Comparing changes

Snyk has created this PR to upgrade dompurify from 3.3.0 to 3.3.1. See this package in npm: dompurify See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [cipher-base](https://github.com/crypto-browserify/cipher-base) from 1.0.4 to 1.0.7. - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) --- updated-dependencies: - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.20 to 5.4.21. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11 to 2.4.12. - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) --- updated-dependencies: - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>

Bumps [tmp](https://github.com/raszi/node-tmp) to 0.2.5 and updates ancestor dependencies [tmp](https://github.com/raszi/node-tmp), [inquirer](https://github.com/SBoudrias/Inquirer.js) and [karma](https://github.com/karma-runner/karma). These dependencies need to be updated together. Updates `tmp` from 0.2.1 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.1...v0.2.5) Updates `inquirer` from 6.5.2 to 13.2.1 - [Release notes](https://github.com/SBoudrias/Inquirer.js/releases) - [Commits](https://github.com/SBoudrias/Inquirer.js/compare/inquirer@6.5.2...inquirer@13.2.1) Updates `karma` from 5.1.0 to 6.4.4 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v5.1.0...v6.4.4) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect - dependency-name: inquirer dependency-version: 13.2.1 dependency-type: direct:development - dependency-name: karma dependency-version: 6.4.4 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>

Bumps [@koa/cors](https://github.com/koajs/cors) to 5.0.0 and updates ancestor dependency [local-web-server](https://github.com/lwsjs/local-web-server). These dependencies need to be updated together. Updates `@koa/cors` from 3.4.3 to 5.0.0 - [Changelog](https://github.com/koajs/cors/blob/master/History.md) - [Commits](koajs/cors@3.4.3...5.0.0) Updates `local-web-server` from 4.2.1 to 5.4.0 - [Release notes](https://github.com/lwsjs/local-web-server/releases) - [Commits](lwsjs/local-web-server@v4.2.1...v5.4.0) --- updated-dependencies: - dependency-name: "@koa/cors" dependency-version: 5.0.0 dependency-type: indirect - dependency-name: local-web-server dependency-version: 5.4.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix PDF Injection vulnerability in AcroForm (ChoiceField, CheckBox, RadioButton) * Apply review suggestions: Improved hex escaping * Test: Add PDF injection tests * fix test cases, formatting --------- Co-authored-by: kali <kali@kali.kali> Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>

Move module-level variables (text, jsNamesObj, jsJsObj) inside addJS function scope to prevent data leakage when multiple jsPDF instances call addJS() before save(). Fixes shared state vulnerability where docA.save() would contain docB's script if docB.addJS() was called after docA.addJS(). Co-authored-by: root <root@DESKTOP-PC8VOAS.localdomain>

* limit buffer allocation size when parsing BMP images * document addImage might throw errors

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Uh oh!

Commits on Jan 29, 2026

Commits on Feb 2, 2026

Commits on Feb 4, 2026

This comparison is taking too long to generate.

Uh oh!