Skip to content

Upgrade jszip to its latest version to date. This version does not have any vulnerability found by Snyk so far #1895

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Siemienik merged 1 commit into from
Nov 7, 2021
Merged

Upgrade jszip to its latest version to date. This version does not have any vulnerability found by Snyk so far #1895

Siemienik merged 1 commit into from
Nov 7, 2021

Conversation

@ValerioSevilla
Copy link
Contributor

@ValerioSevilla ValerioSevilla commented Nov 7, 2021

Snyk found a Denial of Service vulnerability in jszip: https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497

There is no version of exceljs so far upgrading to a safe version of jszip. This pull request is meant to solve that.

Test plan

Run npm install and npm test after upgrading. All tests passed.

Siemienik
Siemienik approved these changes Nov 7, 2021
View reviewed changes
Copy link
Member

@Siemienik Siemienik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ValerioSevilla, Thank you for that contribution. LGTM 🥇

@Siemienik Siemienik merged commit 0f6d765 into exceljs:master Nov 7, 2021
@ValerioSevilla
Copy link
Contributor Author

ValerioSevilla commented Nov 8, 2021

@Siemienik thanks! Is there a release planned, or is it possible to quickly get a patch including this upgrade?

@ValerioSevilla ValerioSevilla deleted the feature/upgrade-jszip-to-prevent-security-vulnerability branch November 8, 2021 11:25
@Siemienik
Copy link
Member

Siemienik commented Nov 11, 2021

Only @guyonroche has permission to release.

@Siemienik
Copy link
Member

Siemienik commented Oct 12, 2023

@ValerioSevilla see #2351 .

@j-mendez j-mendez mentioned this pull request Sep 8, 2024
Open
@Vishwas1 Vishwas1 mentioned this pull request Sep 8, 2024
Open
@j-mendez j-mendez mentioned this pull request Sep 13, 2024
Open
This was referenced Sep 15, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Siemienik Siemienik Siemienik approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ValerioSevilla @Siemienik