VOC Security Vulnerability #996

dcatoday · 2018-02-15T15:44:24Z

Hi when I attempt to install this library one of its dependencies ( VOC ) has a security flaw and my corporate Nexus repo complains that it is quarantined. Does anyone know which dependency is using it and if it is necessary as it may make applications vulnerable?

dcatoday · 2018-02-20T19:57:59Z

I raised this issue in the voc repository and it has been resolved.

@davisjam

- correct BIFF-dependent cell reference wrapping - record layout fixes from sample files - use BIFF version 2.4.338 for BOF (fixes #995 h/t @benjaminleetmaa) - fixed potentially vulnerable regexes (h/t @davisjam) - removed insecure deep dependency (fixes #996 h/t @dcatoday)

@davisjam

- correct BIFF-dependent cell reference wrapping - record layout fixes from sample files - use BIFF version 2.4.338 for BOF (fixes SheetJS#995 h/t @benjaminleetmaa) - fixed potentially vulnerable regexes (h/t @davisjam) - removed insecure deep dependency (fixes SheetJS#996 h/t @dcatoday)

dcatoday closed this as completed Feb 20, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VOC Security Vulnerability #996

VOC Security Vulnerability #996

dcatoday commented Feb 15, 2018

dcatoday commented Feb 20, 2018

VOC Security Vulnerability #996

VOC Security Vulnerability #996

Comments

dcatoday commented Feb 15, 2018

dcatoday commented Feb 20, 2018