Fixes CVE-2024-32489 in tecnickcom/tcpdf

[joelpittet]

Description:

❯ composer audit
Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | tecnickcom/tcpdf                                                                 |
| Severity          | medium                                                                           |
| CVE               | CVE-2024-32489                                                                   |
| Title             | TCPDF Cross-site Scripting vulnerability                                         |
| URL               | https://github.com/advisories/GHSA-g9wg-98c2-qv3v                                |
| Affected versions | <6.7.4                                                                           |
| Reported at       | 2024-04-15T06:30:35+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

Fixed with

composer update tecnickcom/tcpdf

Review

• Functional review done
• Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• Security review done
• Wording review done
• Code review done
• Tests were added if useful/possible
• Reviewed for breaking changes
• Developer changelog updated if needed
• Documentation added if needed
• Existing documentation updated if needed

[sgiehl]

Hi @joelpittet
Thanks for creating this PR. The library already had been updated some weeks ago in #22060
I will close this PR, as it actually doesn't contain any further changes anymore.

[joelpittet]

Oh maybe my fork was behind, sorry for the noise