You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
minimist: v1.2.5 brings in a security vulnerability which is currently has no fix. The following dependency chain makes csv-parser a vulnerable package: csv-parser@3.0.0 › minimist@1.2.5.
Modification Proposal
Request for a security fix to make csv-parser package free from security vulnerabilities. We may shift to using minimist-lite as suggested here / eliminate the usage of minimist by providing a implementation to parse command line args
The text was updated successfully, but these errors were encountered:
We're getting nicked on our corporate security scans, and we don't particularly want to refactor all of our projects to use a different lib, as this one is well made and that's a lot of tech debt to take on.
PR #215 eliminates the dependency entirely, PR #216 upgrades the existing dependency.
Expected Behavior / Situation
N/A
Actual Behavior / Situation
minimist
:v1.2.5
brings in a security vulnerability which is currently has no fix. The following dependency chain makescsv-parser
a vulnerable package: csv-parser@3.0.0 › minimist@1.2.5.Modification Proposal
Request for a security fix to make
csv-parser
package free from security vulnerabilities. We may shift to usingminimist-lite
as suggested here / eliminate the usage ofminimist
by providing a implementation to parse command line argsThe text was updated successfully, but these errors were encountered: