Dependency: Update xlsx version to resolve high security vulnerability #15
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://cdn.sheetjs.com/advisories/CVE-2024-22363
Summary
All versions of SheetJS CE through 0.20.1 are vulnerable to "Regular Expression Denial of Service" (ReDoS). For more details, see https://regexide.com
Categorization
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (Score 7.5 - High)
CWE-1333 Inefficient Regular Expression Complexity [1]
Remediation
Users should upgrade to version 0.20.2 or later. Official releases are available on the SheetJS CDN [2]. SheetJS CE documentation includes installation instructions for common deployments [7].
Changed