Remove x-data-spreadsheet, as it has unaddressed vulnerabilities #36
+9
−572
Commits on Apr 16, 2023
-
Remove x-data-spreadsheet, as it has unaddressed vulnerabilities
Dependabot reports that > All versions of package x-data-spreadsheet are vulnerable to > Cross-site Scripting (XSS) due to missing sanitization of values > inserted into the cells. (up to current version 1.1.9.) Note that this issue reports an XSS issue: myliang/x-spreadsheet#580 With this fixing PR which has not been merged: myliang/x-spreadsheet#581 Also, some issues may have been fixed, but not released, as this issue complains that there hasn't been a release in years despite unreleased fixes: myliang/x-spreadsheet#632 The package also depends on the discontinued opencollective package, which brings additional problematic dependencies.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.