vue-pdf icon indicating copy to clipboard operation
vue-pdf copied to clipboard
verified publisher icon TaTo30

Pipeline failing on Snyk vulnerability check

Open julsco opened this issue 1 year ago • 1 comments

Everything works well in my local, but failing in the pipeline.

Issues with no direct upgrade or patch:
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in [email protected]
    introduced by @tato30/[email protected] > [email protected] > [email protected] > @mapbox/[email protected] > [email protected] > [email protected] > [email protected]
  No upgrade or patch available

julsco avatar Jun 06 '24 16:06 julsco

That vulnerability comes from this project that had been deprecated on may: https://github.com/isaacs/inflight-DEPRECATED-DO-NOT-USE

pdf.js still depends on [email protected], meanwhile the dependency has not been updated this issue could not be fixed.

TaTo30 avatar Jul 10 '24 05:07 TaTo30

@TaTo30 pdf.js already updated the version of canvas

emargareten avatar Nov 18 '24 11:11 emargareten

Yup, I will release a new version with the new pdf.js version soon

TaTo30 avatar Nov 20 '24 04:11 TaTo30

They actually changed the canvas dependency to @napi-rs/canvas (after first updating the canvas version...)

laserhybiz avatar Nov 29 '24 08:11 laserhybiz