This release fixes two security vulnerabilities:

• Upgrade optional dependency canvg to 3.0.11
• Fix a ReDoS vulnerability in the addImage method and the methods html and addSvgAsImage, which depend on addImage

This major release officially drops support for Internet Explorer and fixes a security vulnerability in the html function by updating the optional dependency dompurify to v3.2.4. There are no other breaking changes.

New Contributors

• @nlqivision made their first contribution in #3812
• @dependabot made their first contribution in #3826
• @hainenber made their first contribution in #3827

Full Changelog: v2.5.2...v3.0.0

This release upgrades the Dompurify dependency to 2.5.4 with fixes a vulnerability with high severity: GHSA-mmhx-hmjr-r674.

It also upgrades fflate, core-js, and @babel/runtime to more recent versions.

What's Changed

• Implement justifying for unicode fonts by @owenl131 in #3285
• chore: update dompurify version 2.5.4 by @MarcioMeier in #3768
• [Snyk] Upgrade fflate from 0.4.8 to 0.8.1 by @MrRio in #3666
• [Snyk] Upgrade core-js from 3.6.5 to 3.33.0 by @MrRio in #3664
• [Snyk] Upgrade @babel/runtime from 7.14.6 to 7.23.2 by @MrRio in #3665

This release fixes two security related issues.

• #3348: Check integrity when loading the pdfobject lib from CDN in calls to output('pdfobjectnewwindow')
• #3368: Fix inefficient regular expression in setDisplayMode (CWE-1333)

This release adds some minor new features and fixes some bugs, e.g. related to multiline text. Thanks to all contributors!

New Features

• #3324 add getLineWidth function
• #3294: add horizontalScale option to text function

Bugfixes

• #3271: fix html function only rendering on the first invocation per document
• #3304, #3295: fix context2D.closePath (now properly closes the path)
• #3274: fix Acroform text fields with multiline text
• #3281: fix textWithLink for multiline text
• #3283: fix lineHeightFactor in text options having no effect
• #3302: fixes to html typings
• #3272: fix return type of save function in typings (promise overload)

This release brings long awaited improvements to the html function and many other bugfixes and improvements. Thanks to all contributors!

• #3203: Add width and windowWidth options to the html method, which will make correct scaling much easier.
• #2977: Add/implement margin option for html method and add autoPaging option with two different modes: 'slice' and 'text'.
• #3169: Add setLineDash and lineDashOffset to context2d.
• #3039: Add rowStart and cellStart events and headerTextColor property to `table' function
• #3132: Fix possibly negative line widths in context2d.
• #3217: Fix setFont with fontWeight parameter for the built-in basic fonts
• #3173: Fix violation of strict mode.
• #3121: Improve addImage performance.
• #3124: Allow to pass RGBA array to addImage.
• #3135: Fix possibly imbalanced render target stack with form objects.
• #3148: Add getDrawColor function to typings.
• #3149: Fix font name escaping.
• #3150: Throw an error when a zero size canvas is passed to addImage.
• #3168: Fix word spacing after justified text.
• #3215: Fix nullability of style arguments of geometry methods.
• #3108: Complete the jsPDFOptions type in the typings.
• #3119: Improve typings of the output function.

Small bugfixes. Thanks to all contributors!

• #3073: fix HTMLAnchorElement is not defined in file saver
• #3078: fix exception in getTextDimensions() with maxWidth set
• #3087: fix typings of table() function
• #3091: fix ReDos vulnerability in addImage function
• #3099: improve documentation of output function

A couple of bugfixes, improved font handling and faster compression.

• #3026: Fix alignment of links created with textWithLink
• #3032: Fix alignment of table headers
• #3062: Fix a bug where the options.flags parameter was ignored by the text method and consequently had the wrong defaults. This lead to garbled characters sometimes and was a regression to 1.5.3.
• #3014: Add typings for internal events API
• #3036: Support for numeric font weights and separation of font weight and font style
• #3040: New fontFaces option for the html method that allows to add fonts similar CSS @font-face rules (no addFont calls required anymore). When supplied, fonts are resolved using the CSS 3 font loading algorithm.
• #3054: replace pako library with fflate leading to faster compression and smaller bundle sizes.

Incorporates many of the awesome contributions in context of the Hacktoberfest. Thanks to all the contributors!

• #2944: Fix PDF compression. Special thanks to @markotaht!
• #2959: Add support for PDF encryption. Special thanks to @owenl131!
• #3018: Fix font name escaping
• #3017: Fix dependencies in bower.json
• #3014: Added typings for the events API
• #2982: Bump dompurify version to fix cve-2020-7691
• #2981: Fix Canvg import
• #2946: Remove API, that was removed in the 2.0.0 release, also from the typings
• #2943: Fix links on pages with different size than the first page
• #2942: Fix multiline texts in combination with the maxWidth text option
• #2933, #3021: Fix typings of exported types like ImageCompression
• #2915: Fix documentation of text method
• #2906: Fix "Could not load <module>" error messages
• #2905: Fix usages of atob/btoa in Internet Explorer and "old Edge"

• #2893, #2880: Fixed html() typings and JSDoc documentation
• #2884: Fix type of events in typings
• #2881: Fix building jsPDF with Parcel v2