Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xlsx vulnerability CVE-2023-30533 #1689

Closed
kevkcc opened this issue May 24, 2023 · 3 comments · Fixed by #1694
Closed

xlsx vulnerability CVE-2023-30533 #1689

kevkcc opened this issue May 24, 2023 · 3 comments · Fixed by #1694
Assignees
@mathiasrw
Labels
dependencies Pull requests that update a dependency file

Comments

@kevkcc
Copy link

kevkcc commented May 24, 2023
edited
Loading

Hi,

The version of xlsx used in the latest version of alasql is 0.18.0 which has a vulnerability and it is recommended to use 0.19.3+ on sheetjs' CDN as described here: SheetJS/sheetjs#2822

They've abandoned putting their latest versions on npm. While it is possible to address this with an override in our package.json, is there a plan to do this directly in alasql?

Thanks!
@mathiasrw mathiasrw mentioned this issue May 30, 2023
Merged
@mathiasrw
Copy link
Member

Thank you so much for pointing this out!

@mathiasrw mathiasrw self-assigned this May 30, 2023
@mathiasrw mathiasrw added the dependencies Pull requests that update a dependency file label May 30, 2023
mathiasrw added a commit that referenced this issue May 30, 2023
@mathiasrw
Include XLSX v0.19.3 as a module to fix #1689
35e20d2
@mathiasrw
Copy link
Member

Released as part of v4.0.2

@kevkcc
Copy link
Author

kevkcc commented May 30, 2023

Thank you so much for the quick turnaround!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mathiasrw mathiasrw

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Include XLSX v0.19.3 as a module AlaSQL/alasql
2 participants
@mathiasrw @kevkcc