Skip to content

update jspdf #440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
warm-coolguy merged 1 commit into from
Jan 6, 2026
Merged

update jspdf #440

warm-coolguy merged 1 commit into from
Jan 6, 2026

Conversation

@warm-coolguy
Copy link
Member

@warm-coolguy warm-coolguy commented Jan 6, 2026

Summary

Due to a security vulnerability, the dependency jspdf is updated from ^2.5.2 to ^4.0.0. Neither of the breaking changes (3.0.0, 4.0.0) is relevant to POLAR. Furthermore, the vulnerability does not affect us, and no further action is required; simply phasing out the old version on an update anywhen, if at all, is sufficient.

During the update, NPM automatically pulled @babel/runtime from 7.27.0 to 7.28.4 for uninvestigated reasons. The prior import of 'regenerator-runtime/runtime' to jest broke with this update. However, the import could simply be removed due to our minimum required version of Node no longer needing it.

Instructions for local reproduction and review

snowbox-pdf.patch

May be tested in the snowbox with this change, which I did. Since the whole operation was rather straightforward, I do not deem repetition on your end necessary.

Pull Request Checklist (for Assignee)

  • Changelogs are maintained
  • Functionality has been tested in Firefox, Chrome

@warm-coolguy warm-coolguy self-assigned this Jan 6, 2026
@warm-coolguy warm-coolguy added the dependencies Pull requests that update a dependency file label Jan 6, 2026
@warm-coolguy warm-coolguy requested a review from raschju as a code owner January 6, 2026 12:12
dopenguin
dopenguin approved these changes Jan 6, 2026
View reviewed changes
Copy link
Member

@dopenguin dopenguin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 @warm-coolguy

@warm-coolguy warm-coolguy merged commit 765c472 into main Jan 6, 2026
7 of 8 checks passed
@warm-coolguy warm-coolguy deleted the chore/update-jspdf branch January 6, 2026 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dopenguin dopenguin dopenguin approved these changes

@oeninghe-dataport oeninghe-dataport Awaiting requested review from oeninghe-dataport oeninghe-dataport is a code owner

@czirkelbach czirkelbach Awaiting requested review from czirkelbach czirkelbach is a code owner

@raschju raschju Awaiting requested review from raschju raschju is a code owner

Assignees

@warm-coolguy warm-coolguy

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@warm-coolguy @dopenguin