fix: upgrade to more recent version of xlsx package#465
Merged
Conversation
ToddFincannonEI
approved these changes
Apr 19, 2024
Collaborator
ToddFincannonEI
left a comment
ToddFincannonEI
left a comment
There was a problem hiding this comment.
I can't add to the tests. EPS does not read any XLSX files, only CSV. Looks good to me based on passing our other tests. I am fine with using a non-npm package source when there is no other choice. This package has worked well for me for other utilities, so I don't see a good reason to switch. Open to alternatives though.
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #463
@ToddFincannonEI: This upgrades the xlsx package to a more recent version, which addresses some security vulnerabilities that have been reported. (Those vulnerabilities cause scary warnings when a user does an npm install of
@sdeverywhere/cli, so it would be good to avoid those warnings, which can be a turn-off for new users.) I have misgivings about this package and using their CDN (see issue comments), but think that this should be a relatively simple upgrade as compared to replacing the package outright.