Security issues with exporter

Dependabot gives two alerts regarding the grid library:

SheetJS Regular Expression Denial of Service (ReDoS)

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).

Prototype Pollution in sheetJS

All versions of SheetJS CE through 0.19.2 are vulnerable to “Prototype Pollution” when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.

A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained.

The automatic update through dependabot interface is not possible because:

Dependabot can’t find a published or compatible non-vulnerable version for xlsx
The latest published and compatible version is 0.18.5.

Hello @Nikolai_Dimentiev,

Could you please clarify what exact component/module, and what exact version you are trying?

Also, we updated export to excel and switched to Json2Excel in the latest updates:

So currently it’s the most actual tool to export files to Excel format.

Kind regards,