Skip to content

Uprev fast-csv to latest version which does not use unsafe eval #873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 7, 2019
Merged

Uprev fast-csv to latest version which does not use unsafe eval #873

merged 5 commits into from
Oct 7, 2019

Conversation

miketownsend
Copy link
Contributor

fast-csv@2.4.1 uses a dependency https://www.npmjs.com/package/extended which uses an unsafe eval.

If we update fast-csv@3.0.1 to the latest version, which has lodash as it's only dependency it should solve this issue: #713

@miketownsend miketownsend reopened this Jun 24, 2019
@miketownsend
Copy link
Contributor Author

@guyonroche - any ideas about this?

>> Uglifying source ./dist/exceljs.js failed.
Warning: Uglification failed.
Unexpected token: keyword «const».
Line 43131 in ./dist/exceljs.js
 Use --force to continue.

The fast-csv module and dependencies are still using "const" which is causing the uglification to fail.

I'm not sure why that one module would not be handled by babel in the same way as the other files. Am I missing something obvious here?

@paoesco
Copy link

paoesco commented Oct 1, 2019

Answer is here : https://davidburgos.blog/how-to-fix-grunt-contrib-uglify-for-es6/

grunt uglify master does not support (yet?) es6 so we need to use the branch harmony.

@paoesco
Copy link

paoesco commented Oct 2, 2019 

  1 failing
  1) Workbook
       Serialise
         csv file:
     TypeError: csv.createWriteStream is not a function
      at /home/travis/build/exceljs/exceljs/lib/csv/csv.js:96:29
      at new Promise (<anonymous>)
      at module.exports.write (lib/csv/csv.js:88:12)
      at module.exports.writeFile (lib/csv/csv.js:156:17)
      at Context.<anonymous> (spec/integration/workbook/workbook.spec.js:451:10)
      at processImmediate (internal/timers.js:439:21)

I guess it's because fast csv has been updated and so certainly we need to change some calls

@alubbe
Copy link
Member

alubbe commented Oct 7, 2019

Looks good

@alubbe alubbe merged commit dbcece7 into exceljs:master Oct 7, 2019
@miketownsend miketownsend deleted the fix-unsafe-eval branch October 7, 2019 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alubbe alubbe alubbe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@miketownsend @paoesco @alubbe @guyonroche
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy