Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade exceljs from 0.2.46 to 1.11.0 #17

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade exceljs from 0.2.46 to 1.11.0 #17

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jan 4, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3		 Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-JSZIP-3188562		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: exceljs The new version differs by 250 commits.
  • 6c9826c 1.11.0
  • ef94f0e credits
  • 0cfe51b Merge branch 'master' of https://github.com/exceljs/exceljs
  • 269a4dd turning Row into class
  • b16751c Merge pull request #813 from peakon/fix/unhandledRejectionOnParseError
  • 2327a09 Merge branch 'master' into fix/unhandledRejectionOnParseError
  • 274eea5 credits and doc
  • 8c95dba Merge pull request #807 from zypA13510/patch-1
  • 9824b98 Merge branch 'master' into patch-1
  • 9bf2eac merge conflicts plust adding classes
  • ca4c3a4 credits
  • ea2b1d2 Merge pull request #815 from alubbe/no-promise-polyfill-on-modern-setups
  • 791292a Do not use a promise polyfill on modern setups
  • c1a1cee adding dev dependencies
  • 7f55eca merge conflicts
  • ea2ac44 Merge pull request #814 from zypA13510/patch-2
  • 83ccb1e docs(README): remove invalid style
  • b32bc59 docs(README): improve documentation
  • 7dffb2b Run prettier on the affected files to fix lint
  • 26a7019 Leave a noop error handler on the sax stream when aborting due to an error
  • 83cf728 Merge pull request #808 from alubbe/prettier-refactoring2
  • 957f069 Merge pull request #809 from alubbe/nodejs-entrypoint
  • 3b9dbc5 Add an entrypoint for node.js
  • 3d97cbc Apply prettier-eslint to whole codebase

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
516f190 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSZIP-3188562
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot