[Snyk] Upgrade excel4node from 1.7.2 to 1.8.0

[ronniery]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade excel4node from 1.7.2 to 1.8.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 3 months ago, on 2022-07-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: excel4node

• 1.8.0 - 2022-07-21
  

  New Repo & Maintainer:

  Huge thanks to natergj for his work on this library. Due to life circumstances he is no longer able to maintain this library and he has passed the torch over to us at Advisr to continue. We will be continuing development of this library on our fork https://github.com/advisr-io/excel4node and the original repo will be deprecated. New versions will still be released to the original NPM package https://www.npmjs.com/package/excel4node.

  This release is meant to bring the package up to date with its various dependencies to address security vulnerabilities found since the last release three years ago. Additionally a few pull requests from the original repo have been merged to address a few outstanding bug/feature requests. Thanks to Arthur Blake for identifying the pull requests to transfer over from the original repo.

  Bug Fixes:

  • wb.Worksheep is not a function, thanks huihui0606 (#1)
  • error handling for cell row/col smaller than 1 original issue, thanks firlus (#2)
  • add default cell style definition original pr, thanks artiz (#3)
  • fix getExceTS daylight savings bug original pr, thanks finnshort (#4)
  • fix readingOrder original issue, thanks atlanteh (#5)

  Enhancements:

  • upgrade dependencies (92541fa) (11dd63d) (#7) (#24)
  • allow access to set picture rId manually to reduce filesize for reused images original issue, thanks Newbie012 (#6) (#21)

  Breaking Changes:

  • Node versions less than v14 (current maintenance LTS) are no longer supported.
    • Please upgrade to the latest LTS release of Node (we recommend either v14 or v16).
    • When bringing the library dependencies up to date we were forced to increase the minimum node version requirement to their level
• 1.7.2 - 2019-04-28
  

  v1.7.2

from excel4node GitHub release notes

Commit messages

Package name: excel4node

• e3596be Add v1.8.0 to changelog
• ee31038 Merge pull request #24 from advisr-io/upgrade-xmldom
• b111cbc Merge remote-tracking branch 'origin/master' into upgrade-xmldom
• da8e38e Updating package-lock with reverted package name and increased node version
• 9003c32 Updating xmldom to point to new artifact @ xmldom/xmldom
• d562d7a Reverting package name and setting minimum node version to 14
• 7b06164 Merge pull request Bump lodash from 4.17.15 to 4.17.21 #7 from advisr-io/dependency-updates
• 852fd8f Merge remote-tracking branch 'origin/master' into dependency-updates
• 4fdf180 Merge pull request [Snyk] Fix for 5 vulnerabilities #21 from advisr-io/picture-rid-undefined-fix
• a6de9cb Merge branch 'master' into picture-rid-undefined-fix
• 38cc994 Merge pull request [Snyk] Security upgrade request-promise from 4.2.4 to 4.2.6 #22 from advisr-io/add-test-github-action
• 81048ea Adding github action to build and test branches and PRs
• 4b46ccd Updating npm prepublish to prepublishOnly
• ff0182b Checking in package-lock.json to enforce dependency version
• f2177a2 Fixing issue with a picture rId being undefined
• acc547a Upgrade mime to 3.0.0
• f727cdf Upgrade jszip to 3.10.0
• 2371762 Upgrading deepmerge to 4.2.2
• d1b0fa8 Upgrade image-size to 1.0.2
• 494fb90 Merge pull request [Snyk] Security upgrade cli-progress from 3.3.1 to 3.6.1 #8 from advisr-io/convert-changelog-to-markdown
• a9c09b2 Update dependabot.yml
• 277240a Updating xmlbuilder to 15.1.1
• 2a8c2a8 Upgrading uuid to 8.3.2
• be69b4e Adding github action to build and test branches and PRs

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs