Open gabrielsfarias opened 2 years ago
@gabrielsfarias Same problem here.
Any updates here?
Is there any ETA for jszip update ?
Why not just add
"resolutions": {
"excel4node/jszip": "^3.10.0"
}
to your package.json? excel4node seems like a buried project and I guess no one will make the bump.
Although this seems like a dead project by now, I have to use it a current project, and it requires
jszip@3.2.1
, which has a security vulnerability documented at CWE-1321 with the id CVE-2021-23413. So, someone with more knowledge could at least bump the dependency requirements for the fixed versions of jszip (3.7.0)