Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[breaking] Update pdfjs-dist to 4.2.67 #1774

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[breaking] Update pdfjs-dist to 4.2.67 #1774

wants to merge 4 commits into from

Conversation

wojtekmaj
Copy link
Owner

@wojtekmaj wojtekmaj commented Apr 30, 2024
edited

Closes #1664

Breaking changes (on top of #1690):

  • Raised minimum version of Safari to 16.4

Blockers:

  • No Node.js compatibility at the moment (lack of Promise.withResolvers support), which prevents us from running unit tests

@wojtekmaj
Copy link
Owner Author

This PR is currently breaking most setups that do not support top level await (including Vite - see code changes in test app in this PR). I consider this a deal breaker at the moment and therefore postpone merging it.

See mozilla/pdf.js#17349 for more details.

@wojtekmaj wojtekmaj force-pushed the pdfjs-dist-4.2.67 branch 3 times, most recently from 824f97e to 611a986 Compare April 30, 2024 11:13
@jacobshirley

This comment was marked as off-topic.

Sign in to view
@wojtekmaj

This comment was marked as off-topic.

Sign in to view
This was referenced May 7, 2024
Closed
Closed
@Hcrab2336
Copy link

@jacobshirley version 8.0.2 has been released to address the vulnerability.

@wojtekmaj Unfortunately, after updating react-pdf to version 8.0.2, the dependency pdfjs-dist is version 3.11.174 which is a vulnerable version and fails npm audits. Can pdfjs-dist be upgraded to 4.2.67? Thank you.

pdfjs-dist vulnerability
Affected versions
<= 4.1.392
Patched versions
4.2.67

GHSA-wgrm-67xf-hhpq

@wojtekmaj

This comment was marked as off-topic.

Sign in to view
@codeWriter6

This comment was marked as off-topic.

Sign in to view
@wojtekmaj

This comment was marked as off-topic.

Sign in to view
@wojtekmaj wojtekmaj force-pushed the main branch 2 times, most recently from 56a02ce to c15279d Compare May 8, 2024 07:02
@vik-buchinski

This comment was marked as off-topic.

Sign in to view
@wojtekmaj wojtekmaj force-pushed the main branch 4 times, most recently from d5c2c3b to f4d4d49 Compare May 8, 2024 07:20
@stevelizcano

This comment was marked as off-topic.

Sign in to view
@wojtekmaj
Copy link
Owner Author

wojtekmaj commented May 8, 2024
edited

Please read my announcement regarding security vulnerability in #1786 and please continue discussion regarding it there if needed.

Repository owner locked as too heated and limited conversation to collaborators May 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Usage of pdfjs-dist v4.0.189
6 participants
@wojtekmaj @jacobshirley @Hcrab2336 @codeWriter6 @vik-buchinski @stevelizcano