Pipeline failing on Snyk vulnerability check

[julsco]

Everything works well in my local, but failing in the pipeline.

Issues with no direct upgrade or patch:
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
    introduced by @tato30/vue-pdf@1.10.0 > pdfjs-dist@4.2.67 > canvas@2.11.2 > @mapbox/node-pre-gyp@1.0.11 > rimraf@3.0.2 > glob@7.1.6 > inflight@1.0.6
  No upgrade or patch available

[TaTo30]

That vulnerability comes from this project that had been deprecated on may: https://github.com/isaacs/inflight-DEPRECATED-DO-NOT-USE

pdf.js still depends on canvas@2.11.2, meanwhile the dependency has not been updated this issue could not be fixed.

[emargareten]

@TaTo30 pdf.js already updated the version of canvas

[TaTo30]

Yup, I will release a new version with the new pdf.js version soon

[laserhybiz]

They actually changed the canvas dependency to @napi-rs/canvas (after first updating the canvas version...)