Skip to content
This repository has been archived by the owner on Jul 22, 2022. It is now read-only.

Dependency jszip update #355

Open
gabrielsfarias opened this issue Feb 17, 2022 · 4 comments
Open

Dependency jszip update #355

gabrielsfarias opened this issue Feb 17, 2022 · 4 comments

Comments

@gabrielsfarias
Copy link

gabrielsfarias commented Feb 17, 2022
edited
Loading

Although this seems like a dead project by now, I have to use it a current project, and it requires jszip@3.2.1, which has a security vulnerability documented at CWE-1321 with the id CVE-2021-23413.
So, someone with more knowledge could at least bump the dependency requirements for the fixed versions of jszip (3.7.0)
@gabrielsfarias gabrielsfarias changed the title Depedency jszip update Dependency jszip update Feb 17, 2022
@calebJustice7
Copy link

@gabrielsfarias Same problem here.

@nhsome
Copy link

nhsome commented Mar 24, 2022

Any updates here?

@vishal-bypt
Copy link

Is there any ETA for jszip update ?

@villetuomaala
Copy link

Why not just add

"resolutions": {
  "excel4node/jszip": "^3.10.0"
}

to your package.json? excel4node seems like a buried project and I guess no one will make the bump.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nhsome @gabrielsfarias @villetuomaala @calebJustice7 @vishal-bypt