jszip dependency has critical vulnerability

[jbowers-celartem]

https://github.com/advisories/GHSA-36fh-84j7-cv5h

need to upgrade jszip to 3.8.0 which has a patch for this

[twolfson]

We don't seem to use loadAsync as mentioned in that vulnerability?

https://github.com/twolfson/grunt-zip/blob/0.20.0/tasks/zip.js#L128

I'm rather tight on time nowadays, could you see if upgrading JSZip just works against our test suite? (should be wired up to CI for PRs)

[twolfson]

This has been resolved by https://github.com/twolfson/grunt-zip/pull/58 and released in grunt-zip@1.0.0