calebJustice7
commented
2 years ago @gabrielsfarias Same problem here.
Open gabrielsfarias opened 2 years ago
calebJustice7
commented
2 years ago @gabrielsfarias Same problem here.
nhsome
commented
2 years ago Any updates here?
vishal-bypt
commented
2 years ago Is there any ETA for jszip update ?
villetuomaala
commented
2 years ago Why not just add
"resolutions": {
"excel4node/jszip": "^3.10.0"
}to your package.json? excel4node seems like a buried project and I guess no one will make the bump.
Although this seems like a dead project by now, I have to use it a current project, and it requires
jszip@3.2.1, which has a security vulnerability documented at CWE-1321 with the id CVE-2021-23413. So, someone with more knowledge could at least bump the dependency requirements for the fixed versions of jszip (3.7.0)