Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade pdfkit from 0.11.0 to 0.14.0 #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade pdfkit from 0.11.0 to 0.14.0 #9

wants to merge 1 commit into from

Conversation

jonathanchisnyk
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade pdfkit from 0.11.0 to 0.14.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 6 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2023-11-09.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Use of Weak Hash
SNYK-JS-CRYPTOJS-6028119		 94/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00067, Social Trends: No, Days since published: 157, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 4.54, Likelihood: 2.06, Score Version: V5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: pdfkit
  • 0.14.0 - 2023-11-09
    • Add support for PDF/A-1b, PDF/A-1a, PDF/A-2b, PDF/A-2a, PDF/A-3b, PDF/A-3a
    • Update crypto-js to v4.2.0 (properly fix security issue)
  • 0.13.0 - 2021-10-24
    • Add tiling pattern support
  • 0.12.3 - 2021-08-01

    v0.12.3

  • 0.12.2 - 2021-08-01
  • 0.12.1 - 2021-04-10
    • Update crypto-js to v3.3 (fix security issue)
    • Update fontkit to 1.8.1
  • 0.12.0 - 2021-04-04
    • Add support for Embedded Files and File Attachment Annotations
    • Accessibility support
    • Replace integration tests by visual regression tests
    • Fix access permissions in PDF version 1.7ext3
    • Fix Buffer() is deprecation warning
    • Add forms.md to generate documentation files
    • Fix "@" in FontName
  • 0.11.0 - 2019-12-10
    • Fix infinite loop when an individual character is bigger than the width of the text.
    • Fix infinite loop when text is positioned after page right margin
    • Allow links in continued text to be stopped by setting link to null
    • Add support to interlaced PNG files
    • Do not emit _interopDefault helper in commonjs build
    • Fix gradient with multiple stops (#1045)
    • Set link annotation flag to print by default
    • Add support for AcroForms
    • Drop support for (uncommon) cid less fonts on standalone build (reduces bundle size)
from pdfkit GitHub release notes
Commit messages
Package name: pdfkit

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonathanchisnyk @snyk-bot