Closed make-github-pseudonymous-again closed 2 months ago
Attention: Patch coverage is 33.33333%
with 2 lines
in your changes are missing coverage. Please review.
Project coverage is 64.49%. Comparing base (
499fcb7
) to head (2d3e1ba
). Report is 2 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
imports/lib/pdf/pdf.ts | 33.33% | 2 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
By default,
pdfjs-dist
optimizes some path resolution logic by compiling a JavaScript function on the fly. The function is built using string concatenation and no effort is made at sanitizing the parts it is built from. These parts could contain user-input which leads to a code injection vulnerability. This commit disables this default behavior. An alternative is to upgradepdfjs-dist
to v4.2.67 or later.See: