Bump tecnickcom/tcpdf from 6.7.5 to 6.7.7 #2693

dependabot · 2024-11-01T11:53:20Z

Bumps tecnickcom/tcpdf from 6.7.5 to 6.7.7.

Changelog

Sourced from tecnickcom/tcpdf's changelog.

6.7.7 (2024-10-26)

Update regular expression to avoid ReDoS (CVE-2024-22641)

[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675

SVG detection fix for inline data images #646

Fix count svg #647

Since the version 6.7.4, the "0" is considered like empty string and not displayed

Fixed handling of transparency in PDF/A mode in addExtGState method

Encrypt /DA string when document is encrypted

Improve quality of generated seed, avoid potential security pitfall

Try to use random_bytes() first if it's available

Do not include the server parameters in the generated seed, as they might contain sensitive data

Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page

Fix SVG coordinate parser that caused drawing artifacts

Remove usage of xml_set_object() function

6.7.6 (2024-10-06)

Forbid access to parent folder in HTML images.

Commits

cfbc002 Merge pull request #757 from tecnickcom/develop
696d233 Bump version
17fe959 Update regexp to fix CVE-2024-22641
01c96e8 Merge multiple PRs (#756)
dad9e91 Multiple PRs (#755)
4cf1ab1 fix control for all PHP versions
bfa7d2b Forbid access to parent folder in HTML images
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [tecnickcom/tcpdf](https://github.com/tecnickcom/TCPDF) from 6.7.5 to 6.7.7. - [Changelog](https://github.com/tecnickcom/TCPDF/blob/main/CHANGELOG.TXT) - [Commits](tecnickcom/TCPDF@6.7.5...6.7.7) --- updated-dependencies: - dependency-name: tecnickcom/tcpdf dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

coveralls · 2024-11-01T12:12:46Z

coverage: 96.918%. remained the same
when pulling 86dde61 on dependabot/composer/tecnickcom/tcpdf-6.7.7
into feadceb on master.

dependabot bot added the dependencies Pull requests that update a dependency file label Nov 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump tecnickcom/tcpdf from 6.7.5 to 6.7.7 #2693

Bump tecnickcom/tcpdf from 6.7.5 to 6.7.7 #2693

dependabot bot commented on behalf of github Nov 1, 2024

coveralls commented Nov 1, 2024

Bump tecnickcom/tcpdf from 6.7.5 to 6.7.7 #2693

Are you sure you want to change the base?

Bump tecnickcom/tcpdf from 6.7.5 to 6.7.7 #2693

Conversation

dependabot bot commented on behalf of github Nov 1, 2024

coveralls commented Nov 1, 2024