I am using xlsx in my js code. It works fine from last year. Today I start getting problem and build fails. Dueto:
$ yarn audit:
yarn audit v1.22.19
┌─────────────────────────────────────────────────────────────────────────────
│ moderate: Prototype Pollution in sheetJS
├─────────────────────────────────────────────────────────────────────────────
│ Package: xlsx
├─────────────────────────────────────────────────────────────────────────────
│ Patched in: >=0.19.3
├─────────────────────────────────────────────────────────────────────────────
│ Dependency of: xlsx
├─────────────────────────────────────────────────────────────────────────────
│ Path: xlsx
├─────────────────────────────────────────────────────────────────────────────
│ More info: https://www.npmjs.com/advisories/1091817
└─────────────────────────────────────────────────────────────────────────────
It is obvious the solution is to upgrade to version 0.19.3 or higher, but the latest vesion is 0.18.5 due to: https://www.npmjs.com/package/xlsx?activeTab=readme.
Is there any way to solve this issue?
As explained in the README, this project is no longer maintained on GitHub and no longer published to npm. Try to install from below link: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz. In your package.json file add this: