chore(deps): bump jspdf from 3.0.3 to 4.0.0#131
chore(deps): bump jspdf from 3.0.3 to 4.0.0#131dependabot[bot] wants to merge 1 commit intodevelopfrom
Conversation
Bumps [jspdf](https://github.com/parallax/jsPDF) from 3.0.3 to 4.0.0. - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v3.0.3...v4.0.0) --- updated-dependencies: - dependency-name: jspdf dependency-version: 4.0.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
|
|
1 similar comment
|
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Greptile SummaryThis PR updates Key changes:
Verification needed:
Confidence Score: 5/5
Important Files Changed
Sequence DiagramsequenceDiagram
participant D as Dependabot
participant PM as pnpm
participant PJ as package.json
participant L as pnpm-lock.yaml
participant App as Application
D->>PJ: Detect security vulnerability
D->>PJ: Update jspdf: ^3.0.2 → ^4.0.0
D->>PM: Trigger dependency resolution
PM->>L: Update resolved version: 3.0.3 → 4.0.0
PM->>L: Update transitive dependencies
Note over L: core-js, dompurify, esquery
App->>App: Uses jspdf for PDF generation
Note over App: Browser-only usage<br/>Not affected by Node.js security fix
|
|
|
Superseded by #138. |
Bumps jspdf from 3.0.3 to 4.0.0.
Release notes
Sourced from jspdf's releases.
Commits
e6cf03d4.0.0a688c8frestrict file system access in node build (#3931)a504e973.0.4de802abFix Incorrect Typing for Margins in the TableConfig Interface Definition (#3816)87162d1chore: bump checkout, setup-node, and stale actions (#3907)e7dc622Fix: Context2d font regex too restrictive ( #3904 ) (#3906)e080935Do not add pages dynamically unless autoPaging is enabled (#3915)c768910add package.json exports field (#3903)c10d90cFix API.internal.pages not being updated when restoring a RenderTarget ( #389...2db3d9dfix font list cache invalidation issue in context2d module (#3891)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Summary by cubic
Upgrade jsPDF to 4.0.0 to fix a Node.js path traversal vulnerability and include recent bug fixes. No app code changes; browser usage should behave the same.
Dependencies
Migration
Written for commit 837fd42. Summary will update on new commits.