Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Licensing Vulnerability in ExcelJS Dependency #2866

Open
klaw772 opened this issue Dec 19, 2024 · 1 comment
Open

[BUG] Licensing Vulnerability in ExcelJS Dependency #2866

klaw772 opened this issue Dec 19, 2024 · 1 comment

Comments

@klaw772
Copy link

klaw772 commented Dec 19, 2024
edited
Loading

🐛 Bug Report

When running a FOSSA scan, the 'buffers' package version 0.1.1 returns a flag of 'no license found'. This bubbles up to the 'unzipper' package being required by ExcelJS. The most up-to-date version of the unzipper package (0.12.3) has since removed the unlicensed 'buffers' package as a dependency. Additional behavior changes in unzipper do not seem to affect how it's being currently used in ExcelJS.

Lib version: 4.4.0

Possible solution:

Upgrading unzipper to 0.12.3 seems to not have any interference with its usage in ExcelJS.
@willisplummer
Copy link

Relatedly, I get these warnings with the latest version of this library due to the out of date unzipper dependency:

npm warn deprecated fstream@1.0.12: This package is no longer supported.
npm warn deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willisplummer @klaw772