Open AlisherAmonulloev opened 3 months ago
Current version of exceljs references archiver of v5.3.2. In the references, you can find the inflight package that is affected by CVE-772 ( https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 )
exceljs
archiver
exceljs @ 4.4.0 -> archiver @ 5.3.2 -> archiver-utils @ 2.1.0 -> glob @ 7.2.3 -> inflight @ 1.0.6
The archiver and archiver-utils packages were already updated and published on npm.
archiver-utils
Please update the archiver package reference in exceljs to 7.0.0 to avoid the vulnerability
Note that this may result in a breaking change as support of Node 12 has been dropped: https://github.com/archiverjs/node-archiver/pull/735
I am also running into this issue, hopefully it gets fixed soon!
🚀 Feature Proposal
Current version of
exceljs
referencesarchiver
of v5.3.2. In the references, you can find the inflight package that is affected by CVE-772 ( https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 )exceljs @ 4.4.0 -> archiver @ 5.3.2 -> archiver-utils @ 2.1.0 -> glob @ 7.2.3 -> inflight @ 1.0.6
The
archiver
andarchiver-utils
packages were already updated and published on npm.Please update the
archiver
package reference inexceljs
to 7.0.0 to avoid the vulnerabilityNote that this may result in a breaking change as support of Node 12 has been dropped: https://github.com/archiverjs/node-archiver/pull/735