Skip to content

Bump jspdf from 2.5.2 to 3.0.1#84

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/jspdf-3.0.1
Closed

Bump jspdf from 2.5.2 to 3.0.1#84
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/jspdf-3.0.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 18, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps jspdf from 2.5.2 to 3.0.1.

Release notes

Sourced from jspdf's releases.

v3.0.1

This release fixes two security vulnerabilities:

  • Upgrade optional dependency canvg to 3.0.11
  • Fix a ReDoS vulnerability in the addImage method and the methods html and addSvgAsImage, which depend on addImage

v3.0.0

This major release officially drops support for Internet Explorer and fixes a security vulnerability in the html function by updating the optional dependency dompurify to v3.2.4. There are no other breaking changes.

New Contributors

Full Changelog: parallax/jsPDF@v2.5.2...v3.0.0

Commits
  • 57cbe94 3.0.1
  • 7cf6ddf fix: upgrade @​babel/runtime from 7.26.0 to 7.26.7 (#3832)
  • b167c43 improve performance of data url parsing in addimage (#3843)
  • c4b7421 don't use saucelabs in CI to be able to correctly run CI for PRs
  • 6136d4b Upgrade canvg from 3.0.6 to 3.0.11 (#3836)
  • d0c605f 3.0.0
  • 7aa332e fix(sec): remove MSIE support to allow upgrading to vuln-free dompurify v3 ...
  • e2c1818 Bump rollup from 2.21.0 to 2.79.2 (#3826)
  • 5aad456 fix: upgrade @​babel/runtime from 7.25.6 to 7.26.0 (#3822)
  • 637b5d3 Upgrade dompurify to 2.5.6 to 2.5.8 (#3812)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2025
@dependabot
Bump jspdf from 2.5.2 to 3.0.1
9093fd7 
Bumps [jspdf](https://github.com/MrRio/jsPDF) from 2.5.2 to 3.0.1.
- [Release notes](https://github.com/MrRio/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](parallax/jsPDF@v2.5.2...v3.0.1)

---
updated-dependencies:
- dependency-name: jspdf
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/jspdf-3.0.1 branch from 5ae4431 to 9093fd7 Compare March 25, 2025 15:25
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 25, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/jspdf-3.0.1 branch March 25, 2025 15:26
morrisonbrett added a commit that referenced this pull request Apr 4, 2025
@morrisonbrett
Merge pull request #84 from TrueVote/dependabot/npm_and_yarn/jspdf-3.0.1
326e7d8 
Bump jspdf from 2.5.2 to 3.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@morrisonbrett