High Severity Security vulnerability with a dependency package

[dagoltz]

pdfMake is flagged due to its usage of linebreak>brfs>static-module>static-eval
https://snyk.io/vuln/SNYK-JS-STATICEVAL-1056765

There is an open bug in static-eval, we need to either wait for them to resolve it or to replace the usage.

[liborm85]

Cannot be resolved in pdfmake. Require new version of linebreak library https://github.com/foliojs/linebreak.

[dagoltz]

while "fixing" this issue would require a new version of another lib, this is currently a security issue this library is exposing.

in the original bug, the author is claiming this is a FP as this is what the library was designed to do.
As the Author here - are you able to confirm that this security concern is a non-issue for your specific usage?

[liborm85]

In pdfmake there is no problem with this.