[Security] Upgrade pdfjs-dist version to >4.1.392

mellowtel-inc / mellowtel-js

With Mellowtel, your users can share a fraction of their unused internet by using a transparent opt-in/out mechanism. Trusted partners access the internet through this network, and you get paid for it.

https://www.mellowtel.it/

GNU Lesser General Public License v3.0

34 stars 3 forks source link

[Security] Upgrade pdfjs-dist version to >4.1.392 #10

Open peterdotjs opened 3 weeks ago

peterdotjs commented 3 weeks ago

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF - https://github.com/advisories/GHSA-wgrm-67xf-hhpq

mellowtel commented 2 weeks ago

Hey @peterdotjs, thanks for this! Will look into it, I think it was downgraded to that version because version >4 had issues in working properly, but will try to upgrade safely