source-map-resolve is deprecated and vulnerable

[elcreator]

https://github.com/lydell/source-map-resolve is deprecated now and contains vulnerable decode-uri-component dependency GHSA-w573-4hg7-7wgq

[JESii]

CVE-2022-38900: I created a PR for source-map-resolve to fix this security issue and and the maintainer refused to apply it:

But – anyway. I find it boring to use my free time to do things with this deprecated package that I don’t like. It might be easy to fix this thing, but in a couple of months there will be some other vulnerability in some other dependency and the cycle repeats. Or someone finds a vulnerability in source-map-resolve itself. Not fun.

So I have a replacement module that resolves the problem https://github.com/jesii/source-map-resolve. It updates decode-uri-component which is where the security issue, using v0.2.2 instead of the vulnerable v0.2.0.

[sebastien46]

So I have a replacement module that resolves the problem https://github.com/jesii/source-map-resolve. It updates decode-uri-component which is where the security issue, using v0.2.2 instead of the vulnerable v0.2.0.

@jonschlinkert could you consider implementing this, or even replace/remove source-map-resolve ?