest node, and the tests in all the nodes on another stage)

@ljharb Thanks for the info. There should be no breaking changes in the production code, although some of the dev dependencies aren't very happy right now. I'm going to test with Node v4 before publishing to make sure!

May i know if it is published or not? any ETA. @jordanbtucker @ashkulz

v1.0.2 has been published 🚀

I suggested a change to the GitHub Advisory:

• [GHSA-9c47-m6qq-7p4h] Prototype Pollution in JSON5 via Parse Method github/advisory-database#1540