excel4node icon indicating copy to clipboard operation
excel4node copied to clipboard
verified publisher icon natergj

Jszip audit issue

Open mikefarah opened this issue 4 years ago • 0 comments

Describe the bug jszip (which this has a dep on for 3.2.1) have a prototype pollution vulnerability. Crafting a new zip file with filenames set to Object prototype values (e.g proto, toString, etc) results in a returned object with a modified prototype instance. Upgrade to version 3.7.0 or later

To Reproduce npm audit

Expected behavior No audit issues

Environment (please complete the following information):

  • Node Version: 14.17.4
  • excel4node Version: 1.7.2

Additional context

mikefarah avatar Sep 22 '21 06:09 mikefarah