Skip to content

[Snyk] Security upgrade exceljs from 0.2.46 to 1.11.0#17

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-6e92eca31dd13d4df1b33aa916e51e9d
Open

[Snyk] Security upgrade exceljs from 0.2.46 to 1.11.0#17
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-6e92eca31dd13d4df1b33aa916e51e9d

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Jan 4, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3		 Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-JSZIP-3188562		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: exceljs The new version differs by 250 commits.
  • 6c9826c 1.11.0
  • ef94f0e credits
  • 0cfe51b Merge branch 'master' of https://github.com/exceljs/exceljs
  • 269a4dd turning Row into class
  • b16751c Merge pull request #813 from peakon/fix/unhandledRejectionOnParseError
  • 2327a09 Merge branch 'master' into fix/unhandledRejectionOnParseError
  • 274eea5 credits and doc
  • 8c95dba Merge pull request #807 from zypA13510/patch-1
  • 9824b98 Merge branch 'master' into patch-1
  • 9bf2eac merge conflicts plust adding classes
  • ca4c3a4 credits
  • ea2b1d2 Merge pull request #815 from alubbe/no-promise-polyfill-on-modern-setups
  • 791292a Do not use a promise polyfill on modern setups
  • c1a1cee adding dev dependencies
  • 7f55eca merge conflicts
  • ea2ac44 Merge pull request #814 from zypA13510/patch-2
  • 83ccb1e docs(README): remove invalid style
  • b32bc59 docs(README): improve documentation
  • 7dffb2b Run prettier on the affected files to fix lint
  • 26a7019 Leave a noop error handler on the sax stream when aborting due to an error
  • 83cf728 Merge pull request #808 from alubbe/prettier-refactoring2
  • 957f069 Merge pull request #809 from alubbe/nodejs-entrypoint
  • 3b9dbc5 Add an entrypoint for node.js
  • 3d97cbc Apply prettier-eslint to whole codebase

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
516f190 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSZIP-3188562
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot