Need new supported release of 3.0.0

[leopoldodonnell]

3.0.0.pre is a much needed update that addresses some security concerns. If there is no reason not to release, this candidate should become the latest gem released version.

thanks - for dragging this out of mothballs!

[compwron]

Ditto. :)

In the meantime, this is what we're doing to work around it- gem 'axlsx', '3.0.0.pre' # TODO: Unpin when a non-pre version without the ruby-zip vuln is released

[fmluizao]

@randym, do you want some kind of help with the maintenance? I absolutely love this gem and use it extensively, I will be happy to contribute.

[fabn]

See also #599

[noniq]

Also see #536

[fmluizao]

Since we get no response, I'm taking over the maintenance in my personal fork:

https://github.com/fernandoluizao/axlsx-alt
https://rubygems.org/gems/axlsx-alt

I merged some PRs and released a new version with a new name. I haven't changed the gem's namespace, so it should be easy to migrate.

Please, note that this isn't a hard fork... If someone wants to help, ping me.

[mdavidn]

@fernandoluizao You may want to release a fix to the 2.x major version as well. I prepared such a backport in #536.

[fmluizao]

I'm not intending to support older versions... sorry 😞

[noniq]

There's now https://github.com/caxlsx/caxlsx which has released 3.0.0 (and 3.0.1 and also 2.0.2 with a backport for the rubyzip dependency).

[leopoldodonnell]

There's now https://github.com/caxlsx/caxlsx which has released 3.0.0 (and 3.0.1 and also 2.0.2 with a backport for the rubyzip dependency).

So, should this be considered the preferred solution?

[leopoldodonnell]

Going with caxlsx as a solution where there is some community support - thanks @noniq !