Recent Commits to jsPDF:master

Bump serialize-javascript and @rollup/plugin-terser (#3966)

Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 7.0.4 and updates ancestor dependency [@rollup/plugin-terser](https://github.com/rollup/plugins/tree/HEAD/packages/terser). These dependencies need to be updated together.


Updates `serialize-javascript` from 6.0.2 to 7.0.4
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v6.0.2...v7.0.4)

Updates `@rollup/plugin-terser` from 0.4.4 to 1.0.0
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/terser/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/beep-v1.0.0/packages/terser)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version: 7.0.4
  dependency-type: indirect
- dependency-name: "@rollup/plugin-terser"
  dependency-version: 1.0.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

4.2.1

Merge commit from fork

* Fix FreeText annotation style string escaping

* Remove dist artifacts from FreeText fix PR

* Harden FreeText color: add hex validation, fix double #, expand tests

- Validate color as hex pattern (3-8 hex chars), fallback to 000000
  for non-hex input as defense-in-depth alongside pdfEscape
- Strip leading # before concatenation to prevent double ## in output
- Add tests: injection rejection, backslash bypass, valid hex colors,
  double # prevention, non-hex fallback

* Update freetext.pdf reference for double # fix

The reference file had color:##ff0000 (double #) which was
a pre-existing bug. Now that we strip the leading # before
concatenation, the output is color:#ff0000 and the reference
must match.

* Revert "Update freetext.pdf reference for double # fix"

This reverts commit b6139558ededb872a663f62898d68f0f2d35bde5.

* Revert "Harden FreeText color: add hex validation, fix double #, expand tests"

This reverts commit 0b8baf967c5089ec40f0a86c3d59cb47fcc0823e.

---------

Co-authored-by: Doruk <peak@peaktwilight.com>
Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>

Merge commit from fork

* Fix popup rendering for new window outputs

* Encode filename in data URI, add edge case tests

- Encode options.filename in datauristring to prevent data URI
  structure corruption via semicolons/commas
- Add tests: SRI on default pdfobject URL, data URI filename encoding,
  malicious pdfJsUrl attribute injection attempt

* Fix SRI test: split into default and custom URL cases

The previous test claimed to cover both default and custom URL
paths but only checked the default. Now split into two separate
tests that each verify what they claim.

---------

Co-authored-by: Doruk <peak@peaktwilight.com>

Bump minimatch from 3.1.2 to 3.1.5 (#3961)

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>

Bump rollup from 2.79.2 to 2.80.0 (#3960)

Bumps [rollup](https://github.com/rollup/rollup) from 2.79.2 to 2.80.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 2.80.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>