Security vulnerability noticed in word-wrap 1.2.3

[Ganeshdr]

word-wrap 1.2.3 package which is used in the path brfs/2.0.2 -> static-module/3.0.4 -> escodegen/1.14.3 -> optionator/0.8.3. In npm, I can latest word-wrap package version available is 1.2.5 which has no security vulnerabilities reported. request you to upgrade the version for this package.

[vadimka123]

I think it’s depends on #2493

[TanushreeB2611]

vadimka123: We are blocked due to the same security vulnerability issue. The word-wrap 1.2.3(vulnerable version), is not a direct dependency of our app, it is indirectly imported by pdf-make. We are already on the latest version of pdf-make: 0.2.7. Can you advise what needs to be done to resolve this?

[vadimka123]

@TanushreeB2611 , original foliojs packages looks like didn’t affected and not using brfs

[TanushreeB2611]

vadimka123: Did not get you ? What step can I take to resolve this issue ?

[vadimka123]

@TanushreeB2611 Just wait steps to solve from pdf-kit side
Switching from forks back in this package looks like should help, but this should be done by pdf-kit devs

[learntolive2]

Any ETA when this issue will be addressed?

[vadimka123]

I think it's already fixed
Yesterday I updated node modules and noticed that line-break (fork) was updated and no any brfs dependency
pdfmake already pointing to this version of line-break fork (^1.1.1 has pdfmake, fix introduced in 1.1.2 version of line-break fork)
Also pdfmake was updated to version 0.2.10, maybe try also update to this version
So looks good for me

[liborm85]

Fixed in version 0.2.10.

[learntolive2]

Thank you @vadimka123 and @liborm85 for quick response.