fix(deps): update dependency pdfkit to ^0.17.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pdfkit (source)	^0.13.0 -> ^0.17.0

---

Release Notes

foliojs/pdfkit (pdfkit)

v0.17.2

Compare Source

• Fix rendering lists that spans across pages

v0.17.1

Compare Source

• Fix null values in table cells rendering as [object Object]
• Fix further LineWrapper precision issues
• Optmize standard font handling. Less code, less memory usage

v0.17.0

Compare Source

• Fix precision rounding issues in LineWrapper
• Fix fonts without a postscriptName
• Add support for dynamic sizing
• Add support for rotatable text
• Fix page cascade options when text overflows
• Add table generation
• Fix y position when using image() without x and y coordinates
• Improve Prettier configuration

v0.16.0

Compare Source

• Update fontkit to 2.0
• Update linebreak to 1.1
• Add support for spot colors
• Add support to scale text horizontally
• Add an option to keep the indentation after a new line starts and allow to indent a whole paragraph/text element
• Add Name property for set custom icon for note()
• Fix sets tab order to "Structure" when a document is tagged
• Fix font cache collision for fonts with missing postscript name or bad TTF metadata or identical metadata for different fonts
• Fix for embedding fonts into PDF (font name must not contain spaces)
• Fix measuring text when OpenType features are passed in to .text()

v0.15.2

Compare Source

• Fix index not counting when rendering ordered lists (#​1517)
• Fix PDF/A3 compliance of attachments
• Fix CIDSet generation only for PDF/A1 subset
• Fix missing acroform font dictionary
• Fix modify time comparison check equality embedded files

v0.15.1

Compare Source

• Fix browserify transform sRGB_IEC61966_2_1.icc file
• Fix time comparison check equality embedded files

v0.15.0

Compare Source

• Add subset for PDF/UA
• Fix for line breaks in list items (#​1486)
• Fix for soft hyphen not being replaced by visible hyphen if necessary (#​457)
• Optimize output files by ignoring identity transforms
• Fix for Acroforms - setting an option to false will still apply the flag (#​1495)
• Fix for text extraction in PDFium-based viewers due to invalid ToUnicodeMap (#​1498)
• Remove deprecated write method
• Drop support for Node.js < 18 and for browsers released before 2020

v0.14.0

Compare Source

• Add support for PDF/A-1b, PDF/A-1a, PDF/A-2b, PDF/A-2a, PDF/A-3b, PDF/A-3a

• Update crypto-js to v4.2.0 (properly fix security issue)

• Add support for EXIF orientation on JPEG images (#​626 and #​1353)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to improve stability and compatibility.

This is a maintenance release with no user-facing changes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@renovate[bot] has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 7 minutes and 2 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 3fe1e4b and e77df08.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

📝 Walkthrough

Walkthrough

The pdfkit dependency in package.json is upgraded from ^0.13.0 to ^0.17.0. No other files or changes are present in the diff, and there are no modifications to exported or public API signatures.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title accurately summarizes the main change: upgrading pdfkit dependency from ^0.13.0 to ^0.17.0, which aligns directly with the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0%. Comparing base (e1ec0a7) to head (e77df08).

Additional details and impacted files

@@    Coverage Diff     @@
##   main   #93   +/-   ##
==========================
==========================

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[saltenasl]

package-lock.json wasn't updated

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a322609 and 3fe1e4b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build & Test

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Check the @types/pdfkit version in package.json
sed -n '2600,2620p' package.json | grep -A 5 -B 5 "@types/pdfkit" || grep "@types/pdfkit" package.json

Repository: deepnote/vscode-deepnote

Length of output: 490

---

🏁 Script executed:

# Check if lockfiles exist
ls -la package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null || echo "No lockfile found"

Repository: deepnote/vscode-deepnote

Length of output: 155

---

🏁 Script executed:

# Get full dependency info around pdfkit
grep -n "pdfkit\|@types/pdfkit" package.json

Repository: deepnote/vscode-deepnote

Length of output: 229

---

🌐 Web query:

pdfkit npm changelog 0.13 0.17 breaking changes

💡 Result:

Summary of notable breaking (or potentially breaking) changes between v0.13.0 and v0.17.x of pdfkit:

• Dropped support for older Node.js and older browsers (v0.15.0: "Drop support for Node.js < 18 and for browsers released before 2020"). This can break apps running on older runtimes. [1]
• Removed deprecated PDFDocument#write method (v0.15.0). Code calling .write() must be updated. [1]
• Upgrade of font handling / fontkit: v0.16.0 updates fontkit to 2.0 — this may change font-loading/metrics behaviour and require font-related code adjustments. [1]
• Updated line-breaking library (linebreak → 1.1 in v0.16.0) and fixes to LineWrapper/precision (v0.17.0) — can change text layout/line wrapping in marginal cases. [1]
• Security / dependency updates (crypto-js updates in earlier releases) and internal API/behavioral changes (PDF/A, AcroForms, embedded files, tiling patterns, tables, rotatable text, dynamic sizing) — these add features and also change output semantics; review new PDF/A/AcroForm/table behaviors if you rely on specific PDF structure. [1][2]

Sources:

• PDFKit CHANGELOG (v0.13 → v0.17 entries). [1]
• PDFKit GitHub releases (v0.17.x tags). [2]

If you want, I can extract the exact changelog lines for each version (0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0/0.17.1/0.17.2) and show the precise text.

---

🏁 Script executed:

# Check git log for this change to see if it's part of current PR
git log --oneline -20 -- package.json | head -10

Repository: deepnote/vscode-deepnote

Length of output: 123

---

🏁 Script executed:

# Check when package-lock.json was last updated
stat package-lock.json | grep Modify

Repository: deepnote/vscode-deepnote

Length of output: 110

---

🏁 Script executed:

# See if pdfkit version in lockfile is 0.17.0
grep -A 3 '"pdfkit":' package-lock.json | head -10

Repository: deepnote/vscode-deepnote

Length of output: 323

---

🏁 Script executed:

# Search for pdfkit usage in codebase
rg -i "pdfkit|PDFDocument" --type ts --type js -n | head -30

Repository: deepnote/vscode-deepnote

Length of output: 1471

---

🏁 Script executed:

# Check for .write() method calls (removed in 0.15.0)
rg "\.write\(" --type ts --type js -n | grep -i pdf || echo "No .write() calls found"

Repository: deepnote/vscode-deepnote

Length of output: 50382

---

🏁 Script executed:

# Check Node.js version target in tsconfig or package.json
grep -E "(engines|target|node)" package.json tsconfig.json 2>/dev/null | head -20

Repository: deepnote/vscode-deepnote

Length of output: 2603

---

🏁 Script executed:

# Look for any PDF-related code that might use fontkit or advanced features
find . -name "*.ts" -o -name "*.js" | xargs grep -l "pdfkit\|PDFDocument" 2>/dev/null | head -5

Repository: deepnote/vscode-deepnote

Length of output: 202

---

Review pdfkit 0.17 upgrade for breaking changes and type misalignment

pdfkit between 0.13 and 0.17 has several breaking changes: Node.js < 18 dropped (v0.15), PDFDocument#write() removed (v0.15), fontkit upgraded to 2.0 (v0.16), and line-breaking behavior changes (v0.16–0.17). Meanwhile, @types/pdfkit remains at ^0.11.0, creating a 6+ minor version gap with the runtime.

Before merge, verify:

• The codebase doesn't use PDFDocument#write() or affected font/layout APIs
• TypeScript compilation succeeds with the version mismatch
• The plot export workflow (plotViewer.node.ts) produces valid PDFs