Hello,
I'm experiencing the following error, when I try to use "fromFile" function to load the data for a spreadsheet component from an excel file:
"The constructor with parameters has been removed in JSZip 3.0, please check the upgrade guide."
The problem seems to be in the version of JSZip library, which the component uses. I manually changed the version of "JSZip" script to 2.6 and it works fine, but I want to know how to do it using the latest version of the spreadsheet component and the latest version of "JSZip". I used the same file in the demo page in your site and it works fine there. The version of kendo is "2020.1.406".
2 Answers, 1 is accepted
Hello George,
The Spreadsheet widget functionality does not offer support for JSZip 3. Having that said, in order to benefit from the import/export functions of the Spreadsheet, you will need to use JSZip 2.x.
Regards,
Veselin Tsvetanov
Progress Telerik
Our thoughts here at Progress are with those affected by the outbreak.
Rank 1
I see that JSZIP 3.10.1 support is introduced in latest version (https://github.com/telerik/kendo-ui-core/issues/2316)
Anyhow it fails for this use case (spreadsheet and fromFile).
Should it work, is this now then a bug?
Hi Markus,
The described issue is a known one. There is already a developer who is working on it and the fix for the issue will be available with the next release scheduled for the very end of January.
Regards,
Neli
Rank 1
Iron
Is there any update on upgrading jszip, there is a security vulnerability and many security scans are not passing our product because of it.
For details
https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497
From Sonar scan:
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
Hi Kezar,
Thank you for bringing the above issue to our attention. As a result of your report, I have reopened the following GitHub issue:
https://github.com/telerik/kendo-ui-core/issues/2316
I have also updated your Telerik points as gratitude for sharing the above.
Rank 1
Iron
Iron
Our team also recently saw this same issue in our security scanner. Looking forward to the fix so we can upgrade to JSZip 3.7
Hi Jack,
We will do our best to move the upgrade task as soon as possible in our implementation queue. That you for your comment.
Rank 1
Iron
Hi Kezar,
The upgrade of JSZip is yet not scheduled for implementation. Nevertheless, based on your question, I have raised the priority of the GitHub item:
Hi Jack,
The JSZIP version bump is yet not scheduled for implementation. I have just raised the priority of the GitHub item:
Rank 1
Iron
Iron