Security issue with dompdf/dompdf <2.0.4 dependency

barryvdh / laravel-dompdf

A DOMPDF Wrapper for Laravel

MIT License

6.7k stars 966 forks source link

Security issue with dompdf/dompdf <2.0.4 dependency #1033

Open alexandreacid opened 7 months ago

alexandreacid commented 7 months ago

Hi,

I'm using your package along the security package roave/security-advisory.

Recently, a new security conflict occurred with the dompdf/dompdf package (https://github.com/advisories/GHSA-97m3-52wr-xvv2). It is asked to use a >2.0.4 version of dompdf/dompdf package, but yours requires ^2.0.1. Is it possible for you to upgrade your dependency to version >2.0.4 ?

alexandreacid commented 7 months ago

My bad,

There is no higher version of dompdf/dompdf... Have to wait for it...

parallels999 commented 7 months ago

Run composer require "barryvdh/laravel-dompdf:^2.0.1" -W when they release it That will update dompdf

https://github.com/barryvdh/laravel-dompdf/pull/1027#issuecomment-1910558581