react-excel-renderer icon indicating copy to clipboard operation
react-excel-renderer copied to clipboard

Published 20 hours ago verified publisher icon ashishd751

Outdated underlying modules updation

Open iyash1 opened this issue 4 years ago • 3 comments

One of our application is using react-excel-render. But the Veracode static code analysis shows the [email protected] and [email protected] are susceptible to ReDOS vulnerability. Also, [email protected], [email protected], [email protected] is required.

Please help us by updating the underlying packages or suggest us an alternate way to mitigate this. At least, let me know when you are planning to update these libraries, if you are planning on such action. Help much much appreciated. Thank you.

iyash1 avatar Aug 06 '20 18:08 iyash1

Hi Yashwanth,

I'm pretty preoccupied with other projects currently, and won't be able to undertake issues vis-a-vis the React Excel Renderer.

Feel free to fork the project and experiment yourself 😉

Thans & Regards, Ashish Deshpande

On Thu, 6 Aug, 2020, 11:44 pm Yashwanth Eturi, [email protected] wrote:

One of our application is using react-excel-render. But the Veracode static code analysis shows the [email protected] and [email protected] are susceptible to ReDOS vulnerability. Also, [email protected], [email protected], [email protected] is required.

Please help us by updating the underlying packages or suggest us an alternate way to mitigate this. At least, let me know when you are planning to update these libraries, if you are planning on such action. Help much much appreciated. Thank you.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ashishd751/react-excel-renderer/issues/19, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAIS6MEWZVZXSHZV4LIQPLR7LXJVANCNFSM4PW3BD7Q .

ashishd751 avatar Aug 07 '20 05:08 ashishd751

Hello Ashish, There are some PRs auto raised by Github bot that bumps the versions of the underlying dependencies of this library. Can you please spend a few minutes and approve their merge? They would fix security vulnerabilities it has. Your work really helped us and would be happy to show our appreciation, if you'd like, with a coffee.

iyash1 avatar Nov 05 '21 11:11 iyash1

Sure, will take a look as soon as possible.

Regards, Ashish Deshpande

On Fri, 5 Nov, 2021, 4:38 pm Yashwanth Eturi, @.***> wrote:

Hello Ashish, There are some PRs auto raised by Github bot that bumps the versions of the underlying dependencies of this library. Can you please spend a few minutes and approve their merge? They would fix security vulnerabilities it has.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ashishd751/react-excel-renderer/issues/19#issuecomment-961805636, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAIS6LALHXOO7ECOFMFXSLUKO3JDANCNFSM4PW3BD7Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

ashishd751 avatar Nov 06 '21 05:11 ashishd751