Brian Sweeney

> What do you think about updating the composer.json to require 0.5.2 as the minimum version and releasing a new minor version? Version 3.0.0 is pretty much ready to go...

I'll need to contact Github regardless since, apparently, there is no patched version listed.

I'm not saying I won't release 2.0.5 just that I may need to contact Github to make sure it flows through to that advisory. Particularly if, as noted, roave is...

> I don't see why dompdf/dompdf has been marked as affected by this [Advisory](https://github.com/advisories/GHSA-97m3-52wr-xvv2)? > > dompdf allows tags for the affected package between 0.3.3 and 1.0.0 -- our composer.lock...

Thanks for watching and reporting back. I was waiting to see what would happen with that.

I was thinking of ... not? Since dependency managers should retrieve the patched release of SvgLib without issue. But if y'all want to see a minor release that bumps the...

FYI if you want to enforce a minimum SvgLib version with your Dompdf installation without specifying it in your composer you can upgrade to 2.0.7.

I have not yet reviewed this change. I'm thinking now I'll take a look at inclusion for the next release.

Not a bug. You're using the `$PAGE_NUM` variable to calculate the width. Presumably you're running this logic at the end of the document so, yes, the calculated value of `$x`...

Because you want to re-calculate the position on each page a [page script](https://github.com/dompdf/dompdf/wiki/Usage#page_script) would be more appropriate. I'd recommend not using embedded script if you can. Rewriting what you currently...