[R-pkg-devel] False positive antivirus reports on package vignettes
Dirk Eddelbuettel
edd @end|ng |rom deb|@n@org
Tue Feb 18 15:34:46 CET 2025
On 18 February 2025 at 15:14, Iñaki Ucar wrote:
| What happened in Rcpp is that the antivirus were detecting an old
| version of ghostscript that could produce potentially vulnerable
| outputs. We solved it by rebuilding the vignettes with a newer version
| of ghostscript. This is most likely the same issue. I can rebuild them
| and send a PR your way if you want.
Bingo. The combination of (re-)using an old pdf (in this case from Feb 2020)
inside a freshly made-from-Rnw pdf is likely at fault, and my simply rebuild
with updated .bib should take care of it.
Ivan, in parallel emails, is on the trail too and reports the file is good
now and I _think_ he refers to the updated pdf one by now gets from the
GitHub repo, or for R user convenience, in the r-universe builds from it. And
hence in the next release (once we work through effects from upstream
changes see [1]).
Excellent assistance from both of you here. Many thanks, as usual.
Cheers, Dirk
[1] https://github.com/RcppCore/RcppArmadillo/issues/462
--
dirk.eddelbuettel.com | @eddelbuettel | edd using debian.org
More information about the R-package-devel
mailing list