Bump phpoffice/phpspreadsheet from 1.6.0 to 1.8.0 in /covid.sixara.com/assets/plugins/phpspreadsheet

[dependabot]

Bumps phpoffice/phpspreadsheet from 1.6.0 to 1.8.0.

Release notes

Sourced from phpoffice/phpspreadsheet's releases.

1.8.0

Security Fix (CVE-2019-12331)

• Detect double-encoded xml in the Security scanner, and reject as suspicious.

• This change also broadens the scope of the libxml_disable_entity_loader setting when reading XML-based formats, so that it is enabled while the xml is being parsed and not simply while it is loaded. On some versions of PHP, this can cause problems because it is not thread-safe, and can affect other PHP scripts running on the same server. This flag is set to true when instantiating a loader, and back to its original setting when the Reader is no longer in scope, or manually unset.

• Provide a check to identify whether libxml_disable_entity_loader is thread-safe or not.

  XmlScanner::threadSafeLibxmlDisableEntityLoaderAvailability()

• Provide an option to disable the libxml_disable_entity_loader call through settings. This is not recommended as it reduces the security of the XML-based readers, and should only be used if you understand the consequences and have no other choice.

Added

• Added support for the SWITCH function - #963 and #983
• Add accounting number format style #974

Fixed

• Whitelist tsv extension when opening CSV files #429
• Fix a SUMIF warning with some versions of PHP when having different length of arrays provided as input #873
• Fix incorrectly handled backslash-escaped space characters in number format

1.7.0

Added

• Added support for inline styles in Html reader (borders, alignment, width, height)
• QuotedText cells no longer treated as formulae if the content begins with a =
• Clean handling for DDE in formulae

Fixed

• Fix handling for escaped enclosures and new lines in CSV Separator Inference
• Fix MATCH an error was appearing when comparing strings against 0 (always true)
• Fix wrong calculation of highest column with specified row #700
• Fix VLOOKUP
• Fix return type hint

Changelog

Sourced from phpoffice/phpspreadsheet's changelog.

[1.8.0] - 2014-03-02

Bugfixes

• Undefined variable: fileHandle in CSV Reader - @MarkBaker [CodePlex #19830](https://phpexcel.codeplex.com/workitem/19830)
• Out of memory in style/supervisor.php - @MarkBaker [CodePlex #19968](https://phpexcel.codeplex.com/workitem/19968)
• Style error with merged cells in PDF Writer - @MarkBaker
• Problem with cloning worksheets - @MarkBaker
• Bug fix reading Open Office files - @tavoarcila #259
• Serious bug in absolute cell reference used in shared formula - @MarkBaker [CodePlex #20397](https://phpexcel.codeplex.com/workitem/20397)
  • Would also have affected insert/delete column/row- CHOOSE() returns "#VALUE!" if the 1st entry is chosen - @RomanSyroeshko #267
• When duplicating styles, styles shifted by one column to the right - @Gemorroj #268
  • Fix also applied to duplicating conditional styles- Fix for formulae that reference a sheet whose name begins with a digit: - @IndrekHaav #212
  • these were erroneously identified as numeric values, causing the parser to throw an undefined variable error.- Fixed undefined variable error due to $styleArray being used before it's initialised - @IndrekHaav [CodePlex #16208](https://phpexcel.codeplex.com/workitem/16208)
• ISTEXT() return wrong result if referencing an empty but formatted cell - @PowerKiKi #273
• Binary comparison of strings are case insensitive - @PowerKiKi #270, #31
• Insert New Row/Column Before is not correctly updating formula references - @MarkBaker #275
• Passing an array of cells to _generateRow() in the HTML/PDF Writer causes caching problems with last cell in the range - @MarkBaker #257
• Fix to empty worksheet garbage collection when using cell caching - @MarkBaker #193
• Excel2007 does not correctly mark rows as hidden - @Jazzo #248
• Fixed typo in Chart/Layout set/getYMode() - @Roy Shahbazian #299
• Fatal error: Call to a member function cellExists() line: 3327 in calculation.php if referenced worksheet doesn't exist - @EliuFlorez #279
• AdvancedValueBinder "Division by zero"-error - @MarkBaker #290
• Adding Sheet to Workbook Bug - @MarkBaker [CodePlex #20604](https://phpexcel.codeplex.com/workitem/20604)
• Calculation engine incorrectly evaluates empty cells as #VALUE - @MarkBaker [CodePlex #20703](https://phpexcel.codeplex.com/workitem/20703)
• Formula references to cell on another sheet in ODS files - @MarkBaker [CodePlex #20760](https://phpexcel.codeplex.com/workitem/20760)

Features

• LibreOffice created XLSX files results in an empty file. - @MarkBaker #321, #158, [CodePlex #17824](https://phpexcel.codeplex.com/workitem/17824)
• Implementation of the Excel HLOOKUP() function - @amerov
• Added "Quote Prefix" to style settings (Excel2007 Reader and Writer only) - @MarkBaker
• Added Horizontal FILL alignment for Excel5 and Excel2007 Readers/Writers, and Horizontal DISTRIBUTED alignment for Excel2007 Reader/Writer - @MarkBaker
• Add support for reading protected (RC4 encrypted) .xls files - @trvrnrth #261

General

• Adding support for macros, Ribbon in Excel 2007 - @LWol #252
• Remove array_shift in ReferenceHelper::insertNewBefore improves column or row delete speed - @cdhutch [CodePlex #20055](https://phpexcel.codeplex.com/workitem/20055)
• Improve stock chart handling and rendering, with help from Swashata Ghosh - @MarkBaker
• Fix to calculation properties for Excel2007 so that the opening application will only recalculate on load if it's actually required - @MarkBaker
• Modified Excel2007 Writer to default preCalculateFormulas to false - @MarkBaker
  • Note that autosize columns will still recalculate affected formulae internally- Functionality to getHighestRow() for a specified column, and getHighestColumn() for a specified row - @dresenhista #242
• Modify PHPExcel_Reader_Excel2007 to use zipClass from PHPExcel_Settings::getZipClass() - @adamriyadi #247
  • This allows the use of PCLZip when reading for people that don't have access to ZipArchive

Security

• Convert properties to string in OOCalc reader - @infojunkie #276
• Disable libxml external entity loading by default. - @maartenba #322
  • This is to prevent XML External Entity Processing (XXE) injection attacks (see https://websec.io/2012/08/27/Preventing-XEE-in-PHP.html for an explanation of XXE injection).

Commits

• 0e6238c CVE-2019-12331 (#1041)
• 1e71154 Refactoring xlsx reader (#1033)
• e884271 Scrutinizer resolutions (#1032)
• 591f1e0 Scrutinizer resolutions (#1031)
• 14e9806 Yet more minor improvements (#1030)
• 1b00fac Minor improvements (#1029)
• 2adaad3 Minor improvements (#1028)
• ca56fd2 Typo (#1007)
• 71f3631 Rectorification (#1010)
• 5fd954d Improve test code (#1003)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.