sctalk icon indicating copy to clipboard operation
sctalk copied to clipboard

Published 20 hours ago verified publisher icon ccfish86

[Snyk] Upgrade xlsx from 0.10.9 to 0.18.5

Open ccfish86 opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade xlsx from 0.10.9 to 0.18.5.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 75 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2022-03-24.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service (DoS)
SNYK-JS-XLSX-1311141		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-XLSX-1311139		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-XLSX-1311137		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:xlsx:20180222		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-XLSX-585898		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: xlsx
  • 0.18.5 - 2022-03-24

    version bump 0.18.5: basic NUMBERS write

  • 0.18.4 - 2022-03-16

    version bump 0.18.4

  • 0.18.3 - 2022-03-03
    • XLSX / XLSB dynamic array formulae
    • use Uint8Array when available in write (fixes #2539 h/t @ RScherzer)
    • mini build cleanup to satiate webpack (fixes #2526 #2530)
  • 0.18.2 - 2022-02-15
  • 0.18.1 - 2022-02-14

    version bump 0.18.1: ESM

  • 0.18.0 - 2022-02-01
  • 0.17.5 - 2022-01-10

    version bump 0.17.5

  • 0.17.4 - 2021-11-14
  • 0.17.3 - 2021-10-13
  • 0.17.2 - 2021-09-16
  • 0.17.1 - 2021-08-18
  • 0.17.0 - 2021-05-13
    • Explicit errors on inconsistent XLS records
    • DBF cap worksheet to 1<<20 rows
  • 0.16.9 - 2020-11-20
  • 0.16.8 - 2020-10-06
  • 0.16.7 - 2020-09-11
  • 0.16.6 - 2020-08-12
  • 0.16.5 - 2020-07-31
  • 0.16.4 - 2020-07-16
  • 0.16.3 - 2020-06-29
  • 0.16.2 - 2020-06-05
  • 0.16.1 - 2020-05-17
  • 0.16.0 - 2020-04-30
  • 0.15.6 - 2020-03-15
  • 0.15.5 - 2020-01-28
  • 0.15.4 - 2019-12-23
  • 0.15.3 - 2019-11-27
  • 0.15.2 - 2019-11-15
  • 0.15.1 - 2019-08-14
  • 0.15.0 - 2019-08-04
  • 0.14.5 - 2019-08-03
  • 0.14.4 - 2019-07-21
  • 0.14.3 - 2019-04-30
  • 0.14.2 - 2019-04-01
  • 0.14.1 - 2018-11-13
  • 0.14.0 - 2018-09-06
  • 0.13.5 - 2018-08-26
  • 0.13.4 - 2018-08-15
  • 0.13.3 - 2018-07-25
  • 0.13.2 - 2018-07-09
  • 0.13.1 - 2018-06-22
  • 0.13.0 - 2018-06-01
  • 0.12.13 - 2018-05-20
  • 0.12.12 - 2018-05-05
  • 0.12.11 - 2018-04-27
  • 0.12.10 - 2018-04-20
  • 0.12.9 - 2018-04-13
  • 0.12.8 - 2018-04-06
  • 0.12.7 - 2018-03-29
  • 0.12.6 - 2018-03-19
  • 0.12.5 - 2018-03-13
  • 0.12.4 - 2018-03-06
  • 0.12.3 - 2018-02-28
  • 0.12.2 - 2018-02-21
  • 0.12.1 - 2018-02-14
  • 0.12.0 - 2018-02-08
  • 0.11.19 - 2018-02-03
  • 0.11.18 - 2018-01-23
  • 0.11.17 - 2018-01-09
  • 0.11.16 - 2017-12-30
  • 0.11.15 - 2017-12-25
  • 0.11.14 - 2017-12-15
  • 0.11.13 - 2017-12-09
  • 0.11.12 - 2017-12-04
  • 0.11.11 - 2017-12-01
  • 0.11.10 - 2017-11-20
  • 0.11.9 - 2017-11-15
  • 0.11.8 - 2017-11-05
  • 0.11.7 - 2017-10-27
  • 0.11.6 - 2017-10-17
  • 0.11.5 - 2017-09-30
  • 0.11.4 - 2017-09-22
  • 0.11.3 - 2017-08-19
  • 0.11.2 - 2017-08-11
  • 0.11.1 - 2017-08-05
  • 0.11.0 - 2017-08-01
  • 0.10.9 - 2017-07-29
from xlsx GitHub release notes
Commit messages
Package name: xlsx
  • 0400a87 version bump 0.18.5: basic NUMBERS write
  • e69ecd4 remove broken CDNs [ci skip]
  • 0f0b3de popping IIFEs to appease rollup tree shaking
  • 2f274dd book_append_sheet rolling names
  • a5b3877 Fix rawNumber support inside sheet_to_json
  • 69bb1e7 "side-effect free"
  • 90a7b4e remove SSF._general_int
  • 61487bc use TextEncoder for zip strings (fixes #2616)
  • 61b17a8 version bump 0.18.4
  • 2cbc28d vue-modify demo [ci skip]
  • 9a3294c phasing out patterns with side effects
  • f443aa8 react-modify demo [ci skip]
  • b9e7d0d XLSB/XLS Record Name refactor
  • 0270784 `skipHidden` for `sheet_to_json` [ci skip]
  • 0044f3b clean cptable global pollution
  • 0b6ebc6 DBF preserve field properties
  • b3793e2 HTML Parsing fix misaligned cells (fixes #1621)
  • b738e5d pulling ssf into main project [ci skip]
  • d97fce4 ssf repo reorg
  • c6a86cf make stream utils available to Node ESM
  • a32b304 CSV omit trailing record separator [ci skip]
  • 467020f stream.to_json end (fixes #1779)
  • ba3280e Demos [ci skip]
  • 6ede9dc xlsx-cli v1.1.2 [ci skip]

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

ccfish86 avatar Jun 23 '22 05:06 ccfish86