Outdated underlying modules updation #19
Comments
|
Hi Yashwanth,
I'm pretty preoccupied with other projects currently, and won't be able to
undertake issues vis-a-vis the React Excel Renderer.
Feel free to fork the project and experiment yourself 😉
Thans & Regards,
*Ashish Deshpande*
…On Thu, 6 Aug, 2020, 11:44 pm Yashwanth Eturi, ***@***.***> wrote:
One of our application is using react-excel-render. But the Veracode
static code analysis shows the ***@***.*** and ***@***.*** are
susceptible to ReDOS vulnerability. Also, ***@***.***,
***@***.***, ***@***.*** is required.
Please help us by updating the underlying packages or suggest us an
alternate way to mitigate this. At least, let me know when you are planning
to update these libraries, if you are planning on such action. Help much
much appreciated. Thank you.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#19>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACAIS6MEWZVZXSHZV4LIQPLR7LXJVANCNFSM4PW3BD7Q>
.
|
|
Hello Ashish, |
|
Sure, will take a look as soon as possible.
Regards,
*Ashish Deshpande*
…On Fri, 5 Nov, 2021, 4:38 pm Yashwanth Eturi, ***@***.***> wrote:
Hello Ashish,
There are some PRs auto raised by Github bot that bumps the versions of
the underlying dependencies of this library. Can you please spend a few
minutes and approve their merge? They would fix security vulnerabilities it
has.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACAIS6LALHXOO7ECOFMFXSLUKO3JDANCNFSM4PW3BD7Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
One of our application is using react-excel-render. But the Veracode static code analysis shows the [email protected] and [email protected] are susceptible to ReDOS vulnerability. Also, [email protected], [email protected], [email protected] is required.
Please help us by updating the underlying packages or suggest us an alternate way to mitigate this. At least, let me know when you are planning to update these libraries, if you are planning on such action. Help much much appreciated. Thank you.
The text was updated successfully, but these errors were encountered: