[Snyk] Security upgrade json-2-csv from 2.4.0 to 3.15.0 - Githubissues

DemocracyOS / democracyos

Democracia en Red is focusing on specific implementations of DemocracyOS. We are working now working with governments and activists all over Latin America. If you are interested in our online participation tools you can check them out on our site.

https://democraciaos.org/en/

GNU General Public License v3.0

1.77k stars 616 forks source link

[Snyk] Security upgrade json-2-csv from 2.4.0 to 3.15.0 #1692

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	CSV Injection SNYK-JS-JSON2CSV-1932013	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: json-2-csv

The new version differs by 125 commits.

e65ebb0 chore(release): 3.15.0
fcb1025 Add parseValue to type definitions (#213)
628cc3e npm audit fix; eslint upgrades (#212)
1d7a947 Prevent CSV Injection (#210)
b7615ce chore(release): 3.14.4
9136808 chore(deps): Update doc-path, deeks
1322059 chore(release): 3.14.3
a5a9b0b chore: npm audit fix
d754925 Fix 203 (#204)
523cf3a Update doc-path to fix negative lookbehind regexp. (#199)
bf4dd22 chore(release): 3.14.0 (#195)
2183282 chore(release): 3.13.0 (#191)
583dc6c Merge branch 'peacechen-stable' into stable
2048bde restore spacing due to VSCode auto formatting
f3f27cb TS definition: Add wrapBooleans to ISharedOptions
042008b chore(release): 3.12.0; Update to Node 12+ (#187)
5ebb32a Add logic to wrap booleans when specified. (#189)
e72fa24 Validate field titles against Object.keys list (#186)
72688ef npm audit fix, release 3.11.1 (#181)
540b000 chore(release): 3.11.0
cc31fef Add optional value parser (#179)
195fd53 chore(release): 3.10.3
a896781 chore(deps): bump y18n from 4.0.0 to 4.0.1 (#178)
6c64bd8 Update doc-path

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic