Skip to content

vue-json-csv >=1.2.11 depends on vulnerable version of lodash.pick #544

Description

@wcheek

lodash has had an issue with prototype pollution. vue-json-csv should update its dependencies to not use the affected versions, otherwise users will potentially be exposed to severe vulnerabilities when using the package.

While vue-json-csv is slightly more convenient, I was able to replace vulnerable vue-json-csv completely by using json-2-csv and techniques in this post:

<v-btn prepend-icon="mdi-download" @click="downloadFile"></v-btn>

import * as converter from "json-2-csv";

function downloadFile() {
// downloadableJSON: Record<string, string | number>[]
  const csv = converter.json2csv(downloadableJSON);
  const anchor = document.createElement("a");
  anchor.href = "data:text/csv;charset=utf-8," + encodeURIComponent(csv);
  anchor.target = "_blank";
  anchor.download = "resultsData.csv";
  anchor.click();
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions