Comments (9)
I also have this problem. I was trying search a solution but i don't find. The community needs a solution for this problem.
from node-xlsx.
I followed the SheetJS/sheetjs#2822 and reinstalled the xlsx, but still got the same vulnerability tips:
What should i do?
I don't know what's the relationships between the node-xlsx and xlsx, can you help to provide detailed instructions?
Thanks a lot!
from node-xlsx.
See SheetJS/sheetjs#2822 for discussion/information about how to update
from node-xlsx.
@mgcrea , any news?
from node-xlsx.
until @mgcrea fix this vulnerabilities, you can override in packaje.json to use the last xlxs module without vulnerabilities (need remove node-xlsx and reinstall again with the override version in packaje,json)
see: https://docs.sheetjs.com/docs/getting-started/installation/nodejs/
from node-xlsx.
@milpalabras, i specified the overrides in the package.json:
then removed the xlsx and node-xlsx, and resintall them:
Still got the same result.
Can you help to provide detailed instructions to install node-xlsx and eliminate the vulnerabilities error tips?
from node-xlsx.
I made a fork and updated the dependency, but then two tests broke. In inspecting them, I noticed that the tests were only checking the first 10 bytes of the files, which I found a bit odd.
In any case, there seems to be a discrepancy between the 5th byte of the fixture files and the output from the xlsx
package. I took a look with a hex editor, and the first 4 bytes seem to conform to the .xlsx
file format. I am having some trouble understanding what that change signifies in the 5th byte.
FAIL test/specs/build.spec.ts
● Console
console.debug
Deprecated options['!merges'], please use options.sheetOptions['!merges'] instead.
at src/index.ts:86:15
at Array.filter (<anonymous>)
● node-xlsx builder › should properly build an XLSX from
expect(received).toEqual(expected) // deep equality
- Expected - 1
+ Received + 1
@@ -2,11 +2,11 @@
"data": Array [
80,
75,
3,
4,
- 10,
+ 20,
0,
0,
0,
0,
0,
14 | expect(result instanceof Buffer).toBeTruthy();
15 | // Only check the ten first bytes
> 16 | expect(result.slice(0, 10)).toEqual(expected.slice(0, 10));
| ^
17 | });
18 | it('should handle !merges sheetOption', () => {
19 | const expected = readBufferFixture(`sheetOptions.xlsx`);
at Object.<anonymous> (test/specs/build.spec.ts:16:33)
● node-xlsx builder › should handle !merges sheetOption
expect(received).toEqual(expected) // deep equality
- Expected - 1
+ Received + 1
@@ -2,11 +2,11 @@
"data": Array [
80,
75,
3,
4,
- 10,
+ 20,
0,
0,
0,
0,
0,
22 | expect(result instanceof Buffer).toBeTruthy();
23 | // Only check the ten first bytes
> 24 | expect(result.slice(0, 10)).toEqual(expected.slice(0, 10));
| ^
25 | });
26 | it('should handle global sheet options', () => {
27 | const worksheets = JSON.parse(readFixture(`test.json`));
at Object.<anonymous> (test/specs/build.spec.ts:24:33)
from node-xlsx.
Just published the v0.22.0 release with updated deps, should fix your issues.
from node-xlsx.
The issue still exists in v0.22.0:
➜ bodhi git:(3.5.11) ✗ npm rm node-xlsx
removed 10 packages and audited 210 packages in 2.095s
14 packages are looking for funding
run npm fund
for details
found 1 moderate severity vulnerability
run npm audit fix
to fix them, or npm audit
for details
╭───────────────────────────────────────────────────────────────╮
│ │
│ New major version of npm available! 6.14.12 → 9.6.7 │
│ Changelog: https://github.com/npm/cli/releases/tag/v9.6.7 │
│ Run npm install -g npm to update! │
│ │
╰───────────────────────────────────────────────────────────────╯
➜ bodhi git:(3.5.11) ✗ npm rm xlsx
removed 5 packages and audited 209 packages in 1.931s
14 packages are looking for funding
run npm fund
for details
found 1 moderate severity vulnerability
run npm audit fix
to fix them, or npm audit
for details
➜ bodhi git:(3.5.11) ✗ npm install [email protected]
- [email protected]
added 7 packages from 2 contributors, removed 1 package, updated 3 packages and audited 219 packages in 2.968s
14 packages are looking for funding
run npm fund
for details
found 2 vulnerabilities (1 moderate, 1 high)
run npm audit fix
to fix them, or npm audit
for details
from node-xlsx.
Related Issues (20)
- 2022/01/27 8:30:00 in excel is parsed into 2022-01-27T00:29:17.000Z HOT 1
- Incorrect dates in CSV
- TypeError: input.replace is not a function HOT 5
- Error: Unsupported ZIP file HOT 3
- get data arrays as columns instead of rows HOT 2
- `options` is required in type WorkSheet HOT 1
- When parsing a date, it returns the excel-date format HOT 2
- Question: Is it possible to add background colors to cells? HOT 3
- TypeError: input.replace is not a function HOT 1
- TypeError: Cannot set properties of undefined (setting 'name') HOT 1
- TypeError: Cannot read properties of undefined (reading 'length') HOT 4
- How to read cell with Hyperlink? HOT 2
- Numbers are not becoming numbers according to "General" format in Excel HOT 1
- can not parse excel file with the same content HOT 2
- Skip hidden rows while parsing HOT 1
- When I use Chinese as the sheet name, the generated file displays garbled sheet names HOT 1
- vulnerabilities tips still exists in release/0.22.0 HOT 6
- Does this package support xls format as well? HOT 1
- Provide ECMAScript module (ESM) bundle
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-xlsx.