Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UIU-3347 bump jspdf to v3.0.0 #2874

Merged
merged 12 commits into from
Mar 19, 2025
Merged

UIU-3347 bump jspdf to v3.0.0 #2874

merged 12 commits into from
Mar 19, 2025

Conversation

JohnC-80
Copy link
Contributor

@JohnC-80 JohnC-80 commented Mar 13, 2025
edited
Loading

UIU-3347

Addresses security vulnerability within jspdf < 3 dependencies.
This also updates jspdf-autotable plug-in to v5

Noteworthy changes for the autotable plugin -

  • the doc.autotable.previous api replaced by doc.lastAutoTable.
  • title key in columns object renamed to header.

Output pdf:
image

@JohnC-80
bump jspdf to v3.0.0
a50fa19 
Addresses security vulnerability within jspdf <3 dependencies.
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 13, 2025
edited
Loading

Jest Unit Test Results

    1 files  ±0    264 suites  ±0   5m 11s ⏱️ -5s
1 213 tests ±0  1 210 ✅ ±0  3 💤 ±0  0 ❌ ±0 
1 254 runs  ±0  1 251 ✅ ±0  3 💤 ±0  0 ❌ ±0 

Results for commit 29f9c7e. ± Comparison against base commit 66db062.

♻️ This comment has been updated with latest results.

@JohnC-80 JohnC-80 marked this pull request as draft March 13, 2025 20:33
@JohnC-80 JohnC-80 marked this pull request as ready for review March 13, 2025 20:53
@JohnC-80 JohnC-80 requested a review from s3fs March 14, 2025 15:13
s3fs
s3fs reviewed Mar 17, 2025
View reviewed changes
Copy link
Contributor

@s3fs s3fs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we at least need a CHANGELOG update for this. Also, isn’t there a need to bump module’s major version if dependencies change? CC @zburke

zburke
zburke approved these changes Mar 17, 2025
View reviewed changes
Copy link
Member

@zburke zburke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code changes LGTM. I'm glad you noticed the jspdf-autotable API change! 🕵️

@s3fs, no, this does not require a major version bump. Changing direct (internal) dependencies does not change the public (external) API either in terms of what is consumed (peer-dependencies, okapi interfaces) or what is provided (public exports, routes, etc).

  • Yes, we should add a CHANGELOG entry, describing why we made these changes.
  • @JohnC-80, let's generate yarn.lock from scratch (rm yarn.lock; yarn install) to de-duplicate things like dompurify. Since deps are ultimately resolved at the platform level this doesn't really matter, but it should help keep dependabot off our backs for a little while longer by purging some cruft (e.g. paring dompurify down to a single, current version instead of installing three, two of which are outdated).

@JohnC-80
Copy link
Contributor Author

@zburke @s3fs All things updated, changes logged. PDF checked for *yet another adjustment I had to make.

zburke
zburke approved these changes Mar 18, 2025
View reviewed changes
Copy link
Member

@zburke zburke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm glad you caught the additional title/header changes and sad I missed that in my first review.

@s3fs s3fs self-requested a review March 19, 2025 07:27
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@JohnC-80 JohnC-80 merged commit 620b1a6 into master Mar 19, 2025
15 checks passed
@JohnC-80 JohnC-80 deleted the UIU-3347 branch March 19, 2025 21:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zburke zburke zburke approved these changes

@s3fs s3fs s3fs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JohnC-80 @zburke @s3fs