* Migrate pdf-lib into pdfme monorepo
- Add @pdfme/pdf-lib package to packages/ directory
- Update root package.json to include pdf-lib in workspaces
- Update all package dependencies to use workspace:* for @pdfme/pdf-lib
- Configure TypeScript build targets (cjs, esm, node) for pdf-lib
- Add ESLint configuration with relaxed rules for pdf-lib migration
- Integrate pdf-lib into monorepo build and clean scripts
- Add basic test suite for pdf-lib package
- All lint, build, and test suites pass successfully
This migration improves maintainability by consolidating all PDF operations
into a single repository and unified build/test/release process.
Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
* Fix TypeScript module resolution for workspace dependencies
- Changed moduleResolution from 'bundler' to 'node' in common package
- This should resolve '@pdfme/pdf-lib' module resolution issues
- Reverted workspace dependency format back to '*' for npm compatibility
Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
* Fix pdf-lib package.json exports paths
- Updated main, module, and exports paths to point to correct locations
- Changed from dist/*/index.js to dist/*/src/index.js to match build output
- Fixed TypeScript types path from dist/types/index.d.ts to dist/types/src/index.d.ts
- Resolves Vite package entry resolution errors and TypeScript module resolution issues
Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
* Fix CodeQL security alerts in svg.ts
- Add input validation and sanitization for HTML/SVG parsing
- Prevent ReDoS attacks with regex limits and input size checks
- Sanitize font family names to prevent prototype pollution
- Add URL validation for image sources to prevent path traversal
- Limit transformation parsing to prevent infinite loops
- Maintain backward compatibility while improving security
Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
* Implement comprehensive security fixes for CodeQL alerts in svg.ts
- Add input validation and sanitization for SVG content
- Implement safe HTML parsing with null checks and size limits
- Add controlled dynamic property access with allowlisted tag names
- Prevent style injection with filtered and limited style entries
- Add regex match limits to prevent ReDoS attacks
- Enhance font selection with input validation and type safety
- Sanitize image sources to prevent path traversal and injection
- Limit CSS style parsing to prevent potential vulnerabilities
These changes address the 2 high-severity CodeQL security alerts while
maintaining backward compatibility and functionality.
Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
* Add additional security fixes for CodeQL alerts in svg.ts
- Implement safer property access for polygon node transformation
- Add input validation for points attribute with regex pattern matching
- Replace Object.assign with safer property assignment to prevent prototype pollution
- Add null checks and type validation for node attributes and childNodes
- Implement safer SVG node parsing with comprehensive validation
- Add array type checks for childNodes processing
These changes target the remaining 2 high-severity CodeQL security alerts
by addressing potential prototype pollution and unsafe property access.
Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
* Implement comprehensive security hardening for CodeQL alerts in svg.ts
- Add comprehensive SVG content sanitization with allowlist-based tag filtering
- Implement strict input validation with bounds checking for all numeric inputs
- Replace unsafe dynamic property assignment with Object.defineProperty
- Add try-catch error handling for HTML parsing operations
- Restrict allowed style properties and validate string lengths
- Use setAttribute/removeAttribute instead of direct attribute manipulation
- Add type safety checks for all node operations
- Implement safer polygon-to-path conversion with validation
These changes address the 10 high-severity CodeQL security alerts by:
1. Preventing XSS through comprehensive input sanitization
2. Avoiding prototype pollution with safer property assignment
3. Adding bounds checking to prevent DoS attacks
4. Using allowlist-based validation for all user inputs
5. Implementing proper error handling to prevent crashes
Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
* Potential fix for code scanning alert no. 32: Incomplete multi-character sanitization
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Potential fix for code scanning alert no. 39: Incomplete multi-character sanitization
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Fix inefficient regular expression in svg.ts to pass CodeQL
- Changed /([^:\s]+)*\s*:\s*([^;]+)/g to /([^:\s]+)\s*:\s*([^;]+)/g
- Removed the problematic * quantifier that could cause exponential backtracking
- This fixes the "Inefficient regular expression" security alert from GitHub Advanced Security
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* remove sanitize-html
* move tests
* fix for security
* update dependabot.yml
* organize
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
* Update TypeScript to version 5.8.2 and fix type compatibility issues
Co-Authored-By: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
* Update package-lock.json for TypeScript 5.8.2
Co-Authored-By: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
* Fix TypeScript errors in generator package
Co-Authored-By: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
* Update moduleResolution to esnext in all tsconfig.esm.json files and fix type errors in generator package
Co-Authored-By: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
* Update moduleResolution to bundler in all tsconfig.esm.json files
Co-Authored-By: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
* Refactor ESLint configuration: remove legacy .eslintrc.cjs files and replace with new .mjs configurations
* Remove unnecessary TypeScript ignore comments and simplify async calls in barcode tests
* Refactor date helper: remove TypeScript ignore comments and simplify AirDatepicker usage
* Enhance date helper: add AirDatepickerDate type and improve type annotations for onSelect callback
* Update TypeScript and ESLint configurations: change module to NodeNext, refine file patterns, and enhance lint command
* Refactor ESLint configuration: remove unnecessary language options for TypeScript files
* Add pdf2img integration for converting PDF to images in e2e tests
* Refactor PDF generation tests to convert PDFs to images and validate against snapshots
* Refactor package.json files to remove "type": "module" and update import statements to CommonJS format
* Fix e2e test
* Add new image snapshots for e2e tests and remove obsolete snapshot
* Remove fast-xml-parser dependency and update vite-tsconfig-paths to 5.1.4
* tmp
* Refactor test files and scripts to use ES modules; remove obsolete files
* Enhance tests with new PDF utilities and update Jest configuration for ESM support
* tmp
* chore: update TypeScript configuration to use ESNext module and resolution
* fix: update remaining imports with .js extensions and tsconfig files with nodenext
Co-Authored-By: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* use image snapshot
* remove
* Add new feature for user profile customization
* Implement user profile customization feature
* Update snapshots to reflect changes in button class names
