barryvdh
commented
2 months ago I think it would be better to add that to https://github.com/dompdf/dompdf directly.
Open InfosecCloudNB opened 2 months ago
barryvdh
commented
2 months ago I think it would be better to add that to https://github.com/dompdf/dompdf directly.
InfosecCloudNB
commented
2 months ago Sorry if I'm misunderstanding you but dompdf have already addressed the vulnerability but this package uses an older version of dompdf (v2.0.3) as a dependency. Can we update this package to use v2.0.7 of dompdf?
dsturm
commented
2 months ago Could be closed as completed in https://github.com/barryvdh/laravel-dompdf/commit/c96f90c97666cebec154ca1ffb67afed372114d8
parallels999
commented
2 months ago barryvdh
commented
1 month ago This package requires 2.0.7 or higher, so it is not problemen to just update to newer versions. For 3.x though, try the beta.
Describe the bug This wrapper uses dompdf/dompdf:^2.0.3. This version of phenx/php-svg-lib: >=0.3.3 <1.0.0 which has a HIGH vulnerability. Could we update the dompdf dependency to dompdf/dompdf:^2.0.7 as this uses phenx/php-svg-lib: >=0.5.2 <1.0.0 which addresses the vulnerability?