Faced the issue as well.
I have a SNYK test for all added packages to my solution and snyk report shows the tesseract.js includes outdated and vulnerable library file-type 12.4.2:

Would it be possible to resolve this issue please?

+1

Adding the link to the comment from Closed thread (#679) as it's connected and issue wasn't solved so far:
#679 (comment)

Would be ideal if a user impacted by this issue could contribute a PR. I will not have time to develop Tesseract.js in the near future.

I looked into this tonight, and this dependency is quite the headache--I am leaning towards cutting altogether.

1. The latest versions (>=17) are ESM only, so will not work with our build.
2. The bug is also patched in v16.5.4, however that version has separate exports for the Node.js and browser versions, so would require workarounds to run in Tesseract.js (which requires both).
3. When I got a browser-only version running with v16.5.4, I found this update over doubled the size of our worker code, which I do not consider an acceptable tradeoff
   a. worker.min.js went from 145.1kB to 297.0kB [+105%]

Rather than work on this further, I think I am going to cut this dependency in the next version. We currently use file-type to (1) detect whether a buffer contains a .gz file and (2) detect whether a buffer contains a .bmp file. Figuring out how to do those things from scratch is almost certainly easier than continuing to fiddle with this dependency.

This dependency has been removed in the master branch in #775 for the reasons stated above. This change will be reflected in the next npm release, which will be version 4.1.0.

This dependency was removed in the v4.1.0 release.