Does tableExport.min.js include the latest secure version of xlsx? #382
Comments
|
tableExport.min.js does not contain any external libraries such as xlsx directly. The code for exporting tables relies on external libraries, such as xlsx, which must be included separately. This means that if you use tableExport, you have to include xlsx manually in your project if you want to use the export function for Excel (XLSX). In this case, you can ensure that you always use the latest and most secure version of xlsx by integrating it yourself. |
|
@hhurz thanks for the answer. I asked the question because yarn audit rise known vulnerabilities for xlsx <0.20 and because this lib no longer uses BUT I don't actually use this library, the export I do is a simple XLS and doesn't need this plugin. Therefore, I don't want this unused library to be automatically installed along with all its own dependencies, which would cause a security violation warning during an audit. Because as you say this plugin is optional and needs to be installed specifically, wouldn't it be a good idea to move it to the optionalDependencies section of the package.json? What do you think? |
I was wondering if the latest version of tableExport.min.js includes the most recent release of the xlsx library hosted on SheetJS.
I'm asking because versions of xlsx prior to 0.20 contain known vulnerabilities, and I want to ensure that the latest, more secure version is being used.
Thanks in advance for your help!
The text was updated successfully, but these errors were encountered: