Problem/Motivation

I noticed that the module is currently locked to PHPOffice/PhpSpreadsheet version 2.2.1: https://git.drupalcode.org/project/xls_serialization/-/blob/2.0.x/compos....

We noticed that there are some security issues in the PHP package that are backported to 2.3.0 version: https://github.com/PHPOffice/PhpSpreadsheet/releases/tag/2.3.0.

Latest 2.3.x release is 2.3.3.

Would it make sense to update the package to the supported 2.3.3 version? I noticed there is an on going issue #3481928: Compatibility with phpoffice/phpspreadsheet:^3 to support the 3.x major version of the package but that still needs work so I wonder if it would make sense to update to the minor version first?

Steps to reproduce

TBD

Proposed resolution

Update the composer.json version requirement to ^2.3.3.

Remaining tasks

Update composer.json and test that everything works.

User interface changes

None.

API changes

None.

Data model changes

None.

Issue fork xls_serialization-3490983

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

heikkiy created an issue. See original summary.

heikkiy opened merge request !35

heikkiy’s picture

heikkiy commented
Status: Active » Needs review
mably’s picture

mably commented

The 2.2.1 is only a minimum requirement, it works perfectly fine with 2.3.3 version.

We could uplift that minimum version requirement on the 2.1.x development branch.

Let's merge this.

FYI version 2.2.1 of the library already requires PHP 8.1, no change on that side.

  • mably committed 3ec5366d on 2.1.x authored by heikkiy 
    Issue #3490983 by heikkiy: Update PHPOffice/PhpSpreadsheet to latest 2.3...
mably’s picture

mably commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.