From 7dfc53d3d4a94224c1be5b5a1051a71da19032d4 Mon Sep 17 00:00:00 2001
From: Guillaume Paris <guillaume.paris@filigran.io>
Date: Wed, 23 Oct 2024 14:11:05 +0200
Subject: [PATCH] [frontend] Upgrade SheetJS (xlsx) because of vulnerability

---
 openbas-front/package.json |  2 +-
 openbas-front/yarn.lock    | 83 +++-----------------------------------
 2 files changed, 7 insertions(+), 78 deletions(-)

diff --git a/openbas-front/package.json b/openbas-front/package.json
index 47861b032d..84d7d965d0 100644
--- a/openbas-front/package.json
+++ b/openbas-front/package.json
@@ -74,7 +74,7 @@
     "seamless-immutable": "7.1.4",
     "usehooks-ts": "3.1.0",
     "uuid": "10.0.0",
-    "xlsx": "0.18.5",
+    "xlsx": "https://git.sheetjs.com/sheetjs/sheetjs.git#v0.20.3",
     "zod": "3.23.8",
     "zustand": "^4.5.4"
   },
diff --git a/openbas-front/yarn.lock b/openbas-front/yarn.lock
index 352d10ee62..c5132f6ce2 100644
--- a/openbas-front/yarn.lock
+++ b/openbas-front/yarn.lock
@@ -5487,13 +5487,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"adler-32@npm:~1.3.0":
-  version: 1.3.1
-  resolution: "adler-32@npm:1.3.1"
-  checksum: 10c0/c1b7185526ee1bbe0eac8ed414d5226af4cd02a0540449a72ec1a75f198c5e93352ba4d7b9327231eea31fd83c2d080d13baf16d8ed5710fb183677beb85f612
-  languageName: node
-  linkType: hard
-
 "agent-base@npm:^7.0.2, agent-base@npm:^7.1.0":
   version: 7.1.0
   resolution: "agent-base@npm:7.1.0"
@@ -6184,16 +6177,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cfb@npm:~1.2.1":
-  version: 1.2.2
-  resolution: "cfb@npm:1.2.2"
-  dependencies:
-    adler-32: "npm:~1.3.0"
-    crc-32: "npm:~1.2.0"
-  checksum: 10c0/87f6d9c3878268896ed6ca29dfe32a2aa078b12d0f21d8405c95911b74ab6296823d7312bbf5e18326d00b16cc697f587e07a17018c5edf7a1ba31dd5bc6da36
-  languageName: node
-  linkType: hard
-
 "chai@npm:^5.1.1":
   version: 5.1.1
   resolution: "chai@npm:5.1.1"
@@ -6480,13 +6463,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"codepage@npm:~1.15.0":
-  version: 1.15.0
-  resolution: "codepage@npm:1.15.0"
-  checksum: 10c0/2455b482302cb784b46dea60a8ee83f0c23e794bdd979556bdb107abe681bba722af62a37f5c955ff4efd68fdb9688c3986e719b4fd536c0e06bb25bc82abea3
-  languageName: node
-  linkType: hard
-
 "color-convert@npm:2.0.1, color-convert@npm:^2.0.1":
   version: 2.0.1
   resolution: "color-convert@npm:2.0.1"
@@ -6690,15 +6666,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"crc-32@npm:~1.2.0, crc-32@npm:~1.2.1":
-  version: 1.2.2
-  resolution: "crc-32@npm:1.2.2"
-  bin:
-    crc32: bin/crc32.njs
-  checksum: 10c0/11dcf4a2e77ee793835d49f2c028838eae58b44f50d1ff08394a610bfd817523f105d6ae4d9b5bef0aad45510f633eb23c903e9902e4409bed1ce70cb82b9bf0
-  languageName: node
-  linkType: hard
-
 "cronstrue@npm:2.50.0":
   version: 2.50.0
   resolution: "cronstrue@npm:2.50.0"
@@ -8775,13 +8742,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"frac@npm:~1.1.2":
-  version: 1.1.2
-  resolution: "frac@npm:1.1.2"
-  checksum: 10c0/640740eb58b590eb38c78c676955bee91cd22d854f5876241a15c49d4495fa53a84898779dcf7eca30aabfe1c1a4a705752b5f224934257c5dda55c545413ba7
-  languageName: node
-  linkType: hard
-
 "fresh@npm:0.5.2":
   version: 0.5.2
   resolution: "fresh@npm:0.5.2"
@@ -12188,7 +12148,7 @@ __metadata:
     vite: "npm:5.4.7"
     vite-plugin-istanbul: "npm:6.0.2"
     vitest: "npm:2.1.1"
-    xlsx: "npm:0.18.5"
+    xlsx: "https://git.sheetjs.com/sheetjs/sheetjs.git#v0.20.3"
     zod: "npm:3.23.8"
     zustand: "npm:^4.5.4"
   languageName: unknown
@@ -14599,15 +14559,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ssf@npm:~0.11.2":
-  version: 0.11.2
-  resolution: "ssf@npm:0.11.2"
-  dependencies:
-    frac: "npm:~1.1.2"
-  checksum: 10c0/c3fd24a90dc37a9dc5c4154cb4121e27507c33ebfeee3532aaf03625756b2c006cf79c0a23db0ba16c4a6e88e1349455327867e03453fc9d54b32c546bc18ca6
-  languageName: node
-  linkType: hard
-
 "ssri@npm:^10.0.0":
   version: 10.0.5
   resolution: "ssri@npm:10.0.5"
@@ -16356,20 +16307,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"wmf@npm:~1.0.1":
-  version: 1.0.2
-  resolution: "wmf@npm:1.0.2"
-  checksum: 10c0/3fa5806f382632cadfe65d4ef24f7a583b0c0720171edb00e645af5248ad0bb6784e8fcee1ccd9f475a1a12a7523e2512e9c063731fbbdae14dc469e1c033d93
-  languageName: node
-  linkType: hard
-
-"word@npm:~0.3.0":
-  version: 0.3.0
-  resolution: "word@npm:0.3.0"
-  checksum: 10c0/c6da2a9f7a0d81a32fa6768a638d21b153da2be04f94f3964889c7cc1365d74b6ecb43b42256c3f926cd59512d8258206991c78c21000c3da96d42ff1238b840
-  languageName: node
-  linkType: hard
-
 "wrap-ansi-cjs@npm:wrap-ansi@^7.0.0, wrap-ansi@npm:^7.0.0":
   version: 7.0.0
   resolution: "wrap-ansi@npm:7.0.0"
@@ -16437,20 +16374,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"xlsx@npm:0.18.5":
-  version: 0.18.5
-  resolution: "xlsx@npm:0.18.5"
-  dependencies:
-    adler-32: "npm:~1.3.0"
-    cfb: "npm:~1.2.1"
-    codepage: "npm:~1.15.0"
-    crc-32: "npm:~1.2.1"
-    ssf: "npm:~0.11.2"
-    wmf: "npm:~1.0.1"
-    word: "npm:~0.3.0"
+"xlsx@https://git.sheetjs.com/sheetjs/sheetjs.git#v0.20.3":
+  version: 0.20.3
+  resolution: "xlsx@https://git.sheetjs.com/sheetjs/sheetjs.git#commit=f30a4dfd4c994f2c1ce57f6cb0281917bca76e7f"
   bin:
-    xlsx: bin/xlsx.njs
-  checksum: 10c0/787cfa77034a3e86fdcde21572f1011c8976f87823a5e0ee5057f13b2f6e48f17a1710732a91b8ae15d7794945c7cba8a3ca904ea7150e028260b0ab8e1158c8
+    xlsx: ./bin/xlsx.njs
+  checksum: 10c0/8cb2723221d550eff0bbeff35d618e4f66c50350045bc809110e49c43915e77474e6612cc4803774466bfef92d556bb86e3e78addcf90a907df9ab9f336d89d1
   languageName: node
   linkType: hard