mgcrea/node-xlsx

Please publish new version to npm - ReDoS fix

marko-jankovic opened this issue · 3 comments

marko-jankovic commented

Hi!

Latest version 0.15 is using xlsx version 0.14.1 that is vulnerable to ReDoS attacks. https://snyk.io/vuln/SNYK-JS-XLSX-585898

I see you already have fix on master. Could you please publish to npm?

Thank you!

mgcrea commented

Done! v0.16.0

  • 👍1
marko-jankovic commented

v0.16 requires babel

Cannot find module '@babel/runtime/helpers/interopRequireDefault'

marko-jankovic commented

thank you for quick fix 💪