[Snyk] Security upgrade jspdf from 3.0.3 to 4.1.0

[maidul98]

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• frontend/package.json
• frontend/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-JSPDF-15182654	828
	Improper Encoding or Escaping of Output SNYK-JS-JSPDF-15182650	813
	XML Injection SNYK-JS-JSPDF-15182644	738
	Race Condition SNYK-JS-JSPDF-15182647	401

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML Injection
🦉 Race Condition
🦉 Improper Encoding or Escaping of Output
🦉 More lessons are available in Snyk Learn

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR upgrades jspdf from version 3.0.3 to 4.1.0 to address 4 security vulnerabilities:

• High severity: Allocation of Resources Without Limits or Throttling (score 828)
• High severity: Improper Encoding or Escaping of Output (score 813)
• Medium severity: XML Injection (score 738)
• Low severity: Race Condition (score 401)

The package is used in a single file (frontend/src/components/utilities/generateBackupPDF.ts) to generate PDF emergency kits containing user account details and secret keys. The usage is straightforward and relies on basic jsPDF APIs (text, addImage, setFont, setFontSize, setTextColor, rect, save).

Potential concerns:

• This is a major version upgrade (3.x → 4.x) which typically indicates breaking changes
• The Snyk metadata confirms this is marked as a breaking change ("isBreakingChange":true)
• The codebase has no automated tests for the PDF generation functionality
• Manual testing is required to verify PDF generation still works correctly after the upgrade

Confidence Score: 3/5

• This PR is safe from a security perspective but requires manual testing to verify functionality due to breaking changes
• The security vulnerabilities being fixed are legitimate and important. However, the confidence score is reduced because: (1) this is a major version upgrade with confirmed breaking changes, (2) there are no automated tests for the affected PDF generation feature, (3) the upgrade could introduce behavioral changes that need manual verification
• Verify that frontend/src/components/utilities/generateBackupPDF.ts still functions correctly after the jspdf upgrade

Important Files Changed

Filename	Overview
frontend/package.json	Upgraded jspdf from ^3.0.2 to ^4.1.0 to fix 4 security vulnerabilities (2 high, 1 medium, 1 low severity)
frontend/package-lock.json	Lock file updated with jspdf 4.1.0 and transitive dependency changes including @babel/runtime upgrade to 7.28.6

[greptile-apps]

_{2 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Test the PDF generation feature (emergency backup kit) thoroughly. Verify:

1. PDF generates successfully from the UI
2. PDF opens and displays correctly
3. All text, images, and formatting remain intact

This is a major version upgrade (3.x → 4.x) with breaking changes, so manual verification is critical.