ng-notadd icon indicating copy to clipboard operation
ng-notadd copied to clipboard

Published 20 hours ago verified publisher icon notadd

[Snyk] Security upgrade xlsx from 0.14.3 to 0.17.0

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-XLSX-1311137		 No Proof of Concept
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-XLSX-1311139		 No Proof of Concept
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-XLSX-1311141		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: xlsx The new version differs by 86 commits.
  • 3542d62 version bump 0.17.0
  • 6c5db36 AWS Lambda Binary Media Types
  • 59b3dae Tested the MongoDB scripts and fixed them
  • e958dbf Refresh server demos
  • 1d7aff4 suppress modified test files
  • f8c0a86 [Tests] migrate tests to Github Actions
  • 58e59dc updates to react demo
  • 333deae write and parse ods in mini build (#2197)
  • 20212e1 version bump 0.16.9: utf-8 codenames
  • f7835d6 Add support for outline configuration
  • eec93b0 Fixed parsing for first cell in .fods documents
  • 6ecfeb6 Added google sheet example
  • b0e68a9 Add escape slash to cell matcher
  • 9f1ba60 version bump 0.16.8: CRLF in formulae
  • b9323c5 Update 78_writebiff.js
  • d4cfadb Fix #2071
  • 5985739 Mark generated files as binary
  • 542636b Update 80_parseods.js
  • 82b7ada version bump 0.16.7
  • 0cc6cc9 XLSX verify formula is string (fixes #1703)
  • 2c5a863 Removed null ws return from 90_utils
  • 2e32611 version bump 0.16.6: xlfn option
  • 3b589f0 XLSX SST treat <si></si> as empty (fixes #2083)
  • abed474 whitespace check (fixes #2075)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jun 18 '21 21:06 snyk-bot