chore(deps): bump the minor-and-patch group across 1 directory with 10 updates by dependabot[bot] · Pull Request #15 · ABCrimson/NextCalc

dependabot · 2026-03-01T06:37:29Z

Bumps the minor-and-patch group with 10 updates in the / directory:

Package	From	To
graphql	`16.12.0`	`16.13.0`
turbo	`2.8.10`	`2.8.12`
@types/node	`25.3.0`	`25.3.3`
@tanstack/react-virtual	`3.13.18`	`3.13.19`
katex	`0.16.28`	`0.16.33`
three	`0.183.1`	`0.183.2`
hono	`4.12.2`	`4.12.3`
@cloudflare/workers-types	`4.20260302.0`	`4.20260305.0`
wrangler	`4.67.0`	`4.69.0`
modern-pdf-lib	`0.12.1`	`0.15.1`

Updates graphql from 16.12.0 to 16.13.0

Release notes

Sourced from graphql's releases.

16.13.0

v16.13.0 (2026-02-24)

New Feature 🚀

#4458 Sibling errors should not be added after propagation (@yaacovCR)

Bug Fix 🐞

#4336 add deprecated note to assertValidExecutionArguments (@yaacovCR)

#4517 fix(validation): incorrect validation errors when variable descriptions are used (@phryneas)

Internal 🏠

#4506 Version packages (@JoviDeCroock)

#4514 chore: always ignore scripts (@benjie)

#4524 update contributing (@yaacovCR)

Committers: 4

Benjie(@benjie)

Jovi De Croock(@JoviDeCroock)

Lenz Weber-Tronic(@phryneas)

Yaacov Rydzinski (@yaacovCR)

Commits

7569989 16.13.0
49450d8 Revert "deprecate (internal) buildResolveInfo in favor of (internal) ResolveI...
4149722 deprecate (internal) buildResolveInfo in favor of (internal) ResolveInfo clas...
4c057eb add deprecated note to assertValidExecutionArguments (#4336)
3f8f27a fix(validation): incorrect validation errors when variable descriptions are u...
b34a4cd update contributing (#4524)
abddd09 Sibling errors should not be added after propagation (#4458)
d26810b Alter contributing
5f4602d 16.12.0
d239841 chore: always ignore scripts (#4514)
See full diff in compare view

Updates turbo from 2.8.10 to 2.8.12

Release notes

Sourced from turbo's releases.

Turborepo v2.8.12

What's Changed

Changelog

chore: Reduce compile times by deduplicating thiserror and itertools by @anthonyshew in vercel/turborepo#12000

chore: Upgrade axum 0.7 to 0.8, deduplicate tower/tower-http by @anthonyshew in vercel/turborepo#12003

fix: Prevent peerDependencies from overwriting concrete dependency specifiers by @anthonyshew in vercel/turborepo#12004

fix: Resolve correct nested package version in bun lockfile pruning by @anthonyshew in vercel/turborepo#12008

fix: Resolve all lockfile pruning test failures by @anthonyshew in vercel/turborepo#12009

perf: Extract query module into turborepo-query crate by @anthonyshew in vercel/turborepo#12007

refactor: Migrate dry-json prysk tests to Rust + insta snapshots by @anthonyshew in vercel/turborepo#12010

perf: Deduplicate petgraph, fixedbitset, and dashmap by @anthonyshew in vercel/turborepo#12011

refactor: Migrate persistent-dependencies and task-dependencies to Rust + insta by @anthonyshew in vercel/turborepo#12012

test: Add lockfile-tests fixture for issue #12013 by @anthonyshew in vercel/turborepo#12014

perf: Remove libgit2/git2 dependency, replace with gix-object by @anthonyshew in vercel/turborepo#12015

refactor: Migrate daemon, jsonc, query, edit-turbo-json tests to Rust by @anthonyshew in vercel/turborepo#12016

perf: Remove async-graphql from turborepo-lib by @anthonyshew in vercel/turborepo#12017

refactor: Migrate inference and run-logging tests to Rust by @anthonyshew in vercel/turborepo#12018

refactor: Migrate run-caching and strict-env-vars tests to Rust by @anthonyshew in vercel/turborepo#12020

fix: Mark lockfile-aware-caching/bun prysk test as flaky by @anthonyshew in vercel/turborepo#12021

fix: Add nextest retries for flaky tests by @anthonyshew in vercel/turborepo#12027

refactor: Migrate prune and run-summary tests to Rust by @anthonyshew in vercel/turborepo#12022

fix: Add nextest retries for flaky prysk tests by @anthonyshew in vercel/turborepo#12030

fix: Add nextest retries for flaky prune_test::test_prune_composable_config by @anthonyshew in vercel/turborepo#12032

fix: Suppress npm upgrade notices in Rust integration tests by @anthonyshew in vercel/turborepo#12033

Full Changelog: vercel/turborepo@v2.8.11...v2.8.12

Turborepo v2.8.12-canary.3

What's Changed

Changelog

fix: Add nextest retries for flaky prune_test::test_prune_composable_config by @anthonyshew in vercel/turborepo#12032

fix: Suppress npm upgrade notices in Rust integration tests by @anthonyshew in vercel/turborepo#12033

Full Changelog: vercel/turborepo@v2.8.11-canary.28...v2.8.12-canary.3

Turborepo v2.8.12-canary.2

What's Changed

Changelog

chore: Upgrade axum 0.7 to 0.8, deduplicate tower/tower-http by @anthonyshew in vercel/turborepo#12003

Full Changelog: vercel/turborepo@v2.8.12-canary.1...v2.8.12-canary.2

... (truncated)

Commits

50a9e4b publish 2.8.12 to registry
2bc9f04 release(turborepo): 2.8.12-canary.3 (#12035)
829b351 ci: Disable flaky Rust unit tests from release pipeline (#12034)
f698b04 fix: Suppress npm upgrade notices in Rust integration tests (#12033)
b47e099 fix: Add nextest retries for flaky prune_test::test_prune_composable_config (...
9479a54 ci: Use larger runners for macOS Rust tests (#12029)
9b66431 fix: Add nextest retries for flaky prysk tests (#12030)
0c1bd47 ci: Increase Rust test partitions from 4 to 10 (#12028)
329bdb5 refactor: Migrate prune and run-summary tests to Rust (#12022)
9d90270 fix: Add nextest retries for flaky tests (#12027)
Additional commits viewable in compare view

Updates @types/node from 25.3.0 to 25.3.3

Commits

See full diff in compare view

Updates @tanstack/react-virtual from 3.13.18 to 3.13.19

Release notes

Sourced from @tanstack/react-virtual's releases.

@tanstack/react-virtual@3.13.19

Patch Changes

Updated dependencies [843109c]:

@tanstack/virtual-core@3.13.19

Changelog

Sourced from @tanstack/react-virtual's changelog.

3.13.19

Patch Changes

Updated dependencies [843109c]:

@tanstack/virtual-core@3.13.19

Commits

e0e4dcd ci: Version Packages (#1131)
See full diff in compare view

Updates katex from 0.16.28 to 0.16.33

Release notes

Sourced from katex's releases.

v0.16.33

0.16.33 (2026-02-23)

Bug Fixes

scss: forward variables to fonts module (#4146) (9349a64)

v0.16.32

0.16.32 (2026-02-22)

Bug Fixes

italic separation in \mathnormal (#4143) (71305a0)

v0.16.31

0.16.31 (2026-02-22)

Bug Fixes

\*frac sizing (#4137) (ef51f18)

v0.16.30

0.16.30 (2026-02-22)

Bug Fixes

no line breaks after \not (#4140) (2d1ba86)

v0.16.29

0.16.29 (2026-02-22)

Bug Fixes

\imath and other \html@mathml macros in arguments (#4139) (a850cce)

Changelog

Sourced from katex's changelog.

0.16.33 (2026-02-23)

Bug Fixes

scss: forward variables to fonts module (#4146) (9349a64)

0.16.32 (2026-02-22)

Bug Fixes

italic separation in \mathnormal (#4143) (71305a0)

0.16.31 (2026-02-22)

Bug Fixes

\*frac sizing (#4137) (ef51f18)

0.16.30 (2026-02-22)

Bug Fixes

no line breaks after \not (#4140) (2d1ba86)

0.16.29 (2026-02-22)

Bug Fixes

\imath and other \html@mathml macros in arguments (#4139) (a850cce)

Commits

aa7742c chore(release): 0.16.33 [ci skip]
9349a64 fix(scss): forward variables to fonts module (#4146)
3590b82 chore(release): 0.16.32 [ci skip]
71305a0 fix: italic separation in \mathnormal (#4143)
7933853 chore(release): 0.16.31 [ci skip]
ef51f18 fix: \*frac sizing (#4137)
9ff1ac0 chore(release): 0.16.30 [ci skip]
2d1ba86 fix: no line breaks after \not (#4140)
f472dc6 chore(release): 0.16.29 [ci skip]
a850cce fix: \imath and other \html@mathml macros in arguments (#4139)
Additional commits viewable in compare view

Updates three from 0.183.1 to 0.183.2

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by mugen87, a new releaser for three since your current version.

Updates hono from 4.12.2 to 4.12.3

Release notes

Sourced from hono's releases.

v4.12.3

What's Changed

fix(validator): prevent type diff bug in form data parsing by @EdamAme-x in honojs/hono#4753

fix(jwt): use Math.floor instead of bitwise OR for safe timestamp by @EdamAme-x in honojs/hono#4754

fix(jwt): fix JwtVariables for ContextVariableMap by @yusukebe in honojs/hono#4764

fix(types): remove DOM type dependencies from ClientResponse and request method by @YevheniiKotyrlo in honojs/hono#4768

fix(types): correct middleware types by @hmnd in honojs/hono#4774

fix(jwt): prevent memory leak by avoiding mutation of options object by @EdamAme-x in honojs/hono#4759

New Contributors

@YevheniiKotyrlo made their first contribution in honojs/hono#4768

@hmnd made their first contribution in honojs/hono#4774

Full Changelog: honojs/hono@v4.12.2...v4.12.3

Commits

790c57b 4.12.3
bda46ac fix(jwt): prevent memory leak by avoiding mutation of options object (#4759)
0f505f4 fix(types): correct middleware types (#4774)
eb9c112 fix(types): remove DOM type dependencies from ClientResponse and request meth...
b1df304 fix(jwt): fix JwtVariables for ContextVariableMap (#4764)
e4602ad fix(jwt): use Math.floor instead of bitwise OR for safe timestamp (#4754)
4bb70fa fix(validator): prevent type diff bug in form data parsing (#4753)
See full diff in compare view

Updates @cloudflare/workers-types from 4.20260302.0 to 4.20260305.0

Commits

See full diff in compare view

Updates wrangler from 4.67.0 to 4.69.0

Release notes

Sourced from wrangler's releases.

wrangler@4.69.0

Minor Changes
#12625 c0e9e08 Thanks @WillTaylorDev! - Add cache configuration option for enabling worker cache (experimental)

You can now enable cache before worker execution using the new cache configuration:
{
	"cache": {
		"enabled": true,
	},
}
This setting is environment-inheritable and opt-in. When enabled, cache behavior is applied before your worker runs.

Note: This feature is experimental. The runtime API is not yet generally available.
Patch Changes

#12661 99037e3 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260302.0 1.20260303.0

#12680 295297a Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260303.0 1.20260305.0

#12671 f765244 Thanks @MattieTK! - fix: Only redact account names in CI environments, not all non-interactive contexts

The multi-account selection error in getAccountId now only redacts account names when running in a CI environment (detected via ci-info). Non-interactive terminals such as coding agents and piped commands can now see account names, which they need to identify which account to configure. CI logs remain protected.

Updated dependencies [99037e3, 295297a]:

miniflare@4.20260305.0

wrangler@4.68.1

Patch Changes

... (truncated)

Commits

414799d Version Packages (#12670)
295297a chore(deps): bump the workerd-and-workers-types group with 2 updates (#12680)
99037e3 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12661)
f765244 fix: restrict account name redaction to CI environments only (#12671)
c0e9e08 [wrangler] Add worker cache configuration support (#12625)
07531a2 Version Packages (#12663)
294297e Update Waku autoconfig logic (#12657)
603fe18 fix: add maxRetries to recursive directory removal for Windows EBUSY (#12629)
19df099 [wrangler] Split deploy.test.ts into 15 focused test files (#12642)
3d6e421 [C3/wrangler] Fix Angular localhost SSR blocking in development mode (#12648)
Additional commits viewable in compare view

Updates modern-pdf-lib from 0.12.1 to 0.15.1

Release notes

Sourced from modern-pdf-lib's releases.

v0.15.1

Fixed

CLI build: Added src/cli/index.ts as a tsdown entry point so dist/cli/index.mjs is produced during build. Previously, npx modern-pdf optimize would fail because the CLI file was never emitted.

CJS compatibility: Replaced top-level await in CLI entry with an async main() wrapper to avoid Top-level await is not supported with CJS output build errors.

Full Changelog: ABCrimson/modern-pdf-lib@v0.15.0...v0.15.1

v0.15.0 — JPEG WASM & Image Optimization

Added

JPEG WASM module: New Rust WASM crate (src/wasm/jpeg/) using jpeg-encoder 0.7 + jpeg-decoder 0.3 for high-performance JPEG encoding and decoding. TypeScript bridge (initJpegWasm(), encodeJpegWasm(), decodeJpegWasm()) with graceful JS fallback when WASM is unavailable.

JPEG quality auto-detection: estimateJpegQuality(jpegBytes) analyzes DQT (quantization table) markers to reverse-engineer the original JPEG quality level (1–100). Pure TypeScript — no WASM required.

Progressive JPEG support: progressive option for JPEG encoding produces progressive scan-order JPEGs (better for web delivery).

Chroma subsampling control: chromaSubsampling option ('4:4:4' | '4:2:2' | '4:2:0') for JPEG encoding. Default '4:2:0' matches industry standard for smallest files.

CMYK JPEG handling: Automatic CMYK→RGB conversion before JPEG encoding using the standard formula R = 255 × (1 − C/255) × (1 − K/255).

Batch image optimization API: optimizeAllImages(doc, options) walks all image XObjects in a parsed PDF, recompresses them as JPEG, and replaces stream data in-place. Returns detailed OptimizationReport with per-image breakdown. Options: quality, maxDpi, progressive, chromaSubsampling, skipSmallImages, minSavingsPercent, autoGrayscale.

Image extraction API: extractImages(doc) collects metadata for all image XObjects across all pages. decodeImageStream(imageInfo) decodes stream data for further processing.

Image deduplication: deduplicateImages(doc) detects identical images by FNV-1a hashing and replaces duplicate references with a single canonical copy. Returns DeduplicationReport with bytes-saved statistics.

Grayscale auto-detection: isGrayscaleImage() detects RGB images where all pixels are effectively grayscale (R ≈ G ≈ B within tolerance). convertToGrayscale() converts using ITU-R BT.601 luma formula, saving ~66% for RGB→grayscale.

DPI-aware downscaling: computeImageDpi() and computeTargetDimensions() calculate effective DPI from pixel dimensions and display size in points. Used by batch optimizer for automatic DPI-based downscaling.

CLI tool: npx modern-pdf optimize input.pdf output.pdf [options] — command-line interface for image optimization with --quality, --progressive, --grayscale, --dedup, --chroma, --verbose options.

Image optimization VitePress guide (docs/guide/image-optimization.md): Comprehensive guide covering the full image optimization API, CLI usage, and options reference.

Changed

WASM modules: 5 → 6 (added jpeg for JPEG encode/decode).

Test count: 2,243 → 2,323 across 110 test suites (was 103).

package.json: Added "bin": { "modern-pdf": "./dist/cli/index.mjs" } for CLI support.

Full Changelog: ABCrimson/modern-pdf-lib@v0.14.1...v0.15.0

v0.14.1

Added

Unified embedImage() method: Auto-detects PNG (magic bytes 89 50 4E 47) vs JPEG (FF D8 FF) from the raw file data — no need to call embedPng() or embedJpeg() separately. Accepts Uint8Array or ArrayBuffer, throws descriptive errors for unsupported formats.

Image optimization API exports: downscaleImage(), recompressImage(), and optimizeImage() are now exported from the main entry point along with their option types (DownscaleOptions, RecompressOptions, ImageOptimizeOptions, RawImageData, OptimizeResult).

SASLprep password normalization (RFC 4013): V=5/R=6 (AES-256) password preparation now follows the full SASLprep profile — B.1 "mapped to nothing" characters are stripped, non-ASCII spaces are normalized to U+0020, NFKC normalization is applied, and prohibited characters (control chars, private use, surrogates, tagging) are rejected. This ensures correct password handling for internationalized passwords per ISO 32000-2.

Visible signature appearances: signPdf() now accepts an appearance option with rect, text, fontSize, backgroundColor, borderColor, and borderWidth. When provided, the signature renders as a visible box on the page with auto-generated text (signer name from certificate CN, reason, location, date) or custom text lines. Uses a PDF Form XObject appearance stream with Helvetica.

Popup annotation type (PdfPopupAnnotation): Floating window annotation that displays parent annotation text. Supports isOpen()/setOpen() and setParent()/getParent() for linking to parent annotations. Reference: PDF 1.7 §12.5.6.14.

Caret annotation type (PdfCaretAnnotation): Marks text insertion points in review workflows. Supports getSymbol()/setSymbol() ('None' | 'P' for paragraph) and getCaretRect()/setCaretRect() for inner rectangle (RD) insets. Reference: PDF 1.7 §12.5.6.11.

File attachment annotation type (PdfFileAttachmentAnnotation): Embeds a file as a clickable icon on a page. Supports getIcon()/setIcon() ('GraphPushPin' | 'PaperclipTag' | 'Paperclip' | 'Tag'), getFileName(), and buildFileSpec(registry) for building the embedded file stream, EF dictionary, and file specification. Reference: PDF 1.7 §12.5.6.15.

Digital signatures guide (docs/guide/signatures.md): Comprehensive guide covering invisible and visible signing, verification, low-level ByteRange API, external signers, RFC 3161 timestamping, and key preparation with OpenSSL.

Accessibility & tagged PDF guide (docs/guide/accessibility.md): Guide covering document language, title metadata, font embedding for Unicode, color contrast, multilingual content, PDF/UA compliance checklist, and XMP metadata.

Annotations guide (docs/guide/annotations.md): Complete reference for all 18 annotation types with code examples — Text, Link, FreeText, Highlight, Underline, Squiggly, StrikeOut, Line, Square, Circle, Polygon, PolyLine, Stamp, Ink, Redact, Popup, Caret, FileAttachment. Includes annotation flags, appearance generation, and parsing from existing PDFs.

Performance

... (truncated)

Changelog

Sourced from modern-pdf-lib's changelog.

[0.15.1] - 2026-02-28

Fixed

CLI build: Added src/cli/index.ts as a tsdown entry point so dist/cli/index.mjs is produced during build. Previously, npx modern-pdf optimize would fail because the CLI file was never emitted.

CJS compatibility: Replaced top-level await in CLI entry with an async main() wrapper to avoid Top-level await is not supported with CJS output build errors.

[0.15.0] - 2026-02-28

Added

JPEG WASM module: New Rust WASM crate (src/wasm/jpeg/) using jpeg-encoder 0.7 + jpeg-decoder 0.3 for high-performance JPEG encoding and decoding. TypeScript bridge (initJpegWasm(), encodeJpegWasm(), decodeJpegWasm()) with graceful JS fallback when WASM is unavailable.

JPEG quality auto-detection: estimateJpegQuality(jpegBytes) analyzes DQT (quantization table) markers to reverse-engineer the original JPEG quality level (1–100). Pure TypeScript — no WASM required.

Progressive JPEG support: progressive option for JPEG encoding produces progressive scan-order JPEGs (better for web delivery).

Chroma subsampling control: chromaSubsampling option ('4:4:4' | '4:2:2' | '4:2:0') for JPEG encoding. Default '4:2:0' matches industry standard for smallest files.

CMYK JPEG handling: Automatic CMYK→RGB conversion before JPEG encoding using the standard formula R = 255 × (1 − C/255) × (1 − K/255).

Batch image optimization API: optimizeAllImages(doc, options) walks all image XObjects in a parsed PDF, recompresses them as JPEG, and replaces stream data in-place. Returns detailed OptimizationReport with per-image breakdown. Options: quality, maxDpi, progressive, chromaSubsampling, skipSmallImages, minSavingsPercent, autoGrayscale.

Image extraction API: extractImages(doc) collects metadata for all image XObjects across all pages. decodeImageStream(imageInfo) decodes stream data for further processing.

Image deduplication: deduplicateImages(doc) detects identical images by FNV-1a hashing and replaces duplicate references with a single canonical copy. Returns DeduplicationReport with bytes-saved statistics.

Grayscale auto-detection: isGrayscaleImage() detects RGB images where all pixels are effectively grayscale (R ≈ G ≈ B within tolerance). convertToGrayscale() converts using ITU-R BT.601 luma formula, saving ~66% for RGB→grayscale.

DPI-aware downscaling: computeImageDpi() and computeTargetDimensions() calculate effective DPI from pixel dimensions and display size in points. Used by batch optimizer for automatic DPI-based downscaling.

CLI tool: npx modern-pdf optimize input.pdf output.pdf [options] — command-line interface for image optimization with --quality, --progressive, --grayscale, --dedup, --chroma, --verbose options.

Image optimization VitePress guide (docs/guide/image-optimization.md): Comprehensive guide covering the full image optimization API, CLI usage, and options reference.

Changed

WASM modules: 5 → 6 (added jpeg for JPEG encode/decode).

Test count: 2,243 → 2,323 across 110 test suites (was 103).

package.json: Added "bin": { "modern-pdf": "./dist/cli/index.mjs" } for CLI support.

[0.14.1] - 2026-02-28

Added

Unified embedImage() method: Auto-detects PNG (magic bytes 89 50 4E 47) vs JPEG (FF D8 FF) from the raw file data — no need to call embedPng() or embedJpeg() separately. Accepts Uint8Array or ArrayBuffer, throws descriptive errors for unsupported formats.

Image optimization API exports: downscaleImage(), recompressImage(), and optimizeImage() are now exported from the main entry point along with their option types (DownscaleOptions, RecompressOptions, ImageOptimizeOptions, RawImageData, OptimizeResult).

SASLprep password normalization (RFC 4013): V=5/R=6 (AES-256) password preparation now follows the full SASLprep profile — B.1 "mapped to nothing" characters are stripped, non-ASCII spaces are normalized to U+0020, NFKC normalization is applied, and prohibited characters (control chars, private use, surrogates, tagging) are rejected. This ensures correct password handling for internationalized passwords per ISO 32000-2.

Visible signature appearances: signPdf() now accepts an appearance option with rect, text, fontSize, backgroundColor, borderColor, and borderWidth. When provided, the signature renders as a visible box on the page with auto-generated text (signer name from certificate CN, reason, location, date) or custom text lines. Uses a PDF Form XObject appearance stream with Helvetica.

Popup annotation type (PdfPopupAnnotation): Floating window annotation that displays parent annotation text. Supports isOpen()/setOpen() and setParent()/getParent() for linking to parent annotations. Reference: PDF 1.7 §12.5.6.14.

Caret annotation type (PdfCaretAnnotation): Marks text insertion points in review workflows. Supports getSymbol()/setSymbol() ('None' | 'P' for paragraph) and getCaretRect()/setCaretRect() for inner rectangle (RD) insets. Reference: PDF 1.7 §12.5.6.11.

File attachment annotation type (PdfFileAttachmentAnnotation): Embeds a file as a clickable icon on a page. Supports getIcon()/setIcon() ('GraphPushPin' | 'PaperclipTag' | 'Paperclip' | 'Tag'), getFileName(), and buildFileSpec(registry) for building the embedded file stream, EF dictionary, and file specification. Reference: PDF 1.7 §12.5.6.15.

Digital signatures guide (docs/guide/signatures.md): Comprehensive guide covering invisible and visible signing, verification, low-level ByteRange API, external signers, RFC 3161 timestamping, and key preparation with OpenSSL.

Accessibility & tagged PDF guide (docs/guide/accessibility.md): Guide covering document language, title metadata, font embedding for Unicode, color contrast, multilingual content, PDF/UA compliance checklist, and XMP metadata.

Annotations guide (docs/guide/annotations.md): Complete reference for all 18 annotation types with code examples — Text, Link, FreeText, Highlight, Underline, Squiggly, StrikeOut, Line, Square, Circle, Polygon, PolyLine, Stamp, Ink, Redact, Popup, Caret, FileAttachment. Includes annotation flags, appearance generation, and parsing from existing PDFs.

Performance

Per-object encryption key caching: deriveObjectKey() in PdfEncryptionHandler now caches computed keys in a Map<number, Uint8Array> keyed on (objNum << 16) | genNum. For V=1-4 encrypted PDFs, this eliminates redundant MD5 computations when decrypting multiple strings/streams in the same object.

File-level encryption key caching: computeFileEncryptionKey() now maintains an LRU cache (max 32 entries) keyed on password + encryption dictionary parameters. Re-opening the same PDF with the same password skips the expensive key derivation (especially Algorithm 2.B for R=6 which runs 64+ rounds of AES+SHA).

... (truncated)

Commits

d908f17 release: v0.15.1 — documentation update and CLI build fix
98bb568 fix: build CLI entry point and remove top-level await
cadf6c2 feat: v0.15.0 — JPEG WASM module, image optimization, CLI
75fe110 release: v0.14.1 — new annotations, encryption caching, documentation
eaf6da3 test: increase RC4 1MB test timeout to 30s
11eb994 release: v0.14.0 — performance audit, bug fixes, documentation overhaul
6ce8fea chore: bump wasm-bindgen 0.2.113 → 0.2.114 across all WASM modules
ea9246c release: v0.13.0 — JBIG2 WASM bridge, documentation accuracy audit
6d92062 test: expand pattern, transparency, and multilingual test suites
604e320 feat: add linear/radial gradient and tiling pattern support
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot · 2026-03-01T06:37:30Z

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

vercel · 2026-03-01T06:37:32Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nextcalc-pro	Canceled		Mar 1, 2026 9:44pm

…0 updates Bumps the minor-and-patch group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [graphql](https://github.com/graphql/graphql-js) | `16.12.0` | `16.13.0` | | [turbo](https://github.com/vercel/turborepo) | `2.8.10` | `2.8.12` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.0` | `25.3.3` | | [@tanstack/react-virtual](https://github.com/TanStack/virtual/tree/HEAD/packages/react-virtual) | `3.13.18` | `3.13.19` | | [katex](https://github.com/KaTeX/KaTeX) | `0.16.28` | `0.16.33` | | [three](https://github.com/mrdoob/three.js) | `0.183.1` | `0.183.2` | | [hono](https://github.com/honojs/hono) | `4.12.2` | `4.12.3` | | [@cloudflare/workers-types](https://github.com/cloudflare/workerd) | `4.20260302.0` | `4.20260305.0` | | [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.67.0` | `4.69.0` | | [modern-pdf-lib](https://github.com/ABCrimson/modern-pdf-lib) | `0.12.1` | `0.15.1` | Updates `graphql` from 16.12.0 to 16.13.0 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.12.0...v16.13.0) Updates `turbo` from 2.8.10 to 2.8.12 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.8.10...v2.8.12) Updates `@types/node` from 25.3.0 to 25.3.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@tanstack/react-virtual` from 3.13.18 to 3.13.19 - [Release notes](https://github.com/TanStack/virtual/releases) - [Changelog](https://github.com/TanStack/virtual/blob/main/packages/react-virtual/CHANGELOG.md) - [Commits](https://github.com/TanStack/virtual/commits/@tanstack/react-virtual@3.13.19/packages/react-virtual) Updates `katex` from 0.16.28 to 0.16.33 - [Release notes](https://github.com/KaTeX/KaTeX/releases) - [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md) - [Commits](KaTeX/KaTeX@v0.16.28...v0.16.33) Updates `three` from 0.183.1 to 0.183.2 - [Release notes](https://github.com/mrdoob/three.js/releases) - [Commits](https://github.com/mrdoob/three.js/commits) Updates `hono` from 4.12.2 to 4.12.3 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.2...v4.12.3) Updates `@cloudflare/workers-types` from 4.20260302.0 to 4.20260305.0 - [Release notes](https://github.com/cloudflare/workerd/releases) - [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md) - [Commits](https://github.com/cloudflare/workerd/commits) Updates `wrangler` from 4.67.0 to 4.69.0 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.69.0/packages/wrangler) Updates `modern-pdf-lib` from 0.12.1 to 0.15.1 - [Release notes](https://github.com/ABCrimson/modern-pdf-lib/releases) - [Changelog](https://github.com/ABCrimson/modern-pdf-lib/blob/master/CHANGELOG.md) - [Commits](ABCrimson/modern-pdf-lib@v0.12.1...v0.15.1) --- updated-dependencies: - dependency-name: graphql dependency-version: 16.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: turbo dependency-version: 2.8.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@types/node" dependency-version: 25.3.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@tanstack/react-virtual" dependency-version: 3.13.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: katex dependency-version: 0.16.33 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: three dependency-version: 0.183.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: hono dependency-version: 4.12.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@cloudflare/workers-types" dependency-version: 4.20260305.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: wrangler dependency-version: 4.69.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: modern-pdf-lib dependency-version: 0.15.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-01T23:44:52Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

vercel Bot had a problem deploying to Preview March 1, 2026 06:40 Failure

dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-and-patch-29bf083709 branch 3 times, most recently from 49f74bb to e1cdf50 Compare March 1, 2026 21:21

dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-and-patch-29bf083709 branch from e1cdf50 to cc710c7 Compare March 1, 2026 21:33

vercel Bot deployed to Preview March 1, 2026 21:44 View deployment

dependabot Bot closed this Mar 1, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/minor-and-patch-29bf083709 branch March 1, 2026 23:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the minor-and-patch group across 1 directory with 10 updates#15

chore(deps): bump the minor-and-patch group across 1 directory with 10 updates#15
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-29bf083709

dependabot Bot commented on behalf of github Mar 1, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Mar 1, 2026

Uh oh!

vercel Bot commented Mar 1, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Mar 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

16.13.0

v16.13.0 (2026-02-24)

New Feature 🚀

Bug Fix 🐞

Internal 🏠

Committers: 4

Turborepo v2.8.12

What's Changed

Changelog

Turborepo v2.8.12-canary.3

What's Changed

Changelog

Turborepo v2.8.12-canary.2

What's Changed

Changelog

@​tanstack/react-virtual@​3.13.19

Patch Changes

3.13.19

Patch Changes

v0.16.33

0.16.33 (2026-02-23)

Bug Fixes

v0.16.32

0.16.32 (2026-02-22)

Bug Fixes

v0.16.31

0.16.31 (2026-02-22)

Bug Fixes

v0.16.30

0.16.30 (2026-02-22)

Bug Fixes

v0.16.29

0.16.29 (2026-02-22)

Bug Fixes

0.16.33 (2026-02-23)

Bug Fixes

0.16.32 (2026-02-22)

Bug Fixes

0.16.31 (2026-02-22)

Bug Fixes

0.16.30 (2026-02-22)

Bug Fixes

0.16.29 (2026-02-22)

Bug Fixes

v4.12.3

What's Changed

New Contributors

wrangler@4.69.0

Minor Changes

Patch Changes

wrangler@4.68.1

Patch Changes

v0.15.1

Fixed

v0.15.0 — JPEG WASM & Image Optimization

Added

Changed

v0.14.1

Added

Performance

[0.15.1] - 2026-02-28

Fixed

[0.15.0] - 2026-02-28

Added

Changed

[0.14.1] - 2026-02-28

Added

Performance

Uh oh!

dependabot Bot commented on behalf of github Mar 1, 2026

Labels

Uh oh!

vercel Bot commented Mar 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot Bot commented on behalf of github Mar 1, 2026

Uh oh!

dependabot Bot commented on behalf of github Mar 1, 2026 •

edited

Loading

`@tanstack/react-virtual@3`.13.19

vercel Bot commented Mar 1, 2026 •

edited

Loading