Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[OPIK-4252] resolve tar-fs CVE-2025-59343 by upgrading react-pdf to v10 #5088

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
awkoy merged 1 commit into from
Feb 5, 2026
Merged

[OPIK-4252] resolve tar-fs CVE-2025-59343 by upgrading react-pdf to v10 #5088

awkoy merged 1 commit into from
Feb 5, 2026

Conversation

@awkoy
Copy link
Contributor

@awkoy awkoy commented Feb 5, 2026

Details

  • Upgrade react-pdf from 9.2.1 to 10.3.0
  • Switches from canvas to @napi-rs/canvas (zero dependencies)
  • Completely eliminates tar-fs from dependency tree
  • Fixes HIGH severity symlink validation bypass vulnerability
  • Resolves Dependabot alert [NA] Bump version 2.2.0 #120

Change checklist

  • User facing
  • Documentation update

Issues

  • Resolves #
  • OPIK-4252

Testing

Documentation

@awkoy
fix: resolve tar-fs CVE-2025-59343 by upgrading react-pdf to v10
77c78fd 
- Upgrade react-pdf from 9.2.1 to 10.3.0
- Switches from canvas to @napi-rs/canvas (zero dependencies)
- Completely eliminates tar-fs from dependency tree
- Fixes HIGH severity symlink validation bypass vulnerability
- Resolves Dependabot alert #120

Refs: OPIK-4252
@awkoy awkoy requested a review from a team as a code owner February 5, 2026 10:54
@github-actions github-actions bot added dependencies Pull requests that update a dependency file Frontend labels Feb 5, 2026
@awkoy awkoy merged commit 637c79e into main Feb 5, 2026
9 checks passed
@awkoy awkoy deleted the awkoy/OPIK-4252-fix-tarfs-vulnerability branch February 5, 2026 12:15
miguelgrc pushed a commit that referenced this pull request Feb 9, 2026
@awkoy @miguelgrc
fix: resolve tar-fs CVE-2025-59343 by upgrading react-pdf to v10 (#5088)
075c0d1 
- Upgrade react-pdf from 9.2.1 to 10.3.0
- Switches from canvas to @napi-rs/canvas (zero dependencies)
- Completely eliminates tar-fs from dependency tree
- Fixes HIGH severity symlink validation bypass vulnerability
- Resolves Dependabot alert #120

Refs: OPIK-4252
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andriidudar andriidudar andriidudar approved these changes

+1 more reviewer

@baz-reviewer baz-reviewer[bot] baz-reviewer[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@awkoy awkoy

Labels

dependencies Pull requests that update a dependency file Frontend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@awkoy @andriidudar