Update archiver to 7.0.0 to avoid CVE-772 in inflight @ 1.0.6 #2715

AlisherAmonulloev · 2024-03-01T08:56:51Z

🚀 Feature Proposal

Current version of exceljs references archiver of v5.3.2. In the references, you can find the inflight package that is affected by CVE-772 ( https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 )

exceljs @ 4.4.0 -> archiver @ 5.3.2 -> archiver-utils @ 2.1.0 -> glob @ 7.2.3 -> inflight @ 1.0.6

The archiver and archiver-utils packages were already updated and published on npm.

Please update the archiver package reference in exceljs to 7.0.0 to avoid the vulnerability

Note that this may result in a breaking change as support of Node 12 has been dropped: archiverjs/node-archiver#735

The text was updated successfully, but these errors were encountered:

jsyvino · 2024-05-16T17:55:51Z

I am also running into this issue, hopefully it gets fixed soon!

markmssd · 2024-09-10T22:06:12Z

Gentle bump 🙃

khangahs · 2024-10-02T07:33:51Z

Any fix?

rbonestell · 2024-10-10T16:28:55Z

The vulnerable references to inflight are not constrained to archiver, unfortunately:

exceljs@4.4.0 › archiver@5.3.2 › archiver-utils@2.1.0 › glob@7.2.3 › inflight@1.0.6
exceljs@4.4.0 › tmp@0.2.1 › rimraf@3.0.2 › glob@7.2.3 › inflight@1.0.6
exceljs@4.4.0 › archiver@5.3.2 › zip-stream@4.1.1 › archiver-utils@3.0.4 › glob@7.2.3 › inflight@1.0.6
exceljs@4.4.0 › unzipper@0.10.14 › fstream@1.0.12 › rimraf@2.7.1 › glob@7.2.3 › inflight@1.0.6

henryfung3a27 · 2024-10-18T04:32:22Z

tiennguyen1293 · 2024-10-29T07:53:11Z

Following this topic 👀

LukasTy mentioned this issue Apr 24, 2024

[data grid] Synk Vulnerability mui/mui-x#12887

Closed