fix(deps): update dependency pdfkit to ^0.17.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pdfkit (source)	^0.13.0 -> ^0.17.0

---

Release Notes

foliojs/pdfkit (pdfkit)

v0.17.2

Compare Source

• Fix rendering lists that spans across pages

v0.17.1

Compare Source

• Fix null values in table cells rendering as [object Object]
• Fix further LineWrapper precision issues
• Optmize standard font handling. Less code, less memory usage

v0.17.0

Compare Source

• Fix precision rounding issues in LineWrapper
• Fix fonts without a postscriptName
• Add support for dynamic sizing
• Add support for rotatable text
• Fix page cascade options when text overflows
• Add table generation
• Fix y position when using image() without x and y coordinates
• Improve Prettier configuration

v0.16.0

Compare Source

• Update fontkit to 2.0
• Update linebreak to 1.1
• Add support for spot colors
• Add support to scale text horizontally
• Add an option to keep the indentation after a new line starts and allow to indent a whole paragraph/text element
• Add Name property for set custom icon for note()
• Fix sets tab order to "Structure" when a document is tagged
• Fix font cache collision for fonts with missing postscript name or bad TTF metadata or identical metadata for different fonts
• Fix for embedding fonts into PDF (font name must not contain spaces)
• Fix measuring text when OpenType features are passed in to .text()

v0.15.2

Compare Source

• Fix index not counting when rendering ordered lists (#​1517)
• Fix PDF/A3 compliance of attachments
• Fix CIDSet generation only for PDF/A1 subset
• Fix missing acroform font dictionary
• Fix modify time comparison check equality embedded files

v0.15.1

Compare Source

• Fix browserify transform sRGB_IEC61966_2_1.icc file
• Fix time comparison check equality embedded files

v0.15.0

Compare Source

• Add subset for PDF/UA
• Fix for line breaks in list items (#​1486)
• Fix for soft hyphen not being replaced by visible hyphen if necessary (#​457)
• Optimize output files by ignoring identity transforms
• Fix for Acroforms - setting an option to false will still apply the flag (#​1495)
• Fix for text extraction in PDFium-based viewers due to invalid ToUnicodeMap (#​1498)
• Remove deprecated write method
• Drop support for Node.js < 18 and for browsers released before 2020

v0.14.0

Compare Source

• Add support for PDF/A-1b, PDF/A-1a, PDF/A-2b, PDF/A-2a, PDF/A-3b, PDF/A-3a

• Update crypto-js to v4.2.0 (properly fix security issue)

• Add support for EXIF orientation on JPEG images (#​626 and #​1353)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to improve stability and compatibility.

This is a maintenance release with no user-facing changes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@renovate[bot] has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 10 minutes and 20 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 3fe1e4b and ab689d3.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

📝 Walkthrough

Walkthrough

The pdfkit dependency in package.json is upgraded from ^0.13.0 to ^0.17.0. No other files or changes are present in the diff, and there are no modifications to exported or public API signatures.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title accurately summarizes the main change: upgrading pdfkit dependency from ^0.13.0 to ^0.17.0, which aligns directly with the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0%. Comparing base (71abe5f) to head (ab689d3).

Additional details and impacted files

@@    Coverage Diff     @@
##   main   #93   +/-   ##
==========================
==========================

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[saltenasl]

package-lock.json wasn't updated

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a322609 and 3fe1e4b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build & Test