material-table icon indicating copy to clipboard operation
material-table copied to clipboard

Published 20 hours ago verified publisher icon mbrn

Update Vulnerable version of jspdf package

Open jonathansantilli opened this issue 3 years ago • 16 comments

Description

Versions previous to2.3.1 introduce a Regular Expression Denial of Service (ReDoS) Vulnerability. This PR updates to version 2.3.1 of the library jspdf in order to mitigate that.

Additional Notes

More info here: https://snyk.io/vuln/SNYK-JS-JSPDF-1073626

jonathansantilli avatar Jul 06 '21 14:07 jonathansantilli

@mbrn please approve!

peterleidens avatar Jul 08 '21 15:07 peterleidens

owner approval needed pls thx

aechurch14714 avatar Jul 09 '21 20:07 aechurch14714

any chance of getting this merged soon :) ?

MichaelAquilina avatar Jul 28 '21 10:07 MichaelAquilina

Can this please be approved! Thank you! @mbrn

aaRopi avatar Jul 29 '21 08:07 aaRopi

Any news here?

Neneil94 avatar Aug 19 '21 13:08 Neneil94

Hi, can this pull request be merged please

matthew-b4t avatar Aug 30 '21 19:08 matthew-b4t

I was wondering if there already exists an issue about this... i only have one security vulnerability left inside my npm packages in a project after auditing all. Would be nice if you would approve it @mbrn :)

w5lurz avatar Sep 06 '21 13:09 w5lurz

Is this going to be approved?? its been almost 4 months

samlaubscher avatar Oct 25 '21 12:10 samlaubscher

Hi, Any news here, if this is not merged then we will need to make fork of this.

morwalz avatar Nov 08 '21 14:11 morwalz

@mbrn ??

samlaubscher avatar Nov 10 '21 20:11 samlaubscher

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. You can reopen it if it required.

stale[bot] avatar Feb 10 '22 06:02 stale[bot]

not stale! Please merge :)

MichaelAquilina avatar Feb 10 '22 10:02 MichaelAquilina

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. You can reopen it if it required.

stale[bot] avatar May 31 '22 03:05 stale[bot]

One more time :D not stale, please merge!

MichaelAquilina avatar May 31 '22 09:05 MichaelAquilina

Any update on this getting approved? Really killing my npm audits :(

clareluna avatar Jun 02 '22 23:06 clareluna

Not Stale. Please approve this very, very, very simple pull request which fixes crucial auditing issues.

Burtch avatar Aug 05 '22 18:08 Burtch

Any update?

SmitMaruti avatar Oct 18 '22 07:10 SmitMaruti

How has this not been reviewed? If this repo isn't active, can it be marked as such?

joshua-auchincloss avatar Nov 15 '22 00:11 joshua-auchincloss

https://github.com/mbrn/material-table/issues/3044

tasawar-hussain avatar Dec 31 '22 07:12 tasawar-hussain

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. You can reopen it if it required.

stale[bot] avatar Apr 02 '23 06:04 stale[bot]

In case someone is interested, I have forked this project and updated the library. I will accept and review any PR if the community decides to continue the development of this project.

jonathansantilli avatar Apr 02 '23 11:04 jonathansantilli

Since the maintainer pushed a PR in yesterday "memory leak problem fix", the code is being maintained. Until he is ready to push the version bump to the dependency (perhaps not merged for a reason he has yet to explain to the crowd) you can simply add jspdf to "resolutions" in package.json.

sheldonmaschmeyer avatar Jun 19 '23 14:06 sheldonmaschmeyer

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. You can reopen it if it required.

stale[bot] avatar Sep 17 '23 21:09 stale[bot]