Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update SixLabors.ImageSharp to 2.1.8. CVE-2024-32036 #1317

Merged

Conversation

DontFretBrett
Copy link

Update SixLabors.ImageSharp to 2.1.8 to address CVE-2024-32036

@seFausto
Copy link

Awesome! I need this change for a vulnerability found by a static scan.

@tonyqus tonyqus added this to the NPOI 2.7.1 milestone Apr 17, 2024
@tonyqus
Copy link
Member

tonyqus commented Apr 17, 2024

LGTM

@DontFretBrett
Copy link
Author

Thanks @tonyqus, do you know how I can resolve the failing ubuntu check?

@tonyqus tonyqus merged commit 4eb5d0e into nissl-lab:master Apr 18, 2024
2 of 3 checks passed
@tonyqus
Copy link
Member

tonyqus commented Apr 18, 2024

failing ubuntu check

Why do you fail the ubuntu check? I didn't get it.

antony-liu added a commit to antony-liu/npoi that referenced this pull request Apr 26, 2024
commit 815eb29
Merge: efb45c5 ff7fa87
Author: Tony Qu <[email protected]>
Date:   Fri Apr 26 22:37:31 2024 +0800

    Merge pull request nissl-lab#1316 from antony-liu/poi/v3.16-patch3

    Some patches ported from poi

commit efb45c5
Merge: 5cb561d b48fe66
Author: Tony Qu <[email protected]>
Date:   Fri Apr 26 21:51:49 2024 +0800

    Merge pull request nissl-lab#1284 from superrnovae/bmp_pictures

    Opening existing workbook with pictures, adding new ones and saving it should not throw an exception

commit ff7fa87
Merge: cc1de9a 5cb561d
Author: Antony Liu <[email protected]>
Date:   Fri Apr 26 20:59:25 2024 +0800

    Merge branch 'master' into poi/v3.16-patch3

commit 5cb561d
Merge: e82fa27 c0378c6
Author: Tony Qu <[email protected]>
Date:   Thu Apr 25 02:05:43 2024 +0800

    Merge pull request nissl-lab#1303 from Bykiev/FixCreateCellComment

    XLS - Fix adding cell comment

commit e82fa27
Merge: 83106c2 989cb6b
Author: Tony Qu <[email protected]>
Date:   Wed Apr 24 19:43:02 2024 +0800

    Merge branch 'master' of https://github.com/nissl-lab/npoi

commit 83106c2
Author: Tony Qu <[email protected]>
Date:   Wed Apr 24 19:42:35 2024 +0800

    fix nissl-lab#1315 - rollback the change of dt2D and dtr property

commit 989cb6b
Merge: 7fd6e4c 9fe58ed
Author: Tony Qu <[email protected]>
Date:   Wed Apr 24 04:19:14 2024 +0800

    Merge pull request nissl-lab#1281 from superrnovae/xssf_formula_results_format

    [Bug 67785] Make XSSFExcelExtractor output more like that from XSSFEventBasedExcelExtractor

commit 7fd6e4c
Merge: 976c1f5 7892c92
Author: Tony Qu <[email protected]>
Date:   Wed Apr 24 03:58:13 2024 +0800

    Merge pull request nissl-lab#1307 from Bykiev/DocVars

    Fix reading document variables

commit 976c1f5
Merge: 3412b21 428a170
Author: Tony Qu <[email protected]>
Date:   Wed Apr 24 03:55:07 2024 +0800

    Merge pull request nissl-lab#1262 from jake-codes-at-5-am/removedatavalidation-to-upstream

    Add RemoveDataValidation method

commit 3412b21
Merge: 4eb5d0e 7c65a61
Author: Tony Qu <[email protected]>
Date:   Wed Apr 24 03:53:27 2024 +0800

    Merge pull request nissl-lab#1314 from antony-liu/fix/github-issue-1070

    Avoid NullReference exception when saving workbook with XML Map

commit 4eb5d0e
Merge: 9e6eef1 44de724
Author: Tony Qu <[email protected]>
Date:   Thu Apr 18 08:13:11 2024 +0800

    Merge pull request nissl-lab#1317 from DontFretBrett/update-sixlabors-imagesharp-218

    Update SixLabors.ImageSharp to 2.1.8. CVE-2024-32036

commit 44de724
Author: Brett Sanders <[email protected]>
Date:   Wed Apr 17 10:53:37 2024 -0700

    Update SixLabors.ImageSharp to 2.1.8. CVE-2024-32036

commit 9e6eef1
Merge: 595ed45 6321d89
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 22:31:48 2024 +0800

    Merge branch 'master' of https://github.com/nissl-lab/npoi

commit 595ed45
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 22:31:38 2024 +0800

    fix TestXWPFRun unit test

commit 6321d89
Merge: a8a827f 1067d7f
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 09:05:17 2024 +0800

    Merge pull request nissl-lab#1313 from Bykiev/SharpZipLib

    Update SharpZipLib to v1.4.2

commit a8a827f
Merge: f0b0ea8 79dfd75
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 09:04:05 2024 +0800

    Merge pull request nissl-lab#1283 from superrnovae/table_cellreferences

    [github-164] Fix Bug in XSSFTable.setCellReferences when table is single cell.

commit f0b0ea8
Merge: 174fc67 16b283d
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 09:02:16 2024 +0800

    Merge pull request nissl-lab#1309 from antony-liu/poi/v3.16-patch2

    Patches about VBAMacroReader from poi

commit 174fc67
Merge: d31d5d3 649c565
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 08:47:24 2024 +0800

    Merge branch 'master' of https://github.com/nissl-lab/npoi

commit d31d5d3
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 08:46:58 2024 +0800

    adjust Word openxml serialization

commit 990e862
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 08:45:20 2024 +0800

    only add xml:space="preserve" when the value starts or ends with whitespace

commit 590b7f7
Author: Tony Qu <[email protected]>
Date:   Tue Apr 16 08:42:58 2024 +0800

    fix nissl-lab#1276 - remove docGrid init code in CT_SectPr constructor

commit 7c65a61
Author: Antony Liu <[email protected]>
Date:   Sat Apr 13 15:30:16 2024 +0800

    Fix issue nissl-lab#1070, avoid NullReference exception when saving workbook with XML Map

commit 1067d7f
Author: ABykiev <[email protected]>
Date:   Tue Apr 9 18:51:36 2024 +0300

    Update SharpZipLib to v1.4.2

    Closes nissl-lab#1149

commit 16b283d
Merge: 8f43183 649c565
Author: Antony Liu <[email protected]>
Date:   Fri Apr 5 09:58:46 2024 +0800

    Merge branch 'master' into poi/v3.16-patch2

commit 649c565
Merge: 17041e5 7c89ee6
Author: Tony Qu <[email protected]>
Date:   Fri Apr 5 09:22:04 2024 +0800

    Merge pull request nissl-lab#1306 from antony-liu/poi/v3.16-patch1

    Some patches ported from poi

commit 17041e5
Merge: 462f15f b89af43
Author: Tony Qu <[email protected]>
Date:   Wed Apr 3 07:35:01 2024 +0800

    Merge pull request nissl-lab#1291 from jake-codes-at-5-am/fix-ct-formulacell-write

    CT_CellFormula.Write: fix writing the si attribute

commit 7892c92
Author: ABykiev <[email protected]>
Date:   Tue Apr 2 21:58:45 2024 +0300

    Fix reading document variables

    Closes nissl-lab#1199

commit c0378c6
Author: ABykiev <[email protected]>
Date:   Sun Mar 31 20:31:09 2024 +0300

    XLS - Fix adding cell comment

    Closes nissl-lab#1240

commit 462f15f
Author: Tony Qu <[email protected]>
Date:   Thu Mar 28 11:09:26 2024 +0800

    Update FUNDING.yml

commit 766e2c5
Author: Tony Qu <[email protected]>
Date:   Thu Mar 28 11:07:55 2024 +0800

    Create FUNDING.yml

commit 844391f
Author: Tony Qu <[email protected]>
Date:   Thu Mar 28 11:00:17 2024 +0800

    Delete .github/FUNDING.yml

commit b89af43
Author: Artem Koloskov <[email protected]>
Date:   Tue Mar 12 15:27:58 2024 +0700

    upstream-fix: in `CT_CellFormula` ensure the `siField` is written into `fField`'s attributes on `Write` even when it has a default value for cases when the type of the formula is Shared formula.

commit b48fe66
Author: suppernovae <[email protected]>
Date:   Tue Mar 5 13:08:05 2024 +0100

    Fix saving existing workbook with pictures after adding new ones

commit 79dfd75
Author: suppernovae <[email protected]>
Date:   Tue Mar 5 11:43:26 2024 +0100

    [github-164] Fix Bug in XSSFTable.setCellReferences when table is single cell

commit 9fe58ed
Author: suppernovae <[email protected]>
Date:   Tue Mar 5 10:48:34 2024 +0100

    Revert "Use range operator instead of substring method"

    This reverts commit 5b838ba.

commit 5b838ba
Author: suppernovae <[email protected]>
Date:   Tue Mar 5 10:41:42 2024 +0100

    Use range operator instead of substring method

commit e5e92af
Author: suppernovae <[email protected]>
Date:   Mon Mar 4 23:36:35 2024 +0100

    Bug 67784: XSSFExcelExtractor does not format formula results like the streaming based extractor

commit 428a170
Author: Artem Koloskov <[email protected]>
Date:   Fri Feb 9 11:31:06 2024 +0700

    Upstream feature: change RemoveValidationData methods to RemoveDataValidation

commit a39833e
Author: Artem Koloskov <[email protected]>
Date:   Tue Nov 28 16:45:29 2023 +0700

    Upstream feature: add tests for ISheet.RemoveValidationData method

commit fefe574
Author: Artem Koloskov <[email protected]>
Date:   Tue Nov 28 16:44:37 2023 +0700

    Upstream fix: fix CT_DataValidations.Write method.

    It was writing an empty dataValidations node if its dataValidation property was empty, which was breaking the resulting xlsx file

commit 8e4b633
Author: Artem Koloskov <[email protected]>
Date:   Tue Nov 28 16:41:54 2023 +0700

    Upstream feature: ass ISheet.RemoveValidationData method and implement it in HSSF, XSSF and SXSSF Sheets

commit 73daa01
Author: Artem Koloskov <[email protected]>
Date:   Tue Nov 28 16:40:21 2023 +0700

    Upstream feature: implement DataValidityTable.RemoveDataValidation method

commit 01c9fa5
Author: Artem Koloskov <[email protected]>
Date:   Tue Nov 28 16:38:03 2023 +0700

    Upstream feature: Implement CT_DataValidation and DVRecord Equals() method overrides.
@Bykiev Bykiev mentioned this pull request Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants