git.gladyson/openmonetis
1
0
Fork 1
mirror of https://github.com/felipegcoutinho/openmonetis.git synced 2026-05-09 02:51:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(segurança): substituir xlsx por exceljs (CVEs sem patch no npm)

Browse Source 
xlsx@0.18.5 tem Prototype Pollution e ReDoS sem versão corrigida no
npm. Migrado para exceljs@4.4.0 nos 4 pontos de uso: parser de
importação, geração de template, exportação de lançamentos e
exportação de relatório de categorias.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Felipe Coutinho
2026-04-04 03:12:04 +00:00
parent 10afef9fec
commit df996df93d
6 changed files with 710 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -72,6 +72,7 @@
"cmdk": "^1.1.1",
"date-fns": "^4.1.0",
"drizzle-orm": "0.45.2",
"exceljs": "^4.4.0",
"jspdf": "^4.2.1",
"jspdf-autotable": "^5.0.7",
"next": "16.2.2",
@@ -87,7 +88,6 @@
"sonner": "2.0.7",
"tailwind-merge": "3.5.0",
"vaul": "1.1.2",
"xlsx": "^0.18.5",
"zod": "4.3.6"
},
"devDependencies": {