Minimist vulnerability CVE-2021-44906

[anirudhb-sf]

• Operating System: Mac OS
• Node Version: v16.13.0
• NPM Version: 6.14.16
• csv-parser Version: 3.0.0

Expected Behavior / Situation

N/A

Actual Behavior / Situation

minimist: v1.2.5 brings in a security vulnerability which is currently has no fix. The following dependency chain makes csv-parser a vulnerable package: csv-parser@3.0.0 › minimist@1.2.5.

Modification Proposal

Request for a security fix to make csv-parser package free from security vulnerabilities. We may shift to using minimist-lite as suggested here / eliminate the usage of minimist by providing a implementation to parse command line args

[sfwhite]

@mafintosh and @TrySound this is a fairly important one.

We're getting nicked on our corporate security scans, and we don't particularly want to refactor all of our projects to use a different lib, as this one is well made and that's a lot of tech debt to take on.

PR #215 eliminates the dependency entirely, PR #216 upgrades the existing dependency.