Pdf.js vulnerability in v1.0.9 due to CVE-2024-34342 and CVE-2024-4367

[mukitmomin]

Describe the bug

CVE-2024-34342 and CVE-2024-4367 are leading to npm audit scans failure, arising due to Pdf.js and react-pdf vulnerability.

To Reproduce In the source/ui directory run the command:

npm audit

Expected behavior No vulnerabilities

Please complete the following information about the solution:

• [x] Version: v1.0.9

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0281) - Enhanced Document Understanding on AWS. Version v1.0.0".

• [ ] Region: [e.g. us-east-1]
• [ ] Was the solution modified from the version published on this repository?
• [ ] If the answer to the previous question was yes, are the changes available on GitHub?
• [ ] Have you checked your service quotas for the sevices this solution uses?
• [ ] Were there any errors in the CloudWatch Logs?

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context Add any other context about the problem here.

[tabdunabi]

Thank you for contacting us regarding CVE-2024-34342 and CVE-2024-4367. On May 30, 2024, Enhanced Document Understanding on AWS released version 1.0.10 and recommends customers upgrade to address these issues.