Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Disable eval in pdfjs #6615

Merged
merged 1 commit into from
May 7, 2024
Merged

Security: Disable eval in pdfjs #6615

merged 1 commit into from
May 7, 2024

Conversation

shamoon
Copy link
Member

@shamoon shamoon commented May 7, 2024
edited

Proposed change

Updating to pdfjs 4.x is just not on the table, so this should close https://github.com/paperless-ngx/paperless-ngx/security/dependabot/181

Closes https://github.com/paperless-ngx/paperless-ngx/security/dependabot/181

Type of change

  • Bug fix: non-breaking change which fixes an issue.
  • New feature / Enhancement: non-breaking change which adds functionality. Please read the important note above.
  • Breaking change: fix or feature that would cause existing functionality to not work as expected.
  • Documentation only.
  • Other. Please explain: Security

Checklist:

  • I have read & agree with the contributing guidelines.
  • If applicable, I have included testing coverage for new code in this PR, for backend and / or front-end changes.
  • If applicable, I have tested my code for new features & regressions on both mobile & desktop devices, using the latest version of major browsers.
  • If applicable, I have checked that all tests pass, see documentation.
  • I have run all pre-commit hooks, see documentation.
  • I have made corresponding changes to the documentation as needed.
  • I have checked my modifications for any breaking changes.

@shamoon shamoon requested a review from a team as a code owner May 7, 2024 16:29
@shamoon shamoon enabled auto-merge (squash) May 7, 2024 16:29
@codecov Codecov
Copy link

codecov bot commented May 7, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.19%. Comparing base (3bd6a6f) to head (7d73a01).

Additional details and impacted files 
@@           Coverage Diff           @@
##              dev    #6615   +/-   ##
=======================================
  Coverage   97.19%   97.19%           
=======================================
  Files         436      436           
  Lines       17953    17953           
  Branches     1432     1521   +89     
=======================================
  Hits        17449    17449           
+ Misses        504      501    -3     
- Partials        0        3    +3
Flag Coverage Δ
backend 95.88% <ø> (ø)
frontend 98.63% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@shamoon shamoon added this to the v2.8.2 milestone May 7, 2024
@shamoon shamoon merged commit 076b5b1 into dev May 7, 2024
25 checks passed
@shamoon shamoon deleted the security-181 branch May 7, 2024 16:45
@shamoon shamoon mentioned this pull request May 13, 2024
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stumpylog stumpylog stumpylog approved these changes

Assignees
No one assigned
Labels
frontend small-change
Projects
Paperless-ngx
Status: Done
Milestone
v2.8.2
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@shamoon @stumpylog