Skip to content

Bump the npm_and_yarn group across 1 directory with 27 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-5a7ed42d4c
Open

Bump the npm_and_yarn group across 1 directory with 27 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-5a7ed42d4c

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Sep 12, 2025
edited by coderabbitai Bot
Loading

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package From To
axios 0.24.0 1.12.0
jspdf 2.5.1 3.0.2
jspdf-autotable 3.5.23 5.0.2
@babel/helpers 7.17.2 7.28.4
@babel/traverse 7.17.3 7.28.4
semver 5.7.1 5.7.2
body-parser 1.19.2 1.20.3
express 4.17.3 4.21.2
braces 3.0.2 3.0.3
ejs 3.1.8 3.1.10
form-data 3.0.1 3.0.4
http-proxy-middleware 2.0.3 2.0.9
on-headers 1.0.2 1.1.0
compression 1.7.4 1.8.1
rollup 2.70.1 2.79.2
serialize-javascript 6.0.0 6.0.2
tough-cookie 4.0.0 4.1.4
webpack 5.77.0 5.101.3
webpack-dev-middleware 5.3.1 5.3.4
ws 8.5.0 8.18.3
ws 7.5.7 7.5.10

Updates axios from 0.24.0 to 1.12.0

Release notes

Sourced from axios's releases.

Release v1.12.0

Release notes:

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Release v1.11.0

Release notes:

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.0 (2025-09-11)

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

1.11.0 (2025-07-22)

Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

... (truncated)

Commits
  • 0d8ad6e chore(release): v1.12.0 (#7013)
  • fd7f404 fix: release pr run
  • a2edc36 fix: dont add dist on release
  • 9ec86de fix: adding build artifacts
  • 945435f fix(node): enforce maxContentLength for data: URLs (#7011)
  • 28e5e30 chore(sponsor): update sponsor block (#7005)
  • d03f245 chore(CI): fixed release info script to use npm registry instead of git as fi...
  • a0bc911 chore: removing dist files from src (#7002)
  • c959ff2 feat(fetch): add fetch, Request, Response env config variables for the adapte...
  • a9f47af fix(fetch-adapter): set correct Content-Type for Node FormData (#6998)
  • Additional commits viewable in compare view

Updates jspdf from 2.5.1 to 3.0.2

Release notes

Sourced from jspdf's releases.

v3.0.2

This release fixes a security issue where parsing of corrupt PNG images could lead to long running loops and denial of service.

What's Changed

New Contributors

Full Changelog: parallax/jsPDF@v3.0.1...v3.0.2

v3.0.1

This release fixes two security vulnerabilities:

  • Upgrade optional dependency canvg to 3.0.11
  • Fix a ReDoS vulnerability in the addImage method and the methods html and addSvgAsImage, which depend on addImage

v3.0.0

This major release officially drops support for Internet Explorer and fixes a security vulnerability in the html function by updating the optional dependency dompurify to v3.2.4. There are no other breaking changes.

New Contributors

Full Changelog: parallax/jsPDF@v2.5.2...v3.0.0

v2.5.2

This release upgrades the Dompurify dependency to 2.5.4 with fixes a vulnerability with high severity: GHSA-mmhx-hmjr-r674.

It also upgrades fflate, core-js, and @​babel/runtime to more recent versions.

What's Changed

Commits

Updates jspdf-autotable from 3.5.23 to 5.0.2

Release notes

Sourced from jspdf-autotable's releases.

v5.0

Summary of changes in 5.0.0-5.0.2

  • Breaking: The plugin is no longer auto applied to jsPDF in none browser environments (see more below)
  • The esm build file is now chosen automatically based on your packages environment (no need to use the jspdf-autotable/es path anymore)
  • HookData is now exported simonbengtsson/jsPDF-AutoTable#1075

Plugin no longer applied automatically

In this release the plugin is no longer auto applied to jsPDF in none browser environments. This is a breaking change for users that for example uses this plugin in node js and call autoTable method on the jsPDF doc instance (doc.autoTable({...}).

It is now recommended to import the autoTable method and pass it the jsPDF doc instance.

import { jsPDF } from 'jspdf'
import { autoTable } from 'jspdf-autotable'
const doc = new jsPDF()
autoTable(doc, { ... })

If you want to keep calling the plugin method on the jsPDF doc instance you can also apply the plugin to it yourself using applyPlugin:

import { jsPDF } from 'jspdf'
import { applyPlugin } from 'jspdf-autotable'
// This is now required in non browser environments to use the old
// way of calling autoTable on the jspdf doc instance.
applyPlugin(jsPDF)
const doc = new jsPDF()
doc.autoTable({ ... })

v4.0.0

Mostly minor changes but bumping major version due to old deprecation removals and upgrade to jsPDF 3.0 (that removes support for internet explorer).

  • Jspdf 3.0 (removes support for internet explorer)
  • You can now import autoTable with a named import import { autoTable } from ‘jspdf-autotable’) . The previously exported autoTable type is now exported as autoTableInstanceType instead.
  • Removed long time deprecations
    • Removed support for all old options and styles that was soft removed and deprecated in v3.0
    • Removed old ways to get information of the last autoTable drawn: doc.previousAutoTable , doc.autoTable.previous and doc.autoTableEndPosY. Now you should use doc.lastAutoTable.
    • Removed Table#pageCount field. You should now use Table#pageNumber.
    • Removed old column/body way of calling autoTable doc.autoTable(columns, body, options). You should now use autoTable(doc, options) or doc.autoTable(options).
    • Removed doc.autoTableAddPageContent. You should now use jsPDF.autoTableSetDefaults({didDrawPage: () => {}})
    • Removed doc.autoTableAddPage(). You should now use doc.addPage().

v3.8.4

What's Changed

New Contributors

... (truncated)

Commits

Updates @babel/helpers from 7.17.2 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

... (truncated)

Commits

Updates @babel/runtime from 7.17.2 to 7.28.4

Release notes

Sourced from @​babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

... (truncated)

Commits

Updates @babel/traverse from 7.17.3 to 7.28.4

Release notes

Sourced from @​babel/traverse's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

... (truncated)

Commits

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

@dependabot
Bump the npm_and_yarn group across 1 directory with 27 updates
76499db 
Bumps the npm_and_yarn group with 20 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `0.24.0` | `1.12.0` |
| [jspdf](https://github.com/parallax/jsPDF) | `2.5.1` | `3.0.2` |
| [jspdf-autotable](https://github.com/simonbengtsson/jsPDF-AutoTable) | `3.5.23` | `5.0.2` |
| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.17.2` | `7.28.4` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.17.3` | `7.28.4` |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.19.2` | `1.20.3` |
| [express](https://github.com/expressjs/express) | `4.17.3` | `4.21.2` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [ejs](https://github.com/mde/ejs) | `3.1.8` | `3.1.10` |
| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` |
| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.3` | `2.0.9` |
| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |
| [compression](https://github.com/expressjs/compression) | `1.7.4` | `1.8.1` |
| [rollup](https://github.com/rollup/rollup) | `2.70.1` | `2.79.2` |
| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` |
| [webpack](https://github.com/webpack/webpack) | `5.77.0` | `5.101.3` |
| [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.1` | `5.3.4` |
| [ws](https://github.com/websockets/ws) | `8.5.0` | `8.18.3` |
| [ws](https://github.com/websockets/ws) | `7.5.7` | `7.5.10` |



Updates `axios` from 0.24.0 to 1.12.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.24.0...v1.12.0)

Updates `jspdf` from 2.5.1 to 3.0.2
- [Release notes](https://github.com/parallax/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](parallax/jsPDF@v2.5.1...v3.0.2)

Updates `jspdf-autotable` from 3.5.23 to 5.0.2
- [Release notes](https://github.com/simonbengtsson/jsPDF-AutoTable/releases)
- [Commits](simonbengtsson/jsPDF-AutoTable@v3.5.23...v5.0.2)

Updates `@babel/helpers` from 7.17.2 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-helpers)

Updates `@babel/runtime` from 7.17.2 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime)

Updates `@babel/traverse` from 7.17.3 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-traverse)

Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `body-parser` from 1.19.2 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.19.2...1.20.3)

Updates `express` from 4.17.3 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.17.3...4.21.2)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `canvg` from 3.0.10 to 3.0.11
- [Release notes](https://github.com/canvg/canvg/releases)
- [Changelog](https://github.com/canvg/canvg/blob/v3.0.11/CHANGELOG.md)
- [Commits](https://github.com/canvg/canvg/commits/v3.0.11)

Updates `cookie` from 0.4.2 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.2...v0.7.1)

Updates `dompurify` from 2.3.6 to 3.2.6
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@2.3.6...3.2.6)

Updates `ejs` from 3.1.8 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v3.1.8...v3.1.10)

Updates `express` from 4.17.3 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.17.3...4.21.2)

Updates `follow-redirects` from 1.14.9 to 1.15.11
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.11)

Updates `form-data` from 3.0.1 to 3.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md)
- [Commits](form-data/form-data@v3.0.1...v3.0.4)

Updates `http-proxy-middleware` from 2.0.3 to 2.0.9
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.3...v2.0.9)

Updates `on-headers` from 1.0.2 to 1.1.0
- [Release notes](https://github.com/jshttp/on-headers/releases)
- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md)
- [Commits](jshttp/on-headers@v1.0.2...v1.1.0)

Updates `compression` from 1.7.4 to 1.8.1
- [Release notes](https://github.com/expressjs/compression/releases)
- [Changelog](https://github.com/expressjs/compression/blob/master/HISTORY.md)
- [Commits](expressjs/compression@1.7.4...v1.8.1)

Updates `rollup` from 2.70.1 to 2.79.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-2.md)
- [Commits](rollup/rollup@v2.70.1...v2.79.2)

Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2)

Updates `send` from 0.17.2 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.17.2...0.19.0)

Updates `serve-static` from 1.14.2 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.14.2...v1.16.2)

Updates `tough-cookie` from 4.0.0 to 4.1.4
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4)

Updates `webpack` from 5.77.0 to 5.101.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.77.0...v5.101.3)

Updates `webpack-dev-middleware` from 5.3.1 to 5.3.4
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4)

Updates `ws` from 8.5.0 to 8.18.3
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.5.0...8.18.3)

Updates `ws` from 7.5.7 to 7.5.10
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.5.0...8.18.3)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.12.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jspdf
  dependency-version: 3.0.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jspdf-autotable
  dependency-version: 5.0.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/helpers"
  dependency-version: 7.28.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/runtime"
  dependency-version: 7.28.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.28.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-version: 5.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: canvg
  dependency-version: 3.0.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.7.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.2.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-version: 3.1.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.15.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 3.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: on-headers
  dependency-version: 1.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: compression
  dependency-version: 1.8.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 2.79.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-version: 4.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.101.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-middleware
  dependency-version: 5.3.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.18.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 12, 2025
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Sep 12, 2025
edited
Loading

Walkthrough

Updated dependency versions in package.json for axios, jspdf, and jspdf-autotable. No other files or exported/public APIs were changed.

Changes

Cohort / File(s) Summary of edits
Dependency updates
`package.json`		 Bumped axios ^0.24.0 → ^1.12.0; jspdf ^2.4.0 → ^3.0.2; jspdf-autotable ^3.5.23 → ^5.0.2. No other modifications.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title accurately describes the primary change: a Dependabot group bump of npm/yarn dependencies across one directory with 27 updates, which matches the PR objectives and the raw summary. It is concise and directly related to the changeset, not misleading or off-topic, though it does not call out specific notable upgrades. Overall it gives a teammate a clear sense of scope and intent.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.

Poem

I nibbled versions, crisp and new,
axios climbed, jsPDF grew—
Tables stretched to five-point-two,
Dependabot tracks what bunnies do.
With gentle hops through change so slight,
The garden builds compile just right. 🐇✨

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)
  • Failed to retrieve linked issues from the platform client.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dependabot/npm_and_yarn/npm_and_yarn-5a7ed42d4c

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Sep 12, 2025
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd6a41a and 76499db.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json (2 hunks)
🔇 Additional comments (2)
package.json (2)

54-54: jspdf-autotable v5: verify plugin initialization for Node/SSR.

  • package.json lists "jspdf-autotable": "^5.0.2"; search found doc.autoTable(content) at src/components/buttons/PdfButton.js:37 but no import of 'jspdf-autotable' or 'jspdf-autotable/es'.
  • v5 no longer auto-applies the plugin in non-browser environments and removed the '/es' entry — if PDFs run in Node/SSR, explicitly initialize the plugin where you create jsPDF:

import { jsPDF } from 'jspdf';
import autoTable from 'jspdf-autotable';
autoTable(jsPDF);

  • Consider centralizing jsPDF + autoTable setup in a small utility to avoid scattered initialization.

44-44: Axios 1.12.x — npm shows 1.12.1; no risky axios usages found.

  • npm: published version is 1.12.1 (so "^1.12.0" will resolve to a published 1.12.x).
  • Code scan: no occurrences of headers.common, CancelToken, manual multipart Content-Type, imports from "axios/lib", axios.create, or interceptors.request/response.
  • Found URLSearchParams usage in src/helpers.js, src/components/tables/CippTable.js, src/hooks/useQuery.js — no axios-specific changes required.

Comment thread package.json
"javascript-time-ago": "^2.5.9",
"jspdf": "^2.4.0",
"jspdf-autotable": "^3.5.23",
"jspdf": "^3.0.2",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

jsPDF 3.0.2: IE support dropped; includes security fixes. Validate imports.

  • v3.0.0 dropped Internet Explorer support; 3.0.1 and 3.0.2 include security fixes (html/addImage paths, corrupt PNG DoS). Build/runtime behavior in modern browsers should be fine. (github.com)

Search for default imports that may need to stay as named import:

Add a lightweight PDF smoke test (render one-page PDF and assert byte size > 0) to catch regressions from library upgrades.

🏁 Script executed:

#!/bin/bash
rg -n -C2 --type=js --type=ts -e "import\\s+jsPDF\\s+from\\s+['\"]jspdf['\"]" -e "import\\s*\\{\\s*jsPDF\\s*\\}\\s*from\\s*['\"]jspdf['\"]"

Length of output: 341

Replace default jsPDF import with named import ({ jsPDF })

  • Replace import jsPDF from 'jspdf' with import { jsPDF } from 'jspdf' — found at src/components/buttons/PdfButton.js:3. (github.com)
  • v3.0.0 dropped Internet Explorer support; v3.0.1 and v3.0.2 contain security fixes (addImage/ReDoS/corrupt PNG parsing). (github.com)
  • Optional: add a lightweight PDF smoke test (generate one-page PDF and assert bytesize > 0) to catch regressions.
🤖 Prompt for AI Agents 
In package.json around line 53, the project currently depends on "jspdf":
"^3.0.2" and the codebase uses the default import which is incorrect for v3;
update the import in src/components/buttons/PdfButton.js (line ~3) from "import
jsPDF from 'jspdf'" to the named import "import { jsPDF } from 'jspdf'". Ensure
any other usages are updated to call jsPDF as the named export, run the
build/tests, and optionally add a lightweight smoke test that generates a
one‑page PDF and asserts the output byte size is > 0 to catch future
regressions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants