Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BREAKING CHANGES] JSZip package upgrade #107

Closed
wants to merge 3 commits into from
Closed

[BREAKING CHANGES] JSZip package upgrade #107

wants to merge 3 commits into from

Conversation

tiholic
Copy link
Contributor

@tiholic tiholic commented Jul 7, 2020

Upgraded JSZip to latest version 3.5.0 as per upgrade guide

This resulted in API changes as few methods required to be converted as async

  • Updated tests to use async/await wherever necessary
  • README updated
  • All tests passed

Pre release checklist

  • Major Release version upgrade - add necessary release notes

@tiholic tiholic mentioned this pull request Jul 7, 2020
Open
3 tasks
TrySound
TrySound reviewed Jul 7, 2020
View reviewed changes
.gitignore
.idea/jsLibraryMappings.xml
.idea/jsLinters/jshint.xml
.idea/libraries/sass_stdlib.xml
.idea
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps idea files above can be dropped as well.

@kant2002
Copy link
Collaborator

kant2002 commented Jul 8, 2020

  1. This require us to go to version 2.0
  2. I would try to no create churn with breaking changes/version changes too much. While 2.0 would be backed, can we keep documentation for 1.0 intact and have 2.0 examples in readme somewhere in separate section. Maybe as separate file.
  3. Also I agree in principle with this changes and that it is desirable, but can we have current version of JSZip package with mocked definitions like
declare module 'jszip' {
  var x: any;
  export = x;
}

that way it give us time to think how make less disruptive changes. Maybe we can take inspiration from https://stackoverflow.com/questions/16586640/node-js-async-to-sync and provide backward compatible API + async alternatives.

@tiholic
Copy link
Contributor Author

tiholic commented Aug 2, 2020

@kant2002 let me know what would you like to do with this PR. If you want to have a v2, then have it as a separate release? or maintain it under separate branch for now and do a release later!

@kant2002
Copy link
Collaborator

kant2002 commented Aug 3, 2020

@tiholic I want you to show how can we have cake and eat it too. I believe we can achieve your goals without major changes in the API and everything will just works. I will keep it for reference, but eventually likely it would not be accepted.

@Apobbot
Copy link

Apobbot commented Jan 13, 2023

bump. The release of v2 would be much appreciated, as the jszip2.6.1 has a CWE-29 vulnerability. Most likely the jszip team wont release a hotfix for a version of 2016 release date, so a shift to async API with new jszip and v2 of xlsx-template is preferred.

Thanks.

@kant2002
Copy link
Collaborator

I made a fork of old JSzip for now and apply security fixes. So this is in its current form not needed. If you have idea how to expose async API so I can gradually migrate without disrupting users, I would appreciate it

@kant2002 kant2002 closed this Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TrySound TrySound TrySound left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@tiholic @kant2002 @Apobbot @TrySound