Bump version of csv-parse to ^4.6.3

brianreavis / sifter.js

A library for textually searching arrays and hashes of objects by property (or multiple properties). Designed specifically for autocomplete.

1.09k stars 125 forks source link

Bump version of csv-parse to ^4.6.3 #56

Closed Turbotailz closed 4 years ago

Turbotailz commented 4 years ago

Fixes #55

coveralls commented 4 years ago

Coverage remained the same at 93.467% when pulling 98ea11ff2243b91034f42caf673df31a01e98ad9 on Turbotailz:master into 59990c421bb40c34cef4c01f128a2febfc2da59d on brianreavis:master.

alec-joy commented 4 years ago

@brianreavis Any chance you can take a look at this in the near future?

mattgodbolt commented 4 years ago

+1 to taking a look; a number of upstream packages are stuck until this gets merged. Thanks so much!

Xenology commented 4 years ago

Would like to see this resolved soon!

jessicasalmon commented 4 years ago

+1 to resolving this soon please. Thanks a lot!

Xenology commented 4 years ago

@brianreavis Github is pushing automated notifications on all pull requests now for vulnerabilities like this. Any chance we can see this merged?

leandrocrs commented 4 years ago

I've sent a email message and a tweet to @brianreavis remembering him that PRs are already open. I hope do not bother him 🙃

https://twitter.com/brianreavis

brianreavis commented 4 years ago

Hi all – my apologies on the radio silence. For what it’s worth, this reported vulnerability has no impact on any project using sifter (e.g. selectize). Further, it doesn’t impact the CLI, as we don’t use the cast option. Regardless, that dependency’s now bumped so your scanners should be happier now. It’s updated in 0.5.4 and 0.6.0.

Refs https://github.com/brianreavis/sifter.js/pull/57