Skip to content

[Snyk] Fix for 2 vulnerabilities#30

Open
bozza-man wants to merge 1 commit intomainfrom
snyk-fix-ba8d345d89c941685b59ada0d234d901
Open

[Snyk] Fix for 2 vulnerabilities#30
bozza-man wants to merge 1 commit intomainfrom
snyk-fix-ba8d345d89c941685b59ada0d234d901

Conversation

@bozza-man
Copy link
Member

@bozza-man bozza-man commented Sep 24, 2025

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-JSPDF-12205531		   225  
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-12613773		   89  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@coderabbitai
Copy link

coderabbitai bot commented Sep 24, 2025

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch snyk-fix-ba8d345d89c941685b59ada0d234d901

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@phylum-io
Copy link

phylum-io bot commented Sep 24, 2025

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: canvg@3.0.11 failed.

canvg@3.0.11 is decoding Base64 strings

Risk Domain: Malicious Code
Risk Level: low

Reason: Obfuscated code

Package: jspdf@3.0.2 failed.

jspdf@3.0.2 is decoding Base64 strings

Risk Domain: Malicious Code
Risk Level: low

Reason: Obfuscated code

View this project in the Phylum UI

cursor[bot]
cursor bot reviewed Sep 24, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is being reviewed by Cursor Bugbot

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

Bug: JSPDF Upgrade Breaks Autotable Compatibility

Upgrading jspdf to 3.0.2 creates a peer dependency conflict with jspdf-autotable, which requires jspdf ^2.5.1. This version mismatch may cause compatibility issues or runtime errors.

package.json#L56-L57

CIPP/package.json

Lines 56 to 57 in 412b64d

"javascript-time-ago": "^2.5.9",
"jspdf": "^3.0.2",

package-lock.json#L5716-L5720

CIPP/package-lock.json

Lines 5716 to 5720 in 412b64d

"integrity": "sha512-zW1ix99/mtR4MbIni7IqvrpfHmuTaICl6iv6wqjRN86Nxtwaw/QtOeDbpXqYSzHIJK9JvgtLM283sc5x+ipkJg==",
"peerDependencies": {
"jspdf": "^2.5.1"
}
},

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bozza-man @snyk-bot