Pipeline failing on Snyk vulnerability check

TaTo30 / vue-pdf

PDF component for Vue 3

https://tato30.github.io/vue-pdf/

MIT License

358 stars 51 forks source link

Pipeline failing on Snyk vulnerability check #118

Open julsco opened 1 month ago

julsco commented 1 month ago

Everything works well in my local, but failing in the pipeline.

Issues with no direct upgrade or patch:
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
    introduced by @tato30/vue-pdf@1.10.0 > pdfjs-dist@4.2.67 > canvas@2.11.2 > @mapbox/node-pre-gyp@1.0.11 > rimraf@3.0.2 > glob@7.1.6 > inflight@1.0.6
  No upgrade or patch available

TaTo30 commented 1 week ago

That vulnerability comes from this project that had been deprecated on may: https://github.com/isaacs/inflight-DEPRECATED-DO-NOT-USE

pdf.js still depends on canvas@2.11.2, meanwhile the dependency has not been updated this issue could not be fixed.