lodash has had an issue with prototype pollution. vue-json-csv should update its dependencies to not use the affected versions, otherwise users will potentially be exposed to severe vulnerabilities when using the package.
While vue-json-csv is slightly more convenient, I was able to replace vulnerable vue-json-csv completely by using json-2-csv and techniques in this post:
<v-btn prepend-icon="mdi-download" @click="downloadFile"></v-btn>
import * as converter from "json-2-csv";
function downloadFile() {
// downloadableJSON: Record<string, string | number>[]
const csv = converter.json2csv(downloadableJSON);
const anchor = document.createElement("a");
anchor.href = "data:text/csv;charset=utf-8," + encodeURIComponent(csv);
anchor.target = "_blank";
anchor.download = "resultsData.csv";
anchor.click();
}
lodashhas had an issue withprototype pollution.vue-json-csvshould update itsdependenciesto not use the affected versions, otherwise users will potentially be exposed to severe vulnerabilities when using the package.While
vue-json-csvis slightly more convenient, I was able to replace vulnerablevue-json-csvcompletely by usingjson-2-csvand techniques in this post: