bahizi
commented
3 years ago @natergj have you had a chance to review this?
Open bahizi opened 3 years ago
bahizi
commented
3 years ago @natergj have you had a chance to review this?
origooo
commented
3 years ago Would be super duper if this was merged!
Scofield62
commented
2 years ago Please merge it. I also need to get rid of vulnerabilities and I like using this library.
sezanzeb
commented
2 years ago You can add this to your package.json file to avoid the vulnerability:
"resolutions": {
"jszip": "^3.7.1"
},
fcastilloec
commented
2 years ago You can add this to your package.json file to avoid the vulnerability:
"resolutions": { "jszip": "^3.7.1" },
This will only work if you're using yarn. For the npm people, you need to use overrides
arthurblake-AngelOak
commented
2 years ago Unfortunately It looks like this excellent project might be abandoned by the author... I hope @natergj is alive and well and on to better things. I think our best bet going forward is this fork: https://www.npmjs.com/package/@advisr/excel4node It looks like this issue is fixed in that fork as well.
This is to address a DOS Vulnerability that is introduced by jszip < 3.7.0. See details here: https://app.snyk.io/vuln/SNYK-JS-JSZIP-1251497.
It's a very simple dependency update in
package.json. I ran the tests and validated the sample Excel doc and all looked good.