search

vinodnimbalkar / svelte-pdf

svelte-pdf provides a component for rendering PDF documents using PDF.js
https://www.npmjs.com/package/svelte-pdf
MIT License
203 stars 49 forks source link

Semver vulnerability #57

Closed Gildedter closed 1 year ago

Gildedter commented 1 year ago

Running pnpm audit results in:

semver vulnerable to Regular Expression Denial of Service
Vulnerable versions <7.5.2
Patched versions    >=7.5.2
Paths:
    - pdfjs-dist@3.8.162 > canvas@2.11.2 > @mapbox/node-pre-gyp@1.0.10 > make-dir@3.1.0 > semver@6.3.0
    - svelte-pdf@1.0.19 > pdfjs-dist@3.8.162 > canvas@2.11.2 > @mapbox/node-pre-gyp@1.0.10 > make-dir@3.1.0 > semver@6.3.0
More info https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

I saw #56 b61420e0990abe2fc32be21a7dfbb1d90ba76e60, but wasn't sure if that would fix the warning, I haven't checked the source code...

Edit: pdfjs-dist's optional dependency canvas was the root cause, so I'm closing this