Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[frontend] Upgrade SheetJS (xlsx) because of vulnerability #1731

Merged
merged 1 commit into from
Oct 28, 2024
Merged

[frontend] Upgrade SheetJS (xlsx) because of vulnerability #1731

merged 1 commit into from
Oct 28, 2024

Conversation

guillaumejparis
Copy link
Member

Snyk report high vulnerability.

We need to change the cdn where we download it : SheetJS/sheetjs#2822 (comment)

@github-actions github-actions bot added the filigran team use to identify PR from the Filigran team label Oct 23, 2024
@Dimfacion
Copy link
Member

Shouldn't we use something like this : https://www.npmjs.com/package/@e965/xlsx?activeTab=readme ? Using the cdn means no renovate :/

@codecov Codecov
Copy link

codecov bot commented Oct 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 35.02%. Comparing base (63d029e) to head (beb7ac6).
Report is 2 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #1731      +/-   ##
============================================
+ Coverage     33.17%   35.02%   +1.85%     
- Complexity     1600     2719    +1119     
============================================
  Files           561      561              
  Lines         14649    22770    +8121     
  Branches        896     1704     +808     
============================================
+ Hits           4860     7976    +3116     
- Misses         9558    14490    +4932     
- Partials        231      304      +73

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@guillaumejparis guillaumejparis force-pushed the snyk/high_xlsx branch 2 times, most recently from b934916 to 1f7a0a1 Compare October 23, 2024 15:23
@guillaumejparis guillaumejparis merged commit 6606e6d into master Oct 28, 2024
7 checks passed
@guillaumejparis guillaumejparis deleted the snyk/high_xlsx branch October 28, 2024 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RomuDeuxfois RomuDeuxfois RomuDeuxfois approved these changes

Assignees
No one assigned
Labels
filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@guillaumejparis @Dimfacion @RomuDeuxfois