Skip to content

bump: Bumping unzipper to mitigate license issue #2744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

bump: Bumping unzipper to mitigate license issue #2744

wants to merge 1 commit into from
+1 −1

Conversation

dubzzz
Copy link

@dubzzz dubzzz commented Apr 15, 2024
edited
Loading

Summary

Unzipper patched a license issue in the 0.11.x version (related issue: ZJONSSON/node-unzipper#293). The full diff of this new minor is avilable at: https://app.renovatebot.com/package-diff?name=unzipper&from=0.10.14&to=0.11.2.

With that PR, I only make sure that exceljs will pull or at least allow users to pull the patched version of unzipper.

Fixes #2743

Test plan

Not applicable

Related to source code (for typings update)

Not applicable

@dubzzz
bump: Bumping unzipper
34866c3 
Unzipper patched a license issue in the 0.11.x version (related issue: ZJONSSON/node-unzipper#293). The full diff of this new minor is avilable at: https://app.renovatebot.com/package-diff?name=unzipper&from=0.10.14&to=0.11.2.

With that PR, I only make sure that exceljs will pull or at least allow users to pull the patched version of unzipper.

Fixes exceljs#2743
@dubzzz dubzzz changed the title bump: Bumping unzipper bump: Bumping unzipper to mitigate license issue Apr 15, 2024
@ZJONSSON
Copy link

I realized from the diffs that the .tap files were not being .npmignored. Just pushed out a patch 0.11.3 please let me know if there is anything you need. Will be spending some time over next few weekends to get the library into better shape and moving away from fstreams.

@ZJONSSON
Copy link

Also I bumped tap to a version that doesn't support node 10. If exceljs needs to support node 10 I will downgrade tap back to the maximum version that works for v10

@ZJONSSON
Copy link

I downgraded tap on unzipper master to ensure that the tests match the exceljs test suite. No version bump required as this is only a downgrade of dev dependency
image

@k0s15
Copy link

k0s15 commented May 23, 2024

cc @Siemienik, you seem to be the only active maintainer, thanks

@k0s15 k0s15 mentioned this pull request Jun 3, 2024
Open
@jjshinobi
Copy link

Can someone please merge this PR? Thanks!

@Christoph-Mielke
Copy link

Please merge and release it.

@dubzzz
Copy link
Author

dubzzz commented Jul 22, 2024

@Siemienik Please 🥹🙏

@huineng
Copy link

huineng commented Sep 17, 2024

any update ?

@wilomgfx
Copy link

Anything blocking this from being merged?

@juwalter
Copy link

@Siemienik - also would like to ask if you could merge this one? many thanks in advance!!

juwalter
juwalter approved these changes Dec 12, 2024
View reviewed changes
Copy link

@juwalter juwalter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking good!

sebastian-garn
sebastian-garn approved these changes Dec 12, 2024
View reviewed changes
Copy link

@sebastian-garn sebastian-garn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Siemienik
Copy link
Member

Hi everyone.
I released this patch as prerelease version: 4.4.1-prerelease.0
If no complains with this version, I'm going to release it as 4.4.1 soon

This was referenced Dec 20, 2024
Open
Open
Open
Open
Open
Siemienik
Siemienik approved these changes Dec 21, 2024
View reviewed changes
Copy link
Member

@Siemienik Siemienik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@Siemienik Siemienik mentioned this pull request Dec 21, 2024
Open
@matttabor
Copy link

LGTM

@jjshinobi
Copy link

Can we please also bump archiver to 7.0.1 to fix this Snyk vulnurabiltiy:

 ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
    introduced by exceljs@4.4.1-prerelease.0 > archiver@5.3.2 > archiver-utils@2.1.0 > glob@7.2.3 > inflight@1.0.6
  No upgrade or patch available

It relates to the same issue with license. Also, it allows to remove inflight@1.0.6 from the transitive path which has a vulnerability as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juwalter juwalter juwalter approved these changes

@Siemienik Siemienik Siemienik approved these changes

@sebastian-garn sebastian-garn sebastian-garn approved these changes

Assignees
No one assigned
Labels
prerelesed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Request to bump version of unzipper to eliminate license concerns