Skip to content

Bump xmldom and jsreport in /jsreport#20

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/jsreport/xmldom-and-jsreport--removed
Open

Bump xmldom and jsreport in /jsreport#20
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/jsreport/xmldom-and-jsreport--removed

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Nov 2, 2022

Removes xmldom. It's no longer used after updating ancestor dependency jsreport. These dependencies need to be updated together.

Removes xmldom

Updates jsreport from 2.6.0 to 3.8.0

Release notes

Sourced from jsreport's releases.

3.8.0

highlights of updates

general updates

  • the default chrome that comes with jsreport and the chrome versions installed in docker were updated to use Chrome 105
  • all extensions dependencies were updated to ensure that we don't use vulnerable packages, so npm audit now reports 0 vulnerabilities in most cases
  • config.json is now a reserved name, entities can not use this name anymore
  • improvements to xlsx recipe when office template contain shared formulas/strings
  • improvements to cli and support to customize service name in win-install command
  • new features in pdf-utils (pdf accessibility, pdf/A, cross page clickable links, support for pdf generated with phantom native headers)
  • add support for embedding html in docx recipe (docxHtml helper)

core

  • make "config.json" a reserved name for entities
  • update vm2 to fix security issue

assets

  • asset not found is marked as weak error

reports

  • remove meaningless log

fs-store

  • fix $in queries

xlsx

  • fix xlsx generation with template using shared formulas
  • fix producing corrupted shared strings

cli

  • add support for tempDirectory and service name to win-install command

pdf-utils

  • add option pdfAccessibility.enabled to support copying accessibility tags
  • add support for generating files with pdf/A compliance
  • add pdfDest helper to support cross page clickable links
  • support phantom with native header in pdf utils

docx

  • add initial support for embedding html in docx (docxHtml helper)
  • add helper docxTOCOptions to support configuring TOC behavior (only option available there right now is updateFields which controls if the generated docx file should show a prompt when it is being open in Word to decide if the TOC should be updated)

... (truncated)

Commits
  • 65c6671 release jsreport 3.8.0
  • e52a0aa update Chrome to 105
  • b0f41b0 update chromium to 105 for default image
  • 14443fc release @​jsreport/jsreport-docx 3.5.1
  • e971b98 docx: fix normalizing space for middle text element
  • 6c70c50 add support to showing changed files in specific commit to scripts/changed.js
  • 9fef083 warn when packages was already published in the output of scripts/changed
  • bac18a9 include npm version in registry in the output of scripts/changed
  • b332ade release extensions 3.8.0
  • d1303fc docx: add helper docxTOCOptions to configure TOC behaviour
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump xmldom and jsreport in /jsreport
a306613 
Removes [xmldom](https://github.com/xmldom/xmldom). It's no longer used after updating ancestor dependency [jsreport](https://github.com/jsreport/jsreport). These dependencies need to be updated together.


Removes `xmldom`

Updates `jsreport` from 2.6.0 to 3.8.0
- [Release notes](https://github.com/jsreport/jsreport/releases)
- [Changelog](https://github.com/jsreport/jsreport/blob/master/RELEASE.md)
- [Commits](jsreport/jsreport@2.6.0...3.8.0)

---
updated-dependencies:
- dependency-name: xmldom
  dependency-type: indirect
- dependency-name: jsreport
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants