react-excel-renderer
react-excel-renderer copied to clipboard
Outdated underlying modules updation
One of our application is using react-excel-render. But the Veracode static code analysis shows the [email protected] and [email protected] are susceptible to ReDOS vulnerability. Also, [email protected], [email protected], [email protected] is required.
Please help us by updating the underlying packages or suggest us an alternate way to mitigate this. At least, let me know when you are planning to update these libraries, if you are planning on such action. Help much much appreciated. Thank you.
Hi Yashwanth,
I'm pretty preoccupied with other projects currently, and won't be able to undertake issues vis-a-vis the React Excel Renderer.
Feel free to fork the project and experiment yourself 😉
Thans & Regards, Ashish Deshpande
On Thu, 6 Aug, 2020, 11:44 pm Yashwanth Eturi, [email protected] wrote:
One of our application is using react-excel-render. But the Veracode static code analysis shows the [email protected] and [email protected] are susceptible to ReDOS vulnerability. Also, [email protected], [email protected], [email protected] is required.
Please help us by updating the underlying packages or suggest us an alternate way to mitigate this. At least, let me know when you are planning to update these libraries, if you are planning on such action. Help much much appreciated. Thank you.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ashishd751/react-excel-renderer/issues/19, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAIS6MEWZVZXSHZV4LIQPLR7LXJVANCNFSM4PW3BD7Q .
Hello Ashish, There are some PRs auto raised by Github bot that bumps the versions of the underlying dependencies of this library. Can you please spend a few minutes and approve their merge? They would fix security vulnerabilities it has. Your work really helped us and would be happy to show our appreciation, if you'd like, with a coffee.
Sure, will take a look as soon as possible.
Regards, Ashish Deshpande
On Fri, 5 Nov, 2021, 4:38 pm Yashwanth Eturi, @.***> wrote:
Hello Ashish, There are some PRs auto raised by Github bot that bumps the versions of the underlying dependencies of this library. Can you please spend a few minutes and approve their merge? They would fix security vulnerabilities it has.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ashishd751/react-excel-renderer/issues/19#issuecomment-961805636, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAIS6LALHXOO7ECOFMFXSLUKO3JDANCNFSM4PW3BD7Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.