Comments (12)
Same problem here, we are very close to a release with our software and this bug is a big problem for our compliance regulations. It would be important to fix this quickly please 🙏
from react-pdf.
Temporary fix that worked for me:
- in package.json:
"resolutions": {
"pdfjs-dist": "^4.2.67"
}
- in vite.config.ts:
optimizeDeps: {
esbuildOptions: {
target: 'esnext'
}
},
build: {
target: 'esnext'
}
from react-pdf.
@davidovich9 I use react without nextjs and vite. When I set the resolution in the package.json, the message "2 high severity vulnerabilities" persists on npm install.
Are you using yarn, or npm?
yarn you can use resolutions
in your package.json file.
And i believe the npm equivalent is overrides
.
from react-pdf.
Using
overrides
worked for us to remove the warning! What exactly is that doing to fix the issue?
Say you have package A.
And package B, C, D use A as a dependency, but they all use different versions of A.
A resolution or override basically centralizes that version to what you have in your resolution or override.
IMHO, its not a long term solution, but definitely can help out in times like this when we need to quickly get something out.
from react-pdf.
The temporary override (pdfjs-dist
-> 4.2.67
) seems to fix the audit issues but we (@marvinjaworski ) are facing compatibility issues withreact-pdf
in version 8.0.2
So until we found a solution for this, the override doesn't work in all situations.
from react-pdf.
Fixed for us by switching to react-pdf 9.0.0 and adapting breaking changes.
from react-pdf.
Just another engineer chiming in on this 🙏🏽
Edit:
You could possibly use a resolution as a workaround. I will be testing this shortly.
from react-pdf.
Updated my packages and got this warning as well.
from react-pdf.
@davidovich9 I use react without nextjs and vite. When I set the resolution in the package.json, the message "2 high severity vulnerabilities" persists on npm install.
from react-pdf.
Using overrides
worked for us to remove the warning! What exactly is that doing to fix the issue?
from react-pdf.
The temporary override (
pdfjs-dist
->4.2.67
) seems to fix the audit issues but we (@marvinjaworski ) are facing compatibility issues withreact-pdf
in version8.0.2
So until we found a solution for this, the override doesn't work in all situations.
I mean you are bumping a major version of pdfjs. It is more than likely their will be some sort of breaking change.
You could try linting your project to find where the import error is happening and fix it there. You may run into the same issue even with this library updating the dependency.
from react-pdf.
"pdfjs-dist": "3.11.174",
"react-pdf": "^0.0.10", this updated after i do npm i
nextjs app same problem
from react-pdf.
Related Issues (20)
- Render multiple PDFs
- Vulnerability - Malware in legacy-swc-helpers HOT 15
- Text Nesting removes bold V3.4.4 HOT 4
- Cannot build the code on Next typescript v13 and React v18 HOT 2
- react-pdf not rendering images correctly during pdf.(<Document>).toBlob() HOT 2
- Expose renderToImage for library user's own tests
- Long single page + A4 size HOT 1
- Extension E Unicode Version 8.0 chars does not rendered with registered font in PDF.
- Heap memory Leak | each PDF generation increase memory and does not fall back enough. HOT 6
- fontFamily is not loaded / applied if it is only used in render callbacks HOT 1
- Docs: lineHeight can't accept length or percentage
- Numbers don't go to the next line, instead they overlap with others if numbers exceed the width of the parent tag width.
- Border widths are inconsistent for cells inside a table. Some are darker and some are lighter making the page look ugly HOT 1
- Inline text Bold not working HOT 7
- Open renderer link on new window
- Text Encoding Issue When Copying from PDF to Word
- Border on right and bottom not getting displayed
- i18n support for different fonts HOT 2
- Font not working HOT 13
- Cors Erorr while using some external images url with Image tag of this library HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-pdf.