Skip to content

chore(deps-dev): bump @pdfme/schemas from 4.5.2 to 5.5.9 in /vite#1430

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/vite/pdfme/schemas-5.5.9
Closed

chore(deps-dev): bump @pdfme/schemas from 4.5.2 to 5.5.9 in /vite#1430
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/vite/pdfme/schemas-5.5.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 18, 2026

Copy link
Copy Markdown
Contributor

Bumps @pdfme/schemas from 4.5.2 to 5.5.9.

Release notes

Sourced from @​pdfme/schemas's releases.

5.5.0

What's Changed

Full Changelog: pdfme/pdfme@5.4.8...5.5.0

5.4.1

What's Changed

🔒 Security

  • XSS vulnerability prevention for replacePlaceholders function (#1117) - Implemented comprehensive XSS protection with safe object property assignment and enhanced input sanitization to prevent prototype pollution attacks

📚 Documentation

  • Enhanced CLAUDE.md with comprehensive development guide (#1113) - Added detailed project overview, architecture documentation, common commands, troubleshooting guide, and development workflow instructions for better developer experience

🧹 Code Quality & Testing

  • Organized generator tests (#1098) - Refactored and improved test organization for better maintainability
  • Enhanced integration tests - Added iframe auto-focus functionality, improved test reliability with better error handling and server readiness checks
  • Code formatting improvements - Applied consistent prettier formatting across the codebase

🔧 Infrastructure & DevOps

  • Added Claude GitHub Actions integration (#1101) - Integrated Claude Code AI assistant for automated code reviews and assistance
  • Added llm.txt for AI content understanding (#1100) - Improved AI/LLM compatibility and SEO optimization
  • Removed obsolete documentation and files - Cleaned up repository structure by removing outdated documentation and ignore files

📦 Dependencies

Updated numerous dependencies for security and performance improvements:

  • antd: 5.26.25.26.3
  • prettier: 3.6.13.6.2
  • @​types/node: 24.0.424.0.8
  • lucide-react: 0.523.00.525.0
  • @​babel/core: 7.27.47.27.7
  • Multiple eslint package updates
  • Various other dependency updates for security patches and bug fixes

🐛 Bug Fixes

  • Fixed import/export module issues
  • Improved error logging in server ready detection
  • Enhanced type safety across multiple packages

🙏 Contributors

Thanks to all contributors who made this release possible!

Full Changelog: pdfme/pdfme@5.2.0...5.4.1

5.2.0

What's Changed

... (truncated)

Commits
  • 3b1769d fix(schemas): prevent XSS via innerHTML injection in select, SVG, and text sc...
  • 723bcdf Merge pull request #1340 from pdfme/dependabot/npm_and_yarn/npm-run-all2-8.0.4
  • ad44236 Merge pull request #1366 from pdfme/dependabot/npm_and_yarn/hotkeys-js-4.0.2
  • 5b2b4dc Merge pull request #1367 from pdfme/dependabot/npm_and_yarn/vite-tsconfig-pat...
  • b024e9f Merge pull request #1341 from pdfme/dependabot/npm_and_yarn/types/jest-image-...
  • de18c27 build(deps-dev): bump vite-tsconfig-paths from 5.1.4 to 6.1.1
  • a221fde build(deps-dev): bump npm-run-all2 from 7.0.2 to 8.0.4
  • 58311a1 build(deps): bump hotkeys-js from 3.13.15 to 4.0.2
  • 8fa67ff build(deps-dev): bump rollup from 4.57.1 to 4.59.0 (#1361)
  • 06e9de3 build(deps-dev): bump @​vitejs/plugin-react from 5.1.2 to 5.1.4 (#1359)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​pdfme/schemas since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps-dev): bump @pdfme/schemas from 4.5.2 to 5.5.9 in /vite
9b9c296 
Bumps [@pdfme/schemas](https://github.com/pdfme/pdfme) from 4.5.2 to 5.5.9.
- [Release notes](https://github.com/pdfme/pdfme/releases)
- [Changelog](https://github.com/pdfme/pdfme/blob/main/RELEASE.md)
- [Commits](pdfme/pdfme@4.5.2...5.5.9)

---
updated-dependencies:
- dependency-name: "@pdfme/schemas"
  dependency-version: 5.5.9
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2026
@dependabot @github

dependabot Bot commented on behalf of github Mar 20, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #1432.

@dependabot dependabot Bot closed this Mar 20, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/vite/pdfme/schemas-5.5.9 branch March 20, 2026 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants