Security Vulnerabilities in SheetJS Dependency (xlsx npm package) #193
Description
Hi !
While reviewing our dependency tree, we noticed that Zerox's use of SheetJS (xlsx) may be affected by two known high-severity vulnerabilities reported recently:
Regular Expression Denial of Service (ReDoS)
- Detected in: xlsx (npm)
Prototype Pollution
- Detected in: xlsx (npm)
Both vulnerabilities are rated High in various advisories.
Do you know if the project currently pins or depends on a vulnerable version of xlsx, and whether an update or mitigation is already planned or in progress?
Thank you in advance !