Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade csv-parse from 1.2.3 to 4.4.6 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade csv-parse from 1.2.3 to 4.4.6 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSVPARSE-467403		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: csv-parse The new version differs by 235 commits.
  • fe3fe58 Bump to version 4.4.6
  • b9d3594 security: remove regexp vulnerable to DOS in cast option, npm report 69742
  • 76d96e1 Bump to version 4.4.5
  • fecf171 ts: add buffer as allowed type for input, fix #248
  • 9c53199 fix: add buffer as allowed type for input
  • 53ff6e7 Bump to version 4.4.4
  • 7693582 package: latest dependencies
  • 620125e fix: Detecting BOM when data is not enough
  • c28279e package: update file path
  • 30c11a2 Bump to version 4.4.3
  • 5bd4cab package: fix files declaration #240
  • 858c38a Bump to version 4.4.2
  • 5e7ea6c changelog: add parsing for BOM character
  • 713e95f ts: add sync definition
  • 8cedaef Added test
  • e003c1d Fix bom constant
  • 8cea3bc Fix parsing for BOM character
  • 8a817e4 package: replace npm ignore with file field
  • d7d4ae7 Bump to version 4.4.1
  • ce920d4 columns: allows returning an array of string, undefined, null or false
  • ebb12ca ts: Options.columns allows returning an array of string, undefined, null or false
  • a3eaaf7 package: coffee lint
  • 5d5d579 max_record_size: new sample
  • e0ce079 bom: test false value

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot