search

santebe / AppWeb-JuiceShopDevSec

MIT License
0 stars 0 forks source link

[Snyk] Upgrade pdfkit from 0.11.0 to 0.14.0 #41

Closed santebe closed 7 months ago

santebe commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade pdfkit from 0.11.0 to 0.14.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-11-09. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Use of Weak Hash
[SNYK-JS-CRYPTOJS-6028119](https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119) | **644/1000**
**Why?** Has a fix available, CVSS 8.6 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: pdfkit
  • 0.14.0 - 2023-11-09
    • Add support for PDF/A-1b, PDF/A-1a, PDF/A-2b, PDF/A-2a, PDF/A-3b, PDF/A-3a
    • Update crypto-js to v4.2.0 (properly fix security issue)
  • 0.13.0 - 2021-10-24
    • Add tiling pattern support
  • 0.12.3 - 2021-08-01

    v0.12.3

      </li>
  <li>
    <b>0.12.2</b> - 2021-08-01
  </li>
  <li>
    <b>0.12.1</b> - <a href="https://snyk.io/redirect/github/foliojs/pdfkit/releases/tag/v0.12.1">2021-04-10</a></br><ul>
  • Update crypto-js to v3.3 (fix security issue)
  • Update fontkit to 1.8.1

  • 0.12.0 - 2021-04-04
    • Add support for Embedded Files and File Attachment Annotations
    • Accessibility support
    • Replace integration tests by visual regression tests
    • Fix access permissions in PDF version 1.7ext3
    • Fix Buffer() is deprecation warning
    • Add forms.md to generate documentation files
    • Fix "@" in FontName
    •   <li>
    <b>0.11.0</b> - <a href="https://snyk.io/redirect/github/foliojs/pdfkit/releases/tag/v0.11.0">2019-12-10</a></br><ul>
  • Fix infinite loop when an individual character is bigger than the width of the text.
  • Fix infinite loop when text is positioned after page right margin
  • Allow links in continued text to be stopped by setting link to null
  • Add support to interlaced PNG files
  • Do not emit _interopDefault helper in commonjs build
  • Fix gradient with multiple stops (#1045)
  • Set link annotation flag to print by default
  • Add support for AcroForms
  • Drop support for (uncommon) cid less fonts on standalone build (reduces bundle size)

    • from pdfkit GitHub release notes

    Commit messages
    Package name: pdfkit
    • 82920c6 0.14.0
    • befd432 Merge pull request #1471 from mflasquin/bump-crypto-js
    • 7135056 Bump crypto-js from 4.0.0 to 4.2.0 to fix CVE-2023-46233
    • 4ec77dd Merge pull request #1456 from andreiaugustin/docs_pdfa_update
    • 92c593f Added note to docs regarding PDF/A not supporting the standard AFM fonts
    • c1d7700 Support for PDF/A-2 and PDF/A-3 subsets (#1432)
    • d81f13b test: CI node16 and 18 (#1426)
    • 376b31b test: Upgrade jest 26 to 29 (#1427)
    • ba4e7cb Fixed lint's unnecessary semicolon error (#1414)
    • 3904188 Initial support for PDF/A-1a/b (#1395)
    • 3f69586 Merge pull request #1352 from cesargdm/patch-1
    • 9c71eb8 Update getting_started.md
    • 7cd6472 Fix typo in paper_sizes.md (#1302)
    • 3525247 v0.13.0
    • 9098c41 Ignore browserify bundle file
    • 4c5e73a Tiling pattern support (#526) (#1311)
    • fd72a78 Fix syntax highlighting on pdfkit.org (#1308)
    • 55ed6d5 Add missing dependencies to webpack example
    • 29216b7 Fix and cleanup webpack example
    • e9c7d9e v0.12.3
    • cc6331b Add examples folder to .npmignore
    • 62ed253 Remove src folder from .gitignore
    • 5ff4eae fix ignore crypto in standalone build
    • a41f338 Refactor on equality check function (#1280)
    Compare

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

    For more information:

    🧐 View latest project report

    πŸ›  Adjust upgrade PR settings

    πŸ”• Ignore this dependency or unsubscribe from future upgrade PRs

    github-actions[bot] commented 8 months ago

    This PR has been automatically marked as stale because it has not had recent activity. :calendar: It will be closed automatically in two weeks if no further activity occurs.

    github-actions[bot] commented 7 months ago

    This PR was closed because it has been stalled for 14 days with no activity.