Remove unused vulnerable dependency "xlsx" #17549

mtrefzer · 2025-01-31T17:14:07Z

Describe the bug

The dependency "xlsx" is vulnerable and not used in the project, therefor it should be removed.

Pull Request Link

#17548

Reason for not contributing a PR

Lack of time
Unsure how to implement the fix/feature
Difficulty understanding the codebase
Other

Other Reason

No response

Reproducer

#17548

Environment

Ubuntu 24
node 22

Angular version

19

PrimeNG version

v19

Node version

22

Browser(s)

No response

Steps to reproduce the behavior

package.json contains "xlsx"

Expected behavior

package.json should not contain "xlsx"

FranSalRod · 2025-01-31T22:14:09Z

Hi!
If you have xlsx in your package.json is becouse you put it yourself. Primeng do not install xlsx.
If your project dont need it, and is vulnerable, just remove it.

mtrefzer · 2025-01-31T22:22:46Z

It's a dependency in apps/showcase/package.json.

mtrefzer added the Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible label Jan 31, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove unused vulnerable dependency "xlsx" #17549

Remove unused vulnerable dependency "xlsx" #17549

mtrefzer commented Jan 31, 2025

FranSalRod commented Jan 31, 2025 •

edited

Loading

mtrefzer commented Jan 31, 2025

Remove unused vulnerable dependency "xlsx" #17549

Remove unused vulnerable dependency "xlsx" #17549

Comments

mtrefzer commented Jan 31, 2025

Describe the bug

Pull Request Link

Reason for not contributing a PR

Other Reason

Reproducer

Environment

Angular version

PrimeNG version

Node version

Browser(s)

Steps to reproduce the behavior

Expected behavior

FranSalRod commented Jan 31, 2025 • edited Loading

mtrefzer commented Jan 31, 2025

FranSalRod commented Jan 31, 2025 •

edited

Loading