search

ZJONSSON / node-etl

npm install etl
233 stars 49 forks source link

Old version of csv-parser@1.8.1 has a dependency to "minimist": "^0.2.0" with a prototype pollution vulnerability #115

Open enaukkarinen opened 3 years ago

enaukkarinen commented 3 years ago

Could csv-parser dependency be updated to 3.0.0 to get rid of this vulnerability?

Thanks

montumodi commented 3 years ago

@ZJONSSON , @jbreckman - Any thoughts on this?