search

barryvdh / laravel-dompdf

A DOMPDF Wrapper for Laravel
MIT License
6.62k stars 965 forks source link

Found 4 security vulnerability advisories affecting this package #973

Open MasoodRehman opened 1 year ago

MasoodRehman commented 1 year ago

Describe the bug I was doing a fresh installation of my project packages and found a warning at the end Found 4 security vulnerability advisories affecting this package.

To Reproduce I have used the package in my project during fresh installation I got a warning in console. Found 4 security vulnerability advisories affecting 1 package. After run audit I found below report mentioned in the screenshot.

Expected behavior Update the package dompdf/dompdf to v2.0.3

Screenshots

Screen Shot 2023-05-08 at 8 55 23 PM

Additional context After trying to update to the patch version composer require dompdf/dompdf:2.0.3 I got following error

barryvdh/laravel-dompdf v0.9.0 requires dompdf/dompdf ^1 -> found dompdf/dompdf[v1.0.0, ..., v1.2.2] but it conflicts with your root composer.json require (2.0.3).

parallels999 commented 1 year ago

composer require barryvdh/laravel-dompdf:^2.0 -W

MasoodRehman commented 1 year ago

I did but did not work.

On May 9, 2023, at 6:37 PM, parallels999 @.***> wrote:

composer update barryvdh/laravel-dompdf^2.0 -W

— Reply to this email directly, view it on GitHub https://github.com/barryvdh/laravel-dompdf/issues/973#issuecomment-1540143067, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADR322YDDQQ7FTCQMW6BHPLXFJCDPANCNFSM6AAAAAAX2EQTN4. You are receiving this because you authored the thread.

MasoodRehman commented 1 year ago

…..

On May 9, 2023, at 6:43 PM, parallels999 @.***> wrote:

Of course it works, show us how you did it

— Reply to this email directly, view it on GitHub https://github.com/barryvdh/laravel-dompdf/issues/973#issuecomment-1540152472, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADR322523RREDIAFAB5JYW3XFJCXTANCNFSM6AAAAAAX2EQTN4. You are receiving this because you authored the thread.

parallels999 commented 1 year ago

I see that you do composer require dompdf/dompdf:2.0.3 but i say you must do: composer require barryvdh/laravel-dompdf:^2.0 -W It's not the same

MasoodRehman commented 1 year ago

Here is complete log:

MasoodRehman-Mackbook-Pro: x-projectj eapple$ composer update barryvdh/laravel-dompdf^2.0 -W

Loading composer repositories with package information Package "barryvdh/laravel-dompdf^2.0" listed for update is not locked. Info from https://repo.packagist.org: #StandWithUkraine Updating dependencies Nothing to modify in lock file Installing dependencies from lock file (including require-dev) Nothing to install, update or remove Package fruitcake/laravel-cors is abandoned, you should avoid using it. No replacement was suggested. Package laravelcollective/html is abandoned, you should avoid using it. Use spatie/laravel-html instead. Package paypal/rest-api-sdk-php is abandoned, you should avoid using it. No replacement was suggested. Package swiftmailer/swiftmailer is abandoned, you should avoid using it. Use symfony/mailer instead. Package symfony/inflector is abandoned, you should avoid using it. Use EnglishInflector from the String component instead. Generating optimized autoload files

Illuminate\Foundation\ComposerScripts::postAutoloadDump @php artisan package:discover --ansi Discovered Package: asantibanez/livewire-status-board Discovered Package: barryvdh/laravel-debugbar Discovered Package: barryvdh/laravel-dompdf Discovered Package: barryvdh/laravel-ide-helper …. …. Discovered Package: yajra/laravel-datatables-buttons Discovered Package: yajra/laravel-datatables-html Discovered Package: yajra/laravel-datatables-oracle Package manifest generated successfully. 114 packages you are using are looking for funding. Use the composer fund command to find out more! Found 4 security vulnerability advisories affecting 1 package. Run composer audit for a full list of advisories.

On May 9, 2023, at 7:45 PM, parallels999 @.***> wrote:

composer update barryvdh/laravel-dompdf^2.0 -W

parallels999 commented 1 year ago

composer require barryvdh/laravel-dompdf:^2.0 -W

maha-oueghlani commented 1 year ago

composer require barryvdh/laravel-dompdf:^2.0 -W

barrydh pdf

@parallels999 I did this but I have this issues, I'm using Laravel 10

parallels999 commented 1 year ago

composer require "barryvdh/laravel-dompdf:^2.0.1" -W

MasoodRehman commented 1 year ago

In one of my recent fresh project installation I did not get the issue warning in console. But in the old one which I already mentioned in my previous messages is still getting this warning not sure why.

Any how thanks a lot for your replies.

On May 26, 2023, at 6:30 PM, parallels999 @.***> wrote:

composer require "barryvdh/laravel-dompdf:^2.0.1" -W

— Reply to this email directly, view it on GitHub https://github.com/barryvdh/laravel-dompdf/issues/973#issuecomment-1564398311, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADR3227YTJBGHPJ5EAEAZ23XICV7DANCNFSM6AAAAAAX2EQTN4. You are receiving this because you authored the thread.

ronald-kimeli commented 11 months ago

composer require "barryvdh/laravel-dompdf:^2.0.1" -W

I used this and it solved the vulnerabilities