Update dependency dompdf/dompdf to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
dompdf/dompdf	^2.0 -> ^3.0

---

Release Notes

dompdf/dompdf (dompdf/dompdf)

v3.1.2: Dompdf 3.1.2

Compare Source

Change Highlights

• Fixes issue with the font selection logic introduced in release 3.1.1 #​3661

Issues and PRs can be found in the release milestone. All changes since the previous release can be found in the commit history.

v3.1.1: Dompdf 3.1.1

Compare Source

Change Highlights

• Fixes issue with unending render caused by page breaks on absolute- and fixed-position elements #​3628
• Fixes parsing of non-encoded data-URIs #​3653
• Fixes issue with link box positioning on PDF rotation when using Cpdf in PDF/A mode #​3579
• Fixes issue with encrypted string handling in Cpdf #​3587
• Fixes issue with fonts metadata generated by Cpdf #​3631
• Improves CSS media query handling #​3653
• Improves CSS counter handling #​3655
• Adds support for additional XMP RDF data in Cpdf #​3593
• Adds support for custom document information when using the Cpdf adapter #​3651
• Uses cURL over file_get_contents when available #​3500
• Adds support for custom Canvas adapters #​3578
• Improves PHP 8.5 compatibility #​3654

Issues and PRs can be found in the release milestone. All changes since the previous release can be found in the commit history.

v3.1.0: Dompdf 3.1.0

Compare Source

What's Changed

• Adds initial PDF/A compliance mode (#​3269)
• Adds data-URIs to the resource reference validation logic and handles the same as other resource reference protocols (#​3492)
  • Note: this change requires that users of data URIs include the "data://" scheme in the list of allowed protocols.
  • Allows data-URIs to be used for @font-face declarations
• Adds support for data-URI JPEG images in Cpdf (#​2783)
• Seeks local resources with a leading slash from the specified chroot directories if they are not found from the filesystem root (#​3444)
• Addresses an issue preventing class-based Font Awesome usage (#​3571)

Breaking Change

This release adds the "data://" scheme to the protocol validation rules. Installations that explicitly define the allowed protocols but do not include the "data://" protocol will no longer render data-URIs. This is a change from previous versions, where data-URIs were not processed through the validated rules. Installations that use the default validation rules included with Dompdf should see no impact.

Full Changelog: dompdf/dompdf@v3.0.2...v3.1.0

We would like to extend our gratitude to the community members who helped make this release possible.

v3.0.2

Compare Source

What's Changed

• Improves PHP 8.4 compatibility in in #​3563

3.0.x Highlights

• Adds support for CSS variables (custom properties)
• Adds support for CSS math functions (calc, max, round, etc.)
• Updates the font matching logic to select the appropriate character-supporting font from the styled font families

Full Changelog: dompdf/dompdf@v3.0.1...v3.0.2

---

Requirements

Dompdf 3.0.x requires the following:

• PHP 7.1 or greater
  • MBString
  • GD (for image processing)
• masterminds/html5
• dompdf/php-font-lib
• dompdf/php-svg-lib

For full requirements and recommendations see the requirements page on the wiki.

We would like to extend our gratitude to the community members who helped make this release possible.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_3-0-2.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

v3.0.1: Dompdf 3.0.1

Compare Source

What's Changed

• Improves PHP 8.4 compatibility in #​3556, #​3558
• Fixes stylesheet parsing issues #​3491
  • Modifies internal handling of data-URIs to prevent parsing failures
  • Improves CSS declaration boundary (semi-colon) detection
• Improves CPDF validation of selected font in #​3415

3.0.x Highlights

• Adds support for CSS variables (custom properties)
• Adds support for CSS math functions (calc, max, round, etc.)
• Updates the font matching logic to select the appropriate character-supporting font from the styled font families

Full Changelog: dompdf/dompdf@v3.0.0...v3.0.1

---

Requirements

Dompdf 3.0.x requires the following:

• PHP 7.1 or greater
  • MBString
  • GD (for image processing)
• masterminds/html5
• dompdf/php-font-lib
• dompdf/php-svg-lib

For full requirements and recommendations see the requirements page on the wiki.

We would like to extend our gratitude to the community members who helped make this release possible.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_3-0-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

v3.0.0: Dompdf 3.0.0

Compare Source

Release Highlights

• Adds support for CSS variables (custom properties)
• Adds support for CSS math functions (calc, max, round, etc.)
• Updates the font matching logic to select the appropriate character-supporting font from the styled font families

Additional Changes

• Improves stylesheet handling, including
  • enhanced regular expressions used during stylesheet parsing
  • enhanced media query handling that
    • supports media queries with more than one condition
    • expands logical operators support (not, or)
    • expands media query logic for at-import rules
  • improved value parsing related to case sensitivity
  • improved CSS function parsing and handling
• Improves table border rendering
• Improves automatic counter reset
• Improves compatibility with PDFLib version 10
• Improves security through
  • new "allowedRemoteHosts" option to restrict which remote hosts can be requested
  • new "artifactPathValidation" option to provide a mechanism for validating artifact paths (log file, temp directories, etc.)
  • SVG file reference recursion
• Adds support for rendering unknown input element types
• Fixes IMagick extension temporary directory usage
• Fixes transparency after transform when using the Cpdf backend

The full list of new features and addressed issues can be found in the release milestone. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

---

Requirements

Dompdf 3.0.x requires the following:

• PHP 7.1 or greater
  • MBString
  • GD (for image processing)
• masterminds/html5
• dompdf/php-font-lib
• dompdf/php-svg-lib

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_3-0-0.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

v2.0.8: Dompdf 2.0.8

Compare Source

Change highlights since 2.0.7

This release:

• Addresses potential deprecation notice in artifact path validation

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.8 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-8.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

v2.0.7: Dompdf 2.0.7

Compare Source

Change highlights since 2.0.5

This release:

• Addresses a PHP compatibility issue in the GD back end
• Adds Options class support for validating artifact paths. The default validation does not accept paths that utilize the PHAR protocol.
• Bumps the minimum version of SvgLib to 0.5.2.

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.7 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-7.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

v2.0.5

Compare Source

v2.0.4: Dompdf 2.0.4

Compare Source

Change highlights since 2.0.3

This release addresses the following announced vulnerability:

Vulnerability	References	Type	Severity
Possible DoS caused by infinite recursion when validating SVG images	GHSA-3qx2-6f78-w2j2	Resource Exhaustion	Moderate

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.4 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-4.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

v2.0.3: Dompdf 2.0.3

Compare Source

This release addresses the following vulnerability:

Vulnerability	References	Type	Severity
URI validation failure on SVG parsing	[GHSA-56gj-mvh6-rp75][GHSA-56gj-mvh6-rp75], CVE-2023-24813	Remote Code Execution	Critical

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.3 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Additionally, the following are recommended for optimal use:

• GD (for image processing)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-3.zip" for the packaged release.

v2.0.2: Dompdf 2.0.2

Compare Source

This release has been superseded by version 2.0.3

Change highlights since 2.0.1

• Improved CSS selector parsing and handling, particularly around psuedo-classes
• Addressed issues with too-eager whitespace removal
• Updated Cpdf back end to fix rendering of unclosed paths in SVG images

This release addresses the following vulnerability:

Vulnerability	References	Type	Severity
URI validation failure on SVG parsing	GHSA-3cw5-7cxw-v5qg, CVE-2023-23924	Remote Code Execution	Critical

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

The list of addressed issues can be found in the 2.0.2 release milestone. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.2 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Additionally, the following are recommended for optimal use:

• GD (for image processing)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-2.zip" for the packaged release.

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update dompdf/dompdf:3.1.4 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins --minimal-changes
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - laravel/framework is locked to version v9.48.0 and an update of this package was not requested.
    - laravel/framework v9.48.0 requires league/commonmark ^2.2.1 -> satisfiable by league/commonmark[2.3.8].
    - league/commonmark 2.3.8 requires league/config ^1.1.1 -> satisfiable by league/config[v1.2.0].
    - league/config v1.2.0 requires nette/schema ^1.2 -> satisfiable by nette/schema[v1.2.3].
    - nette/schema v1.2.3 requires php >=7.1 <8.3 -> your php version (8.4.14) does not satisfy that requirement.