[Snyk] Security upgrade jspdf from 3.0.3 to 4.1.0

[maidul98]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• frontend/package.json
• frontend/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-JSPDF-15182654	828
	XML Injection SNYK-JS-JSPDF-15182644	738
	Race Condition SNYK-JS-JSPDF-15182647	401

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML Injection
🦉 Race Condition
🦉 Allocation of Resources Without Limits or Throttling

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR upgrades jspdf from version 3.0.3 to 4.1.0 to address three security vulnerabilities:

• High severity: Allocation of Resources Without Limits or Throttling (score: 828)
• Medium severity: XML Injection (score: 738)
• Low severity: Race Condition (score: 401)

The upgrade includes a major version bump from v3 to v4. The codebase uses jspdf in a single location (frontend/src/components/utilities/generateBackupPDF.ts) to generate emergency backup PDFs containing user account details. The usage is limited to basic PDF generation methods (text, setFont, setFontSize, addImage, save, etc.).

Key changes:

• jspdf upgraded from ^3.0.2 to ^4.1.0
• @babel/runtime upgraded to 7.28.6 (removes regenerator-runtime dependency)
• Various peer dependency adjustments in package-lock.json

Recommendations:

• Test the PDF generation functionality thoroughly to ensure the upgrade doesn't break the emergency kit PDF generation
• Verify PDF output format, fonts, images, and text positioning remain consistent
• Run the build to check for any TypeScript compilation issues with the new version

Confidence Score: 4/5

• This PR is safe to merge after testing PDF generation functionality
• The upgrade addresses critical security vulnerabilities with minimal code impact. The library is used in only one location for basic PDF generation. While this is a major version upgrade, the API usage appears compatible based on the methods used. The main risk is potential visual or functional changes to PDF output that require verification through testing.
• Pay attention to frontend/src/components/utilities/generateBackupPDF.ts during testing to verify PDF generation still works correctly

Important Files Changed

Filename	Overview
frontend/package.json	Upgrades jspdf from ^3.0.2 to ^4.1.0 to fix security vulnerabilities
frontend/package-lock.json	Updates dependency lockfile with jspdf 4.1.0 and @babel/runtime upgrade to 7.28.6 (removes regenerator-runtime dependency)

[greptile-apps]

_{2 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

test emergency backup PDF generation (generateBackupPDF.ts) after upgrade

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}