Bring xlsx up-to-date to prevent npm audit vulnerability report

chazzmoney commented 11 months ago

Description

npm audit results in

% npm audit
# npm audit report

xlsx  *
Severity: high
Prototype Pollution in sheetJS - https://github.com/advisories/GHSA-4r6h-8v6p-xvw6
No fix available
node_modules/xlsx
  office-text-extractor  *
  Depends on vulnerable versions of xlsx
  node_modules/office-text-extractor

2 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

As per https://docs.sheetjs.com/docs/getting-started/installation/nodejs#legacy-endpoints, you can update the xlsx dependency in your project via:

pnpm rm xlsx
pnpm install https://cdn.sheetjs.com/xlsx-0.20.0/xlsx-0.20.0.tgz

This will remove the vulnerability error and bring xlsx up to date with the current published version.

Library version

^3.0.1

Node version

v20.3.1

Typescript version (if you are using it)

No response

gamemaker1 commented 11 months ago

Hi, thanks for reporting this! I've released v3.0.2 with the updated dependency.

chazzmoney commented 11 months ago

I just wanted to say thank you and complement you for responding so very quickly. Well done; your hard work is greatly appreciated!

gamemaker1 / office-text-extractor

Bring xlsx up-to-date to prevent npm audit vulnerability report #8

Description

Library version

Node version

Typescript version (if you are using it)