- Notifications
You must be signed in to change notification settings - Fork1.9k
chore: upgrade jszip to ^3.10.1#2211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
chore: upgrade jszip to ^3.10.1#2211
Uh oh!
There was an error while loading.Please reload this page.
Conversation
No issues found with our usage inhttps://stuk.github.io/jszip/CHANGES.html, most notable change was 3.9.0 API change, but we are unaffected, due to not using constructor arguments.This patches the zipslip vulnerability in <= 3.7.1 and patched in >= 3.8.0.
GBPROB2 commentedFeb 17, 2023
+1 |
Hi@Alanscut,@alubbe or@Siemienik, and sorry to bother y'all. Whats the best way to get a review here? |
Hi@jarrod-cocoon, as I have got a little bit more free time recently, I'm going to review most part of the PRs. Thank you for your contribution :) Apart from the review, I organize a contributor community on Discord, where regularly we meet on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM
Summary
This patches the zipslip vulnerability in <= 3.7.1 and patched in >= 3.8.0.
No issues found with our usage inhttps://stuk.github.io/jszip/CHANGES.html, most notable change was 3.9.0 API change, but we are unaffected, due to not using constructor arguments.
Test plan
Run npm install and npm test after upgrading. All tests passed.