[Snyk] Security upgrade jspdf from 2.5.2 to 4.1.0

[m1981]

Snyk has created this PR to fix 4 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-JSPDF-15182654	828
	Improper Encoding or Escaping of Output SNYK-JS-JSPDF-15182650	813
	XML Injection SNYK-JS-JSPDF-15182644	738
	Race Condition SNYK-JS-JSPDF-15182647	401

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML Injection
🦉 Race Condition
🦉 Improper Encoding or Escaping of Output
🦉 More lessons are available in Snyk Learn

---

Important

Upgrade jspdf to 4.1.0 in package.json to fix security vulnerabilities, with manual pnpm-lock.yaml update needed.

• Dependencies:
  • Upgrade jspdf from 2.5.2 to 4.1.0 in package.json to fix security vulnerabilities.
• Vulnerabilities Fixed:
  • Fixes high severity issues: Allocation of Resources Without Limits, Improper Encoding.
  • Fixes medium severity XML Injection and low severity Race Condition.
• Warnings:
  • pnpm-lock.yaml update failed; requires manual update before merging.

^{This description was created by for 1b9a2fe. You can customize this summary. It will automatically update as commits are pushed.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mychat	Error		Feb 9, 2026 11:40am

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 1b9a2fe in 9 seconds. Click for details.

• Reviewed 13 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 0 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

Workflow ID: wflow_I8io6Be5xmbWz4iq

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[augmentcode]

🤖 Augment PR Summary

Summary: Upgrades jspdf to v4.1.0 to address Snyk-reported vulnerabilities.

Note: The PR only updates package.json; the pnpm-lock.yaml update is still needed before merge.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

The PR description notes pnpm-lock.yaml wasn’t updated; if CI uses --frozen-lockfile, installs will fail or won’t pick up the intended jspdf version. Consider regenerating and committing the lockfile so the upgrade is reproducible.

Severity: high

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

This is a major upgrade (jspdf v2 -> v4) which may include breaking API/module-format changes; it’s worth verifying any jspdf usage still builds and works at runtime after the bump.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}