jspdf@4.0.0

[frontHu]

jspdf@4.0.0 has security vulnerabilities and needs to be upgraded.

[iacobus]

The package.json describes ^4.0.0 which allows jspdf upgraded versions that aren't vulnerable (vulnerability is fixed in 4.1.0). I use Dependabot and for some reason it failed to be able to resolve to those upgraded versions, its output saying:

+-------------------------------------------------------------------------------------------------+
|                                             Errors                                              |
+------------------------------+------------------------------------------------------------------+
| Type                         | Details                                                          |
+------------------------------+------------------------------------------------------------------+
| security_update_not_possible | {                                                                |
|                              |   "dependency-name": "jspdf",                                    |
|                              |   "latest-resolvable-version": "4.0.0",                          |
|                              |   "lowest-non-vulnerable-version": null,                         |
|                              |   "conflicting-dependencies": [                                  |
|                              |     {                                                            |
|                              |       "explanation": "html2pdf.js@0.14.0 requires jspdf@^4.0.0", |
|                              |       "name": "html2pdf.js",                                     |
|                              |       "version": "0.14.0",                                       |
|                              |       "requirement": "^4.0.0"                                    |
|                              |     }                                                            |
|                              |   ]                                                              |
|                              | }                                                                |
+------------------------------+------------------------------------------------------------------+

Which seems just incorrect. I was able to simply run npm update jspdf and it resolved to 4.2.0, which addressed the vulnerability.

[frontHu]

@iacobus Could you please help upgrade jspdf to version 4.2.0? We detected a CVE issue.