Merge commit from fork

Move module-level variables (text, jsNamesObj, jsJsObj) inside addJS
function scope to prevent data leakage when multiple jsPDF instances
call addJS() before save().

Fixes shared state vulnerability where docA.save() would contain
docB's script if docB.addJS() was called after docA.addJS().

Co-authored-by: root <root@DESKTOP-PC8VOAS.localdomain>

Author: KarimTantawey

src/modules/javascript.js

@@ -34,15 +34,19 @@ import { jsPDF } from "../jspdf.js";
  */
 (function(jsPDFAPI) {
   "use strict";
-  var jsNamesObj, jsJsObj, text;
   /**
    * @name addJS
    * @function
    * @param {string} javascript The javascript to be embedded into the PDF-file.
    * @returns {jsPDF}
    */
   jsPDFAPI.addJS = function(javascript) {
-    text = javascript;
+    // FIX: Move variables inside function scope to prevent shared state
+    // between multiple jsPDF instances
+    var jsNamesObj;
+    var jsJsObj;
+    var text = javascript;
+    
     this.internal.events.subscribe("postPutResources", function() {
       jsNamesObj = this.internal.newObject();
       this.internal.out("<<");