[Snyk] Security upgrade html-pdf from 1.5.0 to 3.0.0

[vjsrinath]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Arbitrary File Read SNYK-JS-HTMLPDF-467248	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:concat-stream:20160901	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: html-pdf

The new version differs by 64 commits.

• 13b438c 3.0.0
• 296313e chore: Update circleci config
• 236a297 fix: Prevent local file access by default using the `localUrlAccess: false` option
• 85e2470 chore: Add package-lock.json
• 36a551c Fixed error handling
• 4e15719 Satisfying test for TravisCI
• 9349b6f Added null checker
• a0f4500 A better way for handling PhantomJS exits
• 9e14ef5 Fix issue with last header appearing on all pages
• 89a41e3 Extract business card test into separate file
• 63ba98f Re-add business card example pdf
• b0018c4 Fix two of three broken links
• 3127891 Version 2.2.0
• 52f2e2d Rename cliOptions to childProcessOptions
• f1f78a5 Add test for http cookie support
• 84ac0a2 Add http cookie support
• 6830076 Add `manual` renderDelay support using `window.callPhantom`
• 42e2dfb Add test to ensure that renderDelay will render after a specific time
• 7dbc346 Add renderDelay option
• 91b359c Improve `renderDelay` option and add to README.
• 63a8d28 Option for waiting for event to trigger
• 027bfb9 Add callback to unlink functions to get rid of deprecation messages
• 81b38e4 Add child process close event handler
• 5d0a30c Simplify paginationStartPage and rename to paginationOffset

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn