Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update phpoffice/phpspreadshee to prevent XSS vulnerability in … #2986

Merged
merged 1 commit into from
Jan 1, 2021
Merged

feat: update phpoffice/phpspreadshee to prevent XSS vulnerability in … #2986

merged 1 commit into from
Jan 1, 2021

Conversation

pedroufv
Copy link
Contributor

Security issues found on dependencies: phpoffice/phpspreadsheet@1.15.0 XSS Vulnerability in HTML Writer

"phpoffice/phpspreadsheet": "^1.16",

Mark the following tasks as done:

  • Checked the codebase to ensure that your feature doesn't already exist.
  • Checked the pull requests to ensure that another person hasn't already submitted the feature or fix.
  • Adjusted the Documentation.
  • Updated CHANGELOG.md
  • Added tests to ensure against regression.

Description of the Change

Update dependency to fix vulnerability

Why Should This Be Added?

Resolve XSS Vulnerability in the HTML Writer

See: PHPOffice/PhpSpreadsheet#1719

Benefits

Security

@patrickbrouwers
Copy link
Member

As long as people don't overwrite the the phpspreadsheet constraint to something lower than 1.16, it should have already installed that version, but always good to enforce a secure version. Thanks!

@patrickbrouwers patrickbrouwers merged commit 60d92d1 into SpartnerNL:3.1 Jan 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pedroufv @patrickbrouwers