Upgrade jsPDF to 2.5

[owlbrudder]

Background information

IMPORTANT: If you choose to ignore this issue report template, your issue will be closed as we cannot help without the requested information.

Please make sure you tick (add an x between the square brackets with no spaces) the following check boxes:

• Reporting an issue of an unmodified OSPOS installation
• Checked open and closed issues and no similar issue was already reported (please make sure you searched!)
• Read README, WHATS_NEW, INSTALL.md and UPGRADE
• Read the FAQ for any known install and/or upgrade gotchas (in specific PHP extensions installed)
• Read the wiki
• Executed any database upgrade scripts if an upgrade pre 3.0.0 (e.g. database/2.4_to_3.0.sql)
• Aware the installation code that GitHub master is for developers only and therefore not complete nor stable.

Installation information

• OSPOS version is: 3.4.0-dev
• OSPOS git commit hash is: ceea0fe
• PHP version is: 8.2.14
• MySQL or MariaDB version is: 10.5.23-MariaDB
• OS and version is: Linux 6.6.7-100.fc38.x86_64
• WebServer is: Apache/2.4.58 (Fedora Linux) mod_wsgi/4.9.4 Python/3.11 mod_perl/2.0.12 Perl/v5.36.3
• Selected language is: en-US
• (If applicable) Docker installation:
• (If applicable) Installation package for the LAMP/LEMP stack is:

Issue / Bug / Question / New Feature

I have just moved from PHP 7.4.x to PHP 8.2.x and this required new copies of composer and npm. When I ran npm install, it complained about an old version of uuid. To correct this, I ran npm install uuid@latest. As this it finished, the automatic audit reported 2 critical vulnerabilities (20 vulnerabilities in total). I mentioned this on the devroom thread and jekkos asked me to raise an issue which he would look at sometime.

[jekkos]

We do have a couple of dependabot alerts open
https://github.com/opensourcepos/opensourcepos/security/dependabot

[jekkos]

Tried to run npm audit fix --force and strangely enough it suggested to downgrade gulp and pdf export library. Also one of the alerts is about a library we use and a potential XSS vulnerability it has. I don't think we are affected by that.

[jekkos]

Reduced the critiical warnings by one. Fixing the other issue would require a jspdt upgrade to 2.5.x .Currently bootstrap table depends on 1.x so that will be a breaking change. Will need to investigate further if this is really the only way and if that upgrade would potentially break something in our functionality.

[jekkos]

jspdf might need an upgrade if I understand #3894 correctly

[objecttothis]

jspdf might need an upgrade if I understand #3894 correctly

Yes, the current version of jspdf does not work properly.