[Snyk] Upgrade pdfkit from 0.11.0 to 0.17.2

[grhawkeye]

Snyk has created this PR to upgrade pdfkit from 0.11.0 to 0.17.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.

• The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	510	No Known Exploit

Release notes

Package name: pdfkit

• 0.17.2 - 2025-08-30
  
  • Fix rendering lists that spans across pages
• 0.17.1 - 2025-05-03
  
  • Fix null values in table cells rendering as [object Object]
  • Fix further LineWrapper precision issues
  • Optmize standard font handling. Less code, less memory usage
• 0.17.0 - 2025-04-12
  
  • Fix precision rounding issues in LineWrapper
  • Fix fonts without a postscriptName
  • Add support for dynamic sizing
  • Add support for rotatable text
  • Fix page cascade options when text overflows
  • Add table generation
  • Fix y position when using image() without x and y coordinates
  • Improve Prettier configuration
• 0.16.0 - 2024-12-29
  
  • Update fontkit to 2.0
  • Update linebreak to 1.1
  • Add support for spot colors
  • Add support to scale text horizontally
  • Add an option to keep the indentation after a new line starts and allow to indent a whole paragraph/text element
  • Add Name property for set custom icon for note()
  • Fix sets tab order to "Structure" when a document is tagged
  • Fix font cache collision for fonts with missing postscript name or bad TTF metadata or identical metadata for different fonts
  • Fix for embedding fonts into PDF (font name must not contain spaces)
  • Fix measuring text when OpenType features are passed in to .text()
• 0.15.2 - 2024-12-15
  
  • Fix index not counting when rendering ordered lists (#1517)
  • Fix PDF/A3 compliance of attachments
  • Fix CIDSet generation only for PDF/A1 subset
  • Fix missing acroform font dictionary
  • Fix modify time comparison check equality embedded files
• 0.15.1 - 2024-10-30
  
  • Fix browserify transform sRGB_IEC61966_2_1.icc file
  • Fix time comparison check equality embedded files
• 0.15.0 - 2024-03-24
  
  • Add subset for PDF/UA
  • Fix for line breaks in list items (#1486)
  • Fix for soft hyphen not being replaced by visible hyphen if necessary (#457)
  • Optimize output files by ignoring identity transforms
  • Fix for Acroforms - setting an option to false will still apply the flag (#1495)
  • Fix for text extraction in PDFium-based viewers due to invalid ToUnicodeMap (#1498)
  • Remove deprecated write method
  • Drop support for Node.js < 18 and for browsers released before 2020
• 0.14.0 - 2023-11-09
  
  • Add support for PDF/A-1b, PDF/A-1a, PDF/A-2b, PDF/A-2a, PDF/A-3b, PDF/A-3a
  • Update crypto-js to v4.2.0 (properly fix security issue)
• 0.13.0 - 2021-10-24
  
  • Add tiling pattern support
• 0.12.3 - 2021-08-01
  

  v0.12.3

• 0.12.2 - 2021-08-01
• 0.12.1 - 2021-04-10
• 0.12.0 - 2021-04-04
• 0.11.0 - 2019-12-10

from pdfkit GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[Copilot]

Pull Request Overview

This PR upgrades the pdfkit dependency from version 0.11.0 to 0.17.2 to address a security vulnerability (SNYK-JS-CRYPTOJS-6028119) related to weak hash usage in the crypto-js dependency. The upgrade spans 13 versions and includes numerous bug fixes, performance improvements, and security enhancements.

Key Changes:

• Security fix for weak hash vulnerability in crypto-js
• Updated pdfkit to version 0.17.2 with improved text rendering, font handling, and PDF generation capabilities
• Compatibility maintained with project's Node.js requirements (20-24)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity. 📆 It will be closed automatically in two weeks if no further activity occurs.

[github-actions]

This PR was closed because it has been stalled for 14 days with no activity.