Skip to content

chore(deps-dev): bump csv-stringify from 6.4.0 to 6.8.0#6134

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/csv-stringify-6.8.0
Open

chore(deps-dev): bump csv-stringify from 6.4.0 to 6.8.0#6134
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/csv-stringify-6.8.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps csv-stringify from 6.4.0 to 6.8.0.

Changelog

Sourced from csv-stringify's changelog.

6.8.0 (2026-06-14)

Features

  • add unicode chars to formula escape (#387)
  • backport support for node 14
  • backward support for node 8
  • csv-parse: set columns type as readonly (#358)
  • csv-stringify: Add escape_formulas to defend against injection attacks (#380)
  • csv-stringify: header validation
  • csv-stringify: new header_as_comment option (fix #420)
  • csv-stringify: support null and undefined in stringify cast options (#484)
  • csv-stringify: ts extends options with stream.TransformOptions (#301)
  • esm migration
  • export ts types in sync
  • replace ts types with typesVersions
  • ts module Node16 and type declaration to exports field (#341)
  • wg stream api

Bug Fixes

  • commonjs types, run tsc and lint to validate changes (#397)
  • correct exports in package.json with webpack
  • csv-demo-ts-cjs-node16: upgrade module definition after latest typescript
  • csv-demo-webpack-ts: remove polyfill
  • csv-demo-webpack-ts: simplify export paths
  • csv-stringify: add missing type definition for bigint cast option (#369)
  • csv-stringify: allow mixed string and object columns typedef (#456)
  • csv-stringify: bom and header in sync mode with no records (fix #343)
  • csv-stringify: catch error with sync api, fix #296
  • csv-stringify: infinity is not defined in get (fix #475)
  • csv-stringify: node 12 compatibility in flush
  • csv-stringify: quote_match with empty string pattern quotes empty strings (#345), closes #344
  • csv-stringify: remove non-functional auto value
  • csv-stringify: throw err with no records and header in sync mode
  • csv-stringify: update quoted_match config option to accept arrays (#371)
  • csv-stringify: update TS types to allow cast to return an object (#339)
  • csv-stringify: use removeListener instead of off
  • dont insert polyfills in cjs #303
  • esm exports in package.json files, closes #308
  • export original lib esm modules
  • expose browser esm modules
  • fallback to setTimeout is setImmediate is undefined
  • refer to esm files in dist
  • remove samples from publicatgion
  • support ts node16 resolution in cjs (#354)
  • support TypeScript moduleResolution node16 (#368)
  • uncaught errors with large stream chunks (fix #386)

6.7.0 (2026-03-17)

... (truncated)

Commits
  • 3d71f0b chore(release): publish
  • 2ba4897 build: use ts nodenext
  • 11915f2 test(csv-stringify): handle node 26 high water mark
  • 8d50e98 build: latest dependencies
  • eded3df refactor: remove commented export default
  • 75ca89b feat(csv-stringify): support null and undefined in stringify cast options (#484)
  • bec87d1 chore(release): publish
  • 067922f chore: latest dependencies
  • cb1a2d9 refactor: tsconfig json format
  • bd1c611 test: support n 16 test after latest changes
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for csv-stringify since your current version.



Note

Low Risk
Lockfile-only dependency upgrade for a dev tool used in license reporting; no runtime app code changes in the PR.

Overview
Bumps the devDependency csv-stringify from 6.4.0 to 6.8.0 in package.json and updates the matching entry in yarn.lock. No application or script source changes are included in this diff.

The newer release adds optional CSV formula-injection hardening (escape_formulas), TypeScript/export fixes, and other stringify behavior fixes; existing usage (e.g. stringify in the license report script) is unchanged unless you opt into new options later.

Reviewed by Cursor Bugbot for commit 20d242e. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 30, 2026 13:13
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@jit-ci

jit-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

🛡️ Jit Security Scan Results

CRITICAL HIGH MEDIUM

✅ No security findings were detected in this PR


Security scan by Jit

@valkirilov valkirilov added the run-all-tests Trigger the CI to run the front-end, back-end and integration tests label Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Code Coverage - Integration Tests

Status Category Percentage Covered / Total
🟡 Statements 79.16% 18183/22969
🟡 Branches 61.91% 8464/13670
🟡 Functions 66.88% 2456/3672
🟡 Lines 78.77% 17119/21732

@valkirilov

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [csv-stringify](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-stringify) from 6.4.0 to 6.8.0.
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-stringify/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-stringify@6.8.0/packages/csv-stringify)

---
updated-dependencies:
- dependency-name: csv-stringify
  dependency-version: 6.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/csv-stringify-6.8.0 branch from 17002b5 to 20d242e Compare July 3, 2026 13:44
@valkirilov valkirilov added run-all-tests Trigger the CI to run the front-end, back-end and integration tests and removed run-all-tests Trigger the CI to run the front-end, back-end and integration tests labels Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Code Coverage - Backend unit tests

St.
Category Percentage Covered / Total
🟢 Statements 93.11% 16501/17723
🟡 Branches 75.3% 5231/6947
🟢 Functions 87.41% 2527/2891
🟢 Lines 92.96% 15777/16972

Test suite run success

3647 tests passing in 319 suites.

Report generated by 🧪jest coverage report action from 20d242e

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Code Coverage - Frontend unit tests

St.
Category Percentage Covered / Total
🟢 Statements 83.7% 26825/32049
🟡 Branches 69.4% 11412/16444
🟡 Functions 79.02% 7172/9076
🟢 Lines 84.16% 26132/31049

Test suite run success

7593 tests passing in 847 suites.

Report generated by 🧪jest coverage report action from 20d242e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code run-all-tests Trigger the CI to run the front-end, back-end and integration tests

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants