[Snyk] Fix for 11 vulnerabilities

[vacom]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jspdf

The new version differs by 250 commits.

• 4497d22 2.0.0
• d160d82 add license to archive and add license header to typings
• 71a7ddd remove deprecated API from typings
• f794052 describe different types of output files in readme
• 5211ec9 delete accidentally commited worker files in dist
• f9f6b89 also commit docs folder in npm version
• 8da3744 update bower.json to 2.0.0
• 5fda60e update release instructions
• d01b6ea update copyright in license
• 4ee9e33 remove deprecated makeFonts cli script
• f85b95b remove deprecated modules, methods and parameters
• b76b102 fix doc generation and let it run on npm version, as well
• f0d23cb add GitHub action that publishes a release on npm
• 151f1b0 improve "contributing" section in readme
• 2ad55ce update readme for 2.0 release
• 4290d9f Merge pull request #2835 from HackbrettXXX/fix-compound-glyphs
• b70b8ea fix reading of compound glyphs
• eb70ab2 Merge pull request #2834 from HackbrettXXX/context2d-custom-fonts
• 1d7221d fix usage of custom fonts in context2d
• 511d4f6 getTextDimensions supports maxWidth (#2824)
• 11506e0 Merge pull request #2826 from HackbrettXXX/fix-online-playground
• a754f0d fix online playground and commit dist files
• 82d3b7d Merge pull request #2804 from HackbrettXXX/modernization
• 96e09d3 Merge branch 'master' into modernization

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn