Upgrade to more recent version of xlsx package #463
Assignees
Labels
Comments
chrispcampbell
added
dependencies
chrispcampbell
added a commit
that referenced
this issue
Apr 19, 2024
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are currently using v0.17.5 of the xlsx (aka SheetJS) package. That package has had a few security alerts in the past couple years, the latest one says to upgrade to v0.20.2. One hitch is that the SheetJS maintainers have been in a battle with npmjs for a while and no longer publish their packages to the npm registry, so their instructions now say to install from their own CDN:
I'm not a fan of relying on a self-hosted binary (which they could take down at any time), and I'm not a fan of their development approach, but unfortunately there are no easy alternatives at this time. The other ones I looked into, exceljs and read-excel-file, only support async reading of files, so even if I wanted to try them, I'd have to change a lot of compiler functions (on the code gen side) to be async ready, which is not a quick task. So for now, I'm afraid the best solution is to point to the most recent version of their self-hosted binary.
(I would still like to replace this dependency someday, maybe as part of changing the compiler to read/cache the xlsx/csv data in an earlier step rather than waiting till the code gen phase.)
The text was updated successfully, but these errors were encountered: