search

yajra / laravel-datatables

jQuery DataTables API for Laravel
https://yajrabox.com/docs/laravel-datatables
MIT License
4.75k stars 861 forks source link

Security : Dependency High Severity Issue #3173

Closed jdevfullstack closed 4 weeks ago

jdevfullstack commented 4 weeks ago

Issue Title: Update Dependency 'phpoffice/phpspreadsheet' to Address XXE Vulnerability

First of all, thank you for maintaining this package; we greatly appreciate it as it has been an invaluable tool in our project.

Summary of the Problem or Feature Request

We noticed that the package 'yajra/laravel-datatables' has a dependency that has an XXE vulnerability (High Severity Security Issue). The 'phpoffice/phpspreadsheet' package, which is the affected dependency, has already addressed this issue in their latest release. However, 'yajra/laravel-datatables' is currently restricted to version 1.29, which does not include this fix.

It would be best if you could allow the latest release of 'phpoffice/phpspreadsheet' that includes the fix, version 2.2.2.

Code Snippet of Problem

N/A

System Details

N/A

yajra commented 4 weeks ago

Most likely due to the export package, will review and fix this as soon as I can. Thanks for reporting!

jdevfullstack commented 4 weeks ago

thanks !