Skip to content

chore(deps-dev): bump @pdfme/common from 4.5.2 to 5.5.10 in /vite#1433

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/vite/pdfme/common-5.5.10
Open

chore(deps-dev): bump @pdfme/common from 4.5.2 to 5.5.10 in /vite#1433
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/vite/pdfme/common-5.5.10

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2026

Bumps @pdfme/common from 4.5.2 to 5.5.10.

Release notes

Sourced from @​pdfme/common's releases.

5.5.0

What's Changed

Full Changelog: pdfme/pdfme@5.4.8...5.5.0

5.4.1

What's Changed

🔒 Security

  • XSS vulnerability prevention for replacePlaceholders function (#1117) - Implemented comprehensive XSS protection with safe object property assignment and enhanced input sanitization to prevent prototype pollution attacks

📚 Documentation

  • Enhanced CLAUDE.md with comprehensive development guide (#1113) - Added detailed project overview, architecture documentation, common commands, troubleshooting guide, and development workflow instructions for better developer experience

🧹 Code Quality & Testing

  • Organized generator tests (#1098) - Refactored and improved test organization for better maintainability
  • Enhanced integration tests - Added iframe auto-focus functionality, improved test reliability with better error handling and server readiness checks
  • Code formatting improvements - Applied consistent prettier formatting across the codebase

🔧 Infrastructure & DevOps

  • Added Claude GitHub Actions integration (#1101) - Integrated Claude Code AI assistant for automated code reviews and assistance
  • Added llm.txt for AI content understanding (#1100) - Improved AI/LLM compatibility and SEO optimization
  • Removed obsolete documentation and files - Cleaned up repository structure by removing outdated documentation and ignore files

📦 Dependencies

Updated numerous dependencies for security and performance improvements:

  • antd: 5.26.25.26.3
  • prettier: 3.6.13.6.2
  • @​types/node: 24.0.424.0.8
  • lucide-react: 0.523.00.525.0
  • @​babel/core: 7.27.47.27.7
  • Multiple eslint package updates
  • Various other dependency updates for security patches and bug fixes

🐛 Bug Fixes

  • Fixed import/export module issues
  • Improved error logging in server ready detection
  • Enhanced type safety across multiple packages

🙏 Contributors

Thanks to all contributors who made this release possible!

Full Changelog: pdfme/pdfme@5.2.0...5.4.1

5.2.0

What's Changed

... (truncated)

Commits
  • f838f25 Merge pull request #1398 from pdfme/fix/security-vulnerabilities
  • 41dffae fix(security): address PR review - IPv6 SSRF bypass and ensureBuffer defensiv...
  • 8c3b6a7 fix(security): address decompression bomb, XSS, and SSRF vulnerabilities
  • e5ec86f build(deps-dev): bump babel-loader from 10.0.0 to 10.1.1 (#1394)
  • eb6e76d build(deps-dev): bump @​types/fontkit from 2.0.8 to 2.0.9 (#1390)
  • 378515e build(deps): bump dompurify from 3.3.1 to 3.3.3 (#1383)
  • 97042e8 build(deps-dev): bump esbuild from 0.27.3 to 0.27.4 (#1385)
  • 3130c92 build(deps-dev): bump jest-image-snapshot from 6.5.1 to 6.5.2 (#1384)
  • 17ac3ba build(deps-dev): bump postcss from 8.5.6 to 8.5.8 (#1382)
  • 2f828c2 build(deps-dev): bump the eslint-packages group with 3 updates (#1380)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​pdfme/common since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps-dev): bump @pdfme/common from 4.5.2 to 5.5.10 in /vite
7de811d 
Bumps [@pdfme/common](https://github.com/pdfme/pdfme) from 4.5.2 to 5.5.10.
- [Release notes](https://github.com/pdfme/pdfme/releases)
- [Changelog](https://github.com/pdfme/pdfme/blob/main/RELEASE.md)
- [Commits](pdfme/pdfme@4.5.2...5.5.10)

---
updated-dependencies:
- dependency-name: "@pdfme/common"
  dependency-version: 5.5.10
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants