mirror/pdfme
1
0
Fork 0
mirror of https://github.com/pdfme/pdfme.git synced 2026-04-25 00:20:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,175 Commits 55 Branches 159 Tags
repeatHead
Commit Graph

623 Commits

Author SHA1 Message Date
Kyohei Fukuda
5a313c5795 Merge branch 'main' into repeatHead 2025-10-03 10:16:57 +09:00
Kiewn
6d16b14fb8 fix: Fix calculate target page index in function page breaking. (#1188) 
* fix: Fix calculate target page index in function page breaking.

* fix : fix unit test.
 2025-10-03 10:11:19 +09:00
ye-wenchao
7f9f92b53f calendar bug fix. (#1162) 
Co-authored-by: ye-1089 <ye-1089@YE-1089>
 2025-10-03 09:58:22 +09:00
dependabot[bot]
b8f4511a47 Bump bwip-js from 4.6.0 to 4.7.0 (#1138) 
Bumps [bwip-js](https://github.com/metafloor/bwip-js) from 4.6.0 to 4.7.0.
- [Release notes](https://github.com/metafloor/bwip-js/releases)
- [Commits](https://github.com/metafloor/bwip-js/compare/v4.6.0...v4.7.0)

---
updated-dependencies:
- dependency-name: bwip-js
  dependency-version: 4.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:45:21 +09:00
dependabot[bot]
815e541fc8 Bump vite from 7.0.0 to 7.1.4 (#1163) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.0 to 7.1.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.4/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:45:17 +09:00
dependabot[bot]
836b46fb65 Bump lucide-react from 0.525.0 to 0.542.0 (#1166) 
Bumps [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) from 0.525.0 to 0.542.0.
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.542.0/packages/lucide-react)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 0.542.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:45:14 +09:00
dependabot[bot]
1a05b62e3d Bump form-render from 2.5.3 to 2.5.5 (#1170) 
Bumps [form-render](https://github.com/alibaba/form-render) from 2.5.3 to 2.5.5.
- [Release notes](https://github.com/alibaba/form-render/releases)
- [Commits](https://github.com/alibaba/form-render/commits)

---
updated-dependencies:
- dependency-name: form-render
  dependency-version: 2.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:45:08 +09:00
dependabot[bot]
1579a040e0 Bump node-html-better-parser from 1.5.1 to 1.5.3 (#1171) 
Bumps [node-html-better-parser](https://github.com/Sharcoux/node-html-parser) from 1.5.1 to 1.5.3.
- [Commits](https://github.com/Sharcoux/node-html-parser/compare/1.5.1...1.5.3)

---
updated-dependencies:
- dependency-name: node-html-better-parser
  dependency-version: 1.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:45:04 +09:00
dependabot[bot]
f516d7ee74 Bump @testing-library/jest-dom from 6.6.3 to 6.8.0 (#1175) 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.6.3 to 6.8.0.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v6.6.3...v6.8.0)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:45:02 +09:00
dependabot[bot]
ee7895b10c Bump esbuild from 0.25.5 to 0.25.9 (#1178) 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.25.5 to 0.25.9.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.5...v0.25.9)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.25.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:44:56 +09:00
dependabot[bot]
4db779c927 Bump lucide from 0.525.0 to 0.542.0 (#1180) 
Bumps [lucide](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide) from 0.525.0 to 0.542.0.
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.542.0/packages/lucide)

---
updated-dependencies:
- dependency-name: lucide
  dependency-version: 0.542.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 19:44:53 +09:00
Kyohei Fukuda
fbdeaf00d7 Potential fix for code scanning alert no. 16: Incomplete string escaping or encoding (#1186) 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-09-10 21:54:37 +09:00
hand-dot
4de814b4cd fix: Add DOMPurify for SVG sanitization in PluginIcon component and implement security tests 2025-09-10 20:17:42 +09:00
Kyohei Fukuda
ec072ea821 fix: Refactor SVG handling in PluginIcon component for improved size … (#1184) 
* fix: Refactor SVG handling in PluginIcon component for improved size management and sanitization

* Potential fix for code scanning alert no. 41: Incomplete URL scheme check

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-09-10 16:06:31 +09:00
Kyohei Fukuda
2a1ea0efea fix: Update getDocument calls to include data and isEvalSupported options (#1182) 2025-09-09 15:22:34 +09:00
tetty
9e5a08988c fix: Align the mouse cursor with the X coordinate of the table column (#1118) 2025-07-16 09:05:05 +09:00
Kyohei Fukuda
0dd54739ac XSS vulnerability prevention for replacePlaceholders function (#1117) 
* test(expression): add XSS vulnerability prevention tests for replacePlaceholders function

* Update packages/common/src/expression.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* test: group safe Object method tests into single test case

- Refactored individual tests for Object.keys, Object.values, Object.entries, and Object.assign
- Combined them into a single test case with multiple assertions for better organization
- Addresses code review feedback about test organization

Co-authored-by: Kyohei Fukuda <hand-dot@users.noreply.github.com>

* feat(security): implement safeAssign to prevent prototype pollution and enhance XSS protection

* fix(safeAssign): use object spread for safer target assignment

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <hand-dot@users.noreply.github.com>
 2025-07-10 08:21:48 +09:00
dependabot[bot]
753b8ce921 Bump antd from 5.26.2 to 5.26.3 (#1110) 
* Bump antd from 5.26.2 to 5.26.3

Bumps [antd](https://github.com/ant-design/ant-design) from 5.26.2 to 5.26.3.
- [Release notes](https://github.com/ant-design/ant-design/releases)
- [Changelog](https://github.com/ant-design/ant-design/blob/master/CHANGELOG.en-US.md)
- [Commits](https://github.com/ant-design/ant-design/compare/5.26.2...5.26.3)

---
updated-dependencies:
- dependency-name: antd
  dependency-version: 5.26.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update snapshots to reflect changes in button class names for Designer and Preview components

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyoheif@wix.com>
 2025-07-02 15:27:07 +09:00
Kyohei Fukuda
093f183d74 npm run prettier 2025-07-02 15:21:54 +09:00
dependabot[bot]
14f9324ea6 Bump lucide in /packages/schemas in the lucide-packages group (#1112) 
Bumps the lucide-packages group in /packages/schemas with 1 update: [lucide](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide).


Updates `lucide` from 0.523.0 to 0.525.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.525.0/packages/lucide)

---
updated-dependencies:
- dependency-name: lucide
  dependency-version: 0.525.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: lucide-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 09:59:14 +09:00
dependabot[bot]
d619b45913 Bump lucide-react from 0.523.0 to 0.525.0 (#1106) 
Bumps [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) from 0.523.0 to 0.525.0.
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.525.0/packages/lucide-react)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 0.525.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 09:57:00 +09:00
hand-dot
c3c1d69c18 Remove obsolete documentation and ignore files from the repository 2025-06-30 13:21:59 +09:00
hand-dot
81eed0dec6 Merge branch 'main' of https://github.com/pdfme/pdfme into repeatHead 2025-06-29 00:35:20 +09:00
hand-dot
4d274827fc Refactor imports and improve code formatting in integration tests; add failure threshold for image snapshots 2025-06-29 00:20:01 +09:00
hand-dot
12fddfab2b Refactor tests to remove jest timeout and mock Date in integration tests 2025-06-28 23:57:55 +09:00
Kyohei Fukuda
41b8dd970c Organize generator test (#1098) 
* remove old japanese template

* Add new image snapshots and update font references in tests

* Refactor code structure for improved readability and maintainability
 2025-06-27 16:59:02 +09:00
dependabot[bot]
721485fbe7 Bump hotkeys-js from 3.13.10 to 3.13.14 (#1094) 
* Bump hotkeys-js from 3.13.10 to 3.13.14

---
updated-dependencies:
- dependency-name: hotkeys-js
  dependency-version: 3.13.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix

* Update UI snapshots for hotkeys-js 3.13.14

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
Co-authored-by: Kyohei Fukuda <kyoheif@wix.com>
 2025-06-26 20:04:57 +09:00
dependabot[bot]
4cb1e7b242 Bump vite from 6.3.5 to 7.0.0 (#1087) 
---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
 2025-06-26 19:28:20 +09:00
dependabot[bot]
4c35d5e949 Bump postcss from 8.5.4 to 8.5.6 (#1088) 
---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
 2025-06-26 19:26:58 +09:00
dependabot[bot]
3b4994dec6 Bump node-html-better-parser from 1.4.11 to 1.5.1 (#1083) 
Bumps [node-html-better-parser](https://github.com/Sharcoux/node-html-parser) from 1.4.11 to 1.5.1.
- [Commits](https://github.com/Sharcoux/node-html-parser/compare/1.4.11...1.5.1)

---
updated-dependencies:
- dependency-name: node-html-better-parser
  dependency-version: 1.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
 2025-06-26 19:26:27 +09:00
dependabot[bot]
ad24513d4f Bump zod from 3.25.46 to 3.25.67 (#1091) 
---
updated-dependencies:
- dependency-name: zod
  dependency-version: 3.25.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:20:22 +09:00
dependabot[bot]
5613554ad9 Bump rollup from 4.41.1 to 4.44.1 (#1092) 
---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.44.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:20:12 +09:00
dependabot[bot]
2d1d61309b Bump acorn from 8.14.1 to 8.15.0 (#1093) 
---
updated-dependencies:
- dependency-name: acorn
  dependency-version: 8.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:20:02 +09:00
dependabot[bot]
e70adc5555 Bump @vitejs/plugin-react from 4.5.0 to 4.6.0 (#1095) 
---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:19:20 +09:00
dependabot[bot]
5735342a04 Bump @types/jest from 29.5.14 to 30.0.0 in /packages/ui (#1074) 
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.14 to 30.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:18:00 +09:00
dependabot[bot]
fd578b70a6 Bump lucide-react in /packages/ui in the lucide-packages group (#1069) 
Bumps the lucide-packages group in /packages/ui with 1 update: [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react).


Updates `lucide-react` from 0.511.0 to 0.523.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.523.0/packages/lucide-react)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 0.523.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: lucide-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:17:36 +09:00
dependabot[bot]
6daf09964a Bump @types/pako from 1.0.7 to 2.0.3 in /packages/pdf-lib (#1067) 
Bumps [@types/pako](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/pako) from 1.0.7 to 2.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/pako)

---
updated-dependencies:
- dependency-name: "@types/pako"
  dependency-version: 2.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:16:12 +09:00
dependabot[bot]
57d1c4e545 Bump pako from 1.0.11 to 2.1.0 in /packages/pdf-lib (#1063) 
Bumps [pako](https://github.com/nodeca/pako) from 1.0.11 to 2.1.0.
- [Changelog](https://github.com/nodeca/pako/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/pako/compare/1.0.11...2.1.0)

---
updated-dependencies:
- dependency-name: pako
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:15:02 +09:00
dependabot[bot]
08357e87b4 Bump @types/color from 3.0.6 to 4.2.0 in /packages/pdf-lib (#1061) 
Bumps [@types/color](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/color) from 3.0.6 to 4.2.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/color)

---
updated-dependencies:
- dependency-name: "@types/color"
  dependency-version: 4.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:14:47 +09:00
dependabot[bot]
e640bdafed Bump lucide in /packages/schemas in the lucide-packages group (#1060) 
Bumps the lucide-packages group in /packages/schemas with 1 update: [lucide](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide).


Updates `lucide` from 0.511.0 to 0.523.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.523.0/packages/lucide)

---
updated-dependencies:
- dependency-name: lucide
  dependency-version: 0.523.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: lucide-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-26 19:14:35 +09:00
devin-ai-integration[bot]
e4a4c300cd Migrate pdf-lib into pdfme monorepo (#1059) 
* Migrate pdf-lib into pdfme monorepo

- Add @pdfme/pdf-lib package to packages/ directory
- Update root package.json to include pdf-lib in workspaces
- Update all package dependencies to use workspace:* for @pdfme/pdf-lib
- Configure TypeScript build targets (cjs, esm, node) for pdf-lib
- Add ESLint configuration with relaxed rules for pdf-lib migration
- Integrate pdf-lib into monorepo build and clean scripts
- Add basic test suite for pdf-lib package
- All lint, build, and test suites pass successfully

This migration improves maintainability by consolidating all PDF operations
into a single repository and unified build/test/release process.

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

* Fix TypeScript module resolution for workspace dependencies

- Changed moduleResolution from 'bundler' to 'node' in common package
- This should resolve '@pdfme/pdf-lib' module resolution issues
- Reverted workspace dependency format back to '*' for npm compatibility

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

* Fix pdf-lib package.json exports paths

- Updated main, module, and exports paths to point to correct locations
- Changed from dist/*/index.js to dist/*/src/index.js to match build output
- Fixed TypeScript types path from dist/types/index.d.ts to dist/types/src/index.d.ts
- Resolves Vite package entry resolution errors and TypeScript module resolution issues

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

* Fix CodeQL security alerts in svg.ts

- Add input validation and sanitization for HTML/SVG parsing
- Prevent ReDoS attacks with regex limits and input size checks
- Sanitize font family names to prevent prototype pollution
- Add URL validation for image sources to prevent path traversal
- Limit transformation parsing to prevent infinite loops
- Maintain backward compatibility while improving security

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

* Implement comprehensive security fixes for CodeQL alerts in svg.ts

- Add input validation and sanitization for SVG content
- Implement safe HTML parsing with null checks and size limits
- Add controlled dynamic property access with allowlisted tag names
- Prevent style injection with filtered and limited style entries
- Add regex match limits to prevent ReDoS attacks
- Enhance font selection with input validation and type safety
- Sanitize image sources to prevent path traversal and injection
- Limit CSS style parsing to prevent potential vulnerabilities

These changes address the 2 high-severity CodeQL security alerts while
maintaining backward compatibility and functionality.

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

* Add additional security fixes for CodeQL alerts in svg.ts

- Implement safer property access for polygon node transformation
- Add input validation for points attribute with regex pattern matching
- Replace Object.assign with safer property assignment to prevent prototype pollution
- Add null checks and type validation for node attributes and childNodes
- Implement safer SVG node parsing with comprehensive validation
- Add array type checks for childNodes processing

These changes target the remaining 2 high-severity CodeQL security alerts
by addressing potential prototype pollution and unsafe property access.

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

* Implement comprehensive security hardening for CodeQL alerts in svg.ts

- Add comprehensive SVG content sanitization with allowlist-based tag filtering
- Implement strict input validation with bounds checking for all numeric inputs
- Replace unsafe dynamic property assignment with Object.defineProperty
- Add try-catch error handling for HTML parsing operations
- Restrict allowed style properties and validate string lengths
- Use setAttribute/removeAttribute instead of direct attribute manipulation
- Add type safety checks for all node operations
- Implement safer polygon-to-path conversion with validation

These changes address the 10 high-severity CodeQL security alerts by:
1. Preventing XSS through comprehensive input sanitization
2. Avoiding prototype pollution with safer property assignment
3. Adding bounds checking to prevent DoS attacks
4. Using allowlist-based validation for all user inputs
5. Implementing proper error handling to prevent crashes

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

* Potential fix for code scanning alert no. 32: Incomplete multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 39: Incomplete multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Fix inefficient regular expression in svg.ts to pass CodeQL

- Changed /([^:\s]+)*\s*:\s*([^;]+)/g to /([^:\s]+)\s*:\s*([^;]+)/g
- Removed the problematic * quantifier that could cause exponential backtracking
- This fixes the "Inefficient regular expression" security alert from GitHub Advanced Security

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* remove sanitize-html

* move tests

* fix for security

* update dependabot.yml

* organize

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
 2025-06-26 18:30:05 +09:00
Kyohei Fukuda
b63a9ece14 debug screen 2025-06-07 18:01:16 +09:00
Kyohei Fukuda
30b03e8bf2 TMP 2025-06-07 11:48:35 +09:00
Kyohei Fukuda
e7a3c0b207 tmp 2025-06-06 12:07:10 +09:00
Kyohei Fukuda
7db2f1a565 tmp 2025-06-06 12:07:04 +09:00
Kyohei Fukuda
c43639c4a1 Update header height management in breakIntoPages function 
- Change header height assignment to use dynamic height variable
- Improve code clarity by removing hardcoded values

This update enhances the flexibility of header height handling in the dynamicTemplate.ts file.
 2025-06-04 10:59:57 +09:00
Devin AI
18a2584e61 Fix TypeScript compilation errors in test files 
- Add proper type guards for basePdf union type access
- Fix undefined property access for __bodyRange?.end
- Resolve type safety issues without changing test logic

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>
 2025-06-02 00:48:28 +00:00
dependabot[bot]
6bbf78cb36 Bump antd from 5.25.0 to 5.25.4 (#1049) 
* Bump antd from 5.25.0 to 5.25.4

Bumps [antd](https://github.com/ant-design/ant-design) from 5.25.0 to 5.25.4.
- [Release notes](https://github.com/ant-design/ant-design/releases)
- [Changelog](https://github.com/ant-design/ant-design/blob/master/CHANGELOG.en-US.md)
- [Commits](https://github.com/ant-design/ant-design/compare/5.25.0...5.25.4)

---
updated-dependencies:
- dependency-name: antd
  dependency-version: 5.25.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update UI snapshots for antd 5.25.4 upgrade

- Update CSS class names from css-dev-only-do-not-override-18afz5u to css-dev-only-do-not-override-mc1tut
- Fixes snapshot test failures in CI for Designer and Preview components

Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Kyohei Fukuda <kyoheif@wix.com>
 2025-06-02 09:29:21 +09:00
dependabot[bot]
37b525f241 Bump @vitejs/plugin-react from 4.4.1 to 4.5.0 (#1039) 
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 4.4.1 to 4.5.0.
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@4.5.0/packages/plugin-react)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 4.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-02 09:16:33 +09:00
dependabot[bot]
02085ef997 Bump rollup from 4.40.2 to 4.41.1 (#1041) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.40.2 to 4.41.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.40.2...v4.41.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.41.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-02 09:16:25 +09:00