💣 deps: Upgrade dependency pdfjs-dist to v4 [SECURITY]. #928

renovate · 2024-05-07T11:08:14Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pdfjs-dist (source)	`~3.4.120` -> `~4.2.0`

GitHub Vulnerability Alerts

CVE-2024-4367

Impact

If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.

Patches

The patch removes the use of eval:
https://github.com/mozilla/pdf.js/pull/18015

Workarounds

Set the option isEvalSupported to false.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

Release Notes

mozilla/pdf.js (pdfjs-dist)

`v4.2.67`

Compare Source

This release includes a new JPX decoder, based on OpenJPEG, which improves JPX image rendering performance and correctness. Moreover, this release contains improvements for the annotation editor, font conversion and the viewer.

Note that text selection boxes for some PDF files may overlap visually. This is a known issue that we currently track in https://github.com/mozilla/pdf.js/issues/17561.

Changes since v4.1.392

Bump the stable version in pdfjs.config by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17924
Convert the history code to use proper private methods by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17925
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17927
Remove the tag for missing font subset when trying to find a substitution by @calixteman in https://github.com/mozilla/pdf.js/pull/17930
Fix resetting of cursor-tools when closing the document (PR 17464 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17933
Warn when a non-embedded font has an invalid name by @calixteman in https://github.com/mozilla/pdf.js/pull/17934
Remove the mkdirp dependency in favor of the built-in Node.js fs.mkdirSync by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17935
Improve type definitions for the viewer by @ex37 in https://github.com/mozilla/pdf.js/pull/17879
Fix the "must check that invisible fields are made visible" scripting integration test by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17940
Remove the rimraf dependency in favor of the built-in Node.js fs.rmSync in the test folder by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17938
[api-minor] Update the minimum supported Safari version to 16.4 by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17942
Fix the "must check that a field has the correct value when a choice is changed" scripting integration test by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17947
[api-minor] Add a jpx decoder based on OpenJPEG 2.5.2 by @calixteman in https://github.com/mozilla/pdf.js/pull/17946
Bump library version to 4.2 by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17949
Build the openjpeg-based decoder in a web environment in order to avoid issues when used in node by @calixteman in https://github.com/mozilla/pdf.js/pull/17954
Fix JpxImage API issues (PR 17946 follow-up) by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17951
[JPX] Throw an exception with the error messages returned by openjpeg by @calixteman in https://github.com/mozilla/pdf.js/pull/17956
[Editor] Provide an element to render in the annotation layer after a freetext has been edited (bug 1890535) by @calixteman in https://github.com/mozilla/pdf.js/pull/17914
Remove waitForTimeout usage from the helper functions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17966
Remove some event listeners with signal in the viewer by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17964
[Editor] Don't show the context menu when resizing by @calixteman in https://github.com/mozilla/pdf.js/pull/17973
Correctly update the xref table when an annotation is deleted by @calixteman in https://github.com/mozilla/pdf.js/pull/17970
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17972
Improve jpx decoding by around 20% in enabling simd support when compiling OpenJPEG by @calixteman in https://github.com/mozilla/pdf.js/pull/17983
[api-minor] Remove the image-related error message prefixes by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17979
Use the pdf.js warn when using jpx decoder by @calixteman in https://github.com/mozilla/pdf.js/pull/17985
Extend the globally cached image main-thread copying to "complex" images as well (PR 17428 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17978
Update JpxImage.parseImageProperties to support TypedArray data in IMAGE_DECODERS builds by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17977
Add signal-support in the EventBus, and utilize it in the viewer (PR 17964 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17967
Set correctly the change property for the event triggered when a choice list is changed by @calixteman in https://github.com/mozilla/pdf.js/pull/17999
Remove all waitForTimeout usage from the annotation integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17969
Validate explicit destinations on the worker-thread to prevent DataCloneError (issue 17981) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17984
Allow to insert several annotations under the same parent in the structure tree by @calixteman in https://github.com/mozilla/pdf.js/pull/17986
Always enable smoothing when rendering downscaled image by @calixteman in https://github.com/mozilla/pdf.js/pull/17868
Simplify the way to pass the glyph drawing instructions from the worker to the main thread by @calixteman in https://github.com/mozilla/pdf.js/pull/18015
Validate additional font-dictionary properties by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/18014
Add more validation of width-data by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/18017
Reduce code-duplication when caching data in CompiledFont.getPathJs by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/18018
Re-factor SimpleLinkService to extend PDFLinkService by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/18013
[api-minor] Move the page reference/number caching into the API by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/18001

`v4.1.392`

Compare Source

This release features improvements, bugfixes and optimizations for accessibility, annotation rendering, annotation editing, font rendering, form handling, image rendering, text selection and the viewer.

Note that text selection boxes for some PDF files may overlap visually. This is a known issue that we currently track in #17561.

Changes since v4.0.379

Bump the stable version in pdfjs.config by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17474
[Editor] Take into account the crop box when saving/printing some highlighted text (bug 1872721) by @calixteman in https://github.com/mozilla/pdf.js/pull/17475
Update Puppeteer to version 21.7.0 by @calixteman in https://github.com/mozilla/pdf.js/pull/17477
Avoid to have the text layer mismatching the rendered text with mismatching locales (bug 1869001) by @calixteman in https://github.com/mozilla/pdf.js/pull/17476
Preserve the whitespaces when getting text from FreeText annotations (bug 1871353) by @calixteman in https://github.com/mozilla/pdf.js/pull/17458
[Editor] Init the default highlight color before creating the first editor instance by @calixteman in https://github.com/mozilla/pdf.js/pull/17481
Update packages and translations by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17482
Remove terminal white spaces when extracting text from annotation appearances by @calixteman in https://github.com/mozilla/pdf.js/pull/17487
Bump follow-redirects from 1.15.3 to 1.15.4 by @dependabot in https://github.com/mozilla/pdf.js/pull/17494
[Editor] Don't throw when changing the color of an invisible highlight by @calixteman in https://github.com/mozilla/pdf.js/pull/17498
[Editor] Move the code to generate the SVG path from draw_layer.js to outliner.js by @calixteman in https://github.com/mozilla/pdf.js/pull/17499
[Editor] Correctly serialize highlight data (regression from #17499) by @calixteman in https://github.com/mozilla/pdf.js/pull/17501
[api-minor] Validate the workerPort/workerSrc options by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17504
Add note about running npm install on MacOS by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/17490
Bump library version to 4.1 by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17507
Update gulp-cli to 2.3.0 and explicitly add it as a dependency by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/17489
Consistently remove the "visibilitychange" listener in PDFViewer (PR 14388 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17508
Update l10n files by @calixteman in https://github.com/mozilla/pdf.js/pull/17513
[Editor] Extract all the lines when adding a FreeText annotation by @calixteman in https://github.com/mozilla/pdf.js/pull/17511
Take into account empty lines when extracting text content from the appearance by @calixteman in https://github.com/mozilla/pdf.js/pull/17512
[Editor] Draw a line instead of a Bezier curve when an Ink has only one point by @calixteman in https://github.com/mozilla/pdf.js/pull/17514
[Editor] Slightly simplify the serialization of an highlight annotation by @calixteman in https://github.com/mozilla/pdf.js/pull/17517
[Editor] Make editors draggable with touchscreens by @calixteman in https://github.com/mozilla/pdf.js/pull/17519
Add the font Linux Libertine as a possible substitution for Times New Roman by @calixteman in https://github.com/mozilla/pdf.js/pull/17405
Format json files in using prettier by @calixteman in https://github.com/mozilla/pdf.js/pull/17525
[Editor] Avoid an exception when pressing space key to change the color of an highlight by @calixteman in https://github.com/mozilla/pdf.js/pull/17527
Exclude the web/locale/ folder from linting (PR 17525 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17529
[Editor] Avoid to move a non-draggable editor with the keyboard by @calixteman in https://github.com/mozilla/pdf.js/pull/17528
[Editor] Add the ability to make a free highlight (i.e. without having to select some text) (bug 1856218) by @calixteman in https://github.com/mozilla/pdf.js/pull/17506
[Editor] Change the arrow direction when the dropdown is visible in the color picker (bug 1875357) by @calixteman in https://github.com/mozilla/pdf.js/pull/17534
Make the caret visible in the text layer in caret browsing mode by @calixteman in https://github.com/mozilla/pdf.js/pull/17533
[Editor] Add support for printing/saving free highlight annotations by @calixteman in https://github.com/mozilla/pdf.js/pull/17531
Remove the isArrayBuffer helper function by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17537
Update packages and translations by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17544
Ignore auto-formatting patches in git blame by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17546
Remove DNS resolver workaround from the test framework by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17547
[Editor] Unselect highlights when the user click on the text layer (bug 1869767) by @calixteman in https://github.com/mozilla/pdf.js/pull/17543
Use the original value of a field when propagating event (fixes #17540) by @calixteman in https://github.com/mozilla/pdf.js/pull/17541
[Editor] Don't add the keyboard listener on the color-picker each time the dropdown menu is shown by @calixteman in https://github.com/mozilla/pdf.js/pull/17539
Avoid to have focused tests in using eslint-plugin-jasmine by @calixteman in https://github.com/mozilla/pdf.js/pull/17548
Use shorter arrow functions where possible by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17550
Add more async code when loading fonts in the PartialEvaluator by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17553
Don't ignore test.mjs child process exit codes in the Gulpfile by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17555
Ensure that EvaluatorPreprocessor.opMap has a null-prototype (issue 17554) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17556
Print correctly documents containing chars with an unicode greater than 0xFFFF (bug 1669097) by @calixteman in https://github.com/mozilla/pdf.js/pull/17558
Add more async code in the PartialEvaluator by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17562
Replace the webpack+acorn transform with a Babel plugin by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/17563
[Editor] Update the parameters in the UI of the last selected editor when undoing/redoing by @calixteman in https://github.com/mozilla/pdf.js/pull/17564
[Editor] Add the possibility to change the thickness of a free highlight (bug 1876096) by @calixteman in https://github.com/mozilla/pdf.js/pull/17568
Fix unreferenced CSS variables (PR 17533 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17578
Reduce memory use and improve perfs when computing the bounding box of a bezier curve (bug 1875547) by @calixteman in https://github.com/mozilla/pdf.js/pull/17574
[Editor] Change the icon to add a FreeText annotation (bug 1876564) by @calixteman in https://github.com/mozilla/pdf.js/pull/17580
Fix the textLayer-opacity when using the FontInspector (PR 17533 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17587
[Editor] Change the cursors for highlighting (bug 1876588) by @calixteman in https://github.com/mozilla/pdf.js/pull/17581
[Editor] Add a tooltip to the slider to set the thickness of free highlights by @calixteman in https://github.com/mozilla/pdf.js/pull/17582
Re-factor DefaultExternalServices into a regular class, without static methods by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17588
Update dependencies/translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17590
Re-enable the should compress and save text unit-test (issue 17399) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17591
[GENERIC viewer] Generate the fileInput DOM-element dynamically by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17592
Move the debuggerSrc-parameter into the AppOptions by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17593
Fix transform of unary expression in Babel plugin by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/17596
[Editor] Update highlight cursors by @calixteman in https://github.com/mozilla/pdf.js/pull/17598
[Editor] Remove the outline which is inside the free highlight shape by @calixteman in https://github.com/mozilla/pdf.js/pull/17586
[Editor] Fix the position of the free highlight toolbar by @calixteman in https://github.com/mozilla/pdf.js/pull/17602
Ensure that GenericL10n works if the locale files cannot be loaded by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17603
Initialize the ExternalServices-instance lazily in the viewer (PR 17588 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17604
Change file permissions for newly added cursors by @calixteman in https://github.com/mozilla/pdf.js/pull/17605
Make downloadManager optional in AnnotationLayerParameters by @wojtekmaj in https://github.com/mozilla/pdf.js/pull/17608
Point the development mode fallback locale-path to the l10n-folder (issue 17609, PR 17603 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17610
Use a limit, in more places, when splitting strings by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17619
Simplify the signature of the PDFDataTransportStream constructor by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17620
Implement caret browsing mode (bug 807730) by @calixteman in https://github.com/mozilla/pdf.js/pull/17611
[Editor] Set the right color to size samples in the highlight thickness panelwhen in HCM (bug 1879107) by @calixteman in https://github.com/mozilla/pdf.js/pull/17638
[Editor] Correctly rotate the mask when rotation a free highlight (bug 1879102) by @calixteman in https://github.com/mozilla/pdf.js/pull/17639
Remove support for require statements from the build system by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17634
[Editor] Compute the position of the last point before applying rotation (bug 1879113) by @calixteman in https://github.com/mozilla/pdf.js/pull/17643
Update quickjs to 3f81070 by @calixteman in https://github.com/mozilla/pdf.js/pull/17645
Break import cycles, in the viewer, for PDFViewerApplication by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17646
Update translations and dependencies to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17655
Prevent duplicate names in unit/integration tests by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17657
Enable the no-new-symbol and require-yield ESLint rules by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17658
[Editor] Disable the thickness slider for non-free highlight by @calixteman in https://github.com/mozilla/pdf.js/pull/17652
[Editor] Add a way to highlight text in using the keyboard (bug 1877426) by @calixteman in https://github.com/mozilla/pdf.js/pull/17650
Revert "Remove the enableStampEditor preference" (bug 1879588) by @calixteman in https://github.com/mozilla/pdf.js/pull/17651
Remove empty, top-level, nodes in the Babel plugin by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17647
Modernize the webserver code (part 1) by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17661
[Editor] Set rotated free highlight at the right position after having changed its thickness (bug 1879108) by @calixteman in https://github.com/mozilla/pdf.js/pull/17662
Tweak the issue 11878 unit-test parsing time check (PR 17428 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17663
[Editor] Ends a free highlight where the mouse pointer is (bug 1879281) by @calixteman in https://github.com/mozilla/pdf.js/pull/17664
Skip any whitespace after the first object in linearized PDFs (issue 17665) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17666
When updating, write the xref table in the same format as the previous one (bug 1878916) by @calixteman in https://github.com/mozilla/pdf.js/pull/17636
Move the __non_webpack_import__ re-writing into the Babel plugin by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17637
Fix the endoffset of the last glyph when it's followed by a null offset in the loca table by @calixteman in https://github.com/mozilla/pdf.js/pull/17674
Access PDFViewerApplication.findBar safely in more spots (PR 15831 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17676
Add a dummy beginMarkedContentProps operator when optional content parsing fails (issue 17679) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17680
Change PDFPrintServiceFactory.createPrintService to take a parameter object by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17667
Remove unneeded tweakWebpackOutput usage in the gulpfile (PR 17637 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17678
Tweak the parseMinified handling slightly in the gulpfile by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17681
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17685
Modernize the webserver code (part 2) by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17684
Run minification directly during Webpack building by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17686
Disable source-map generation in the minified builds (PR 17686 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17687
Avoid to access to a missing cidSystemInfo property by @calixteman in https://github.com/mozilla/pdf.js/pull/17690
[Editor] Avoid to scroll when an editor is unselected by @calixteman in https://github.com/mozilla/pdf.js/pull/17688
[Editor] Disable annotation layer when highlighting (bug 1868759) by @calixteman in https://github.com/mozilla/pdf.js/pull/17702
[Editor] Add the possibility to query some ML stuff to guess an alt text for an image by @calixteman in https://github.com/mozilla/pdf.js/pull/17701
[Editor] Add the possibility to create an highlight from the context menu when some text is selected (bug 1867739) by @calixteman in https://github.com/mozilla/pdf.js/pull/17708
[Editor] In caret browsing mode, get the caret position in the text layer (bug 1881692) by @calixteman in https://github.com/mozilla/pdf.js/pull/17719
Tweak how the hexNumbers Array, used by Util.makeHexColor, is built by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17718
Fix the string GlobalConstants.IDS_INVALID_DATE by @calixteman in https://github.com/mozilla/pdf.js/pull/17722
[Editor] In caret browsing mode, allow to select in pressing shift and arrow down (bug 1881802) by @calixteman in https://github.com/mozilla/pdf.js/pull/17720
Avoid to have to wait to zoom after scrolling by @calixteman in https://github.com/mozilla/pdf.js/pull/17724
Update puppeteer to 22.3.0 by @calixteman in https://github.com/mozilla/pdf.js/pull/17733
Always add links in the annotation layer by @calixteman in https://github.com/mozilla/pdf.js/pull/17738
[Editor] Add some telemetry for the highlight feature (bug 1866437) by @calixteman in https://github.com/mozilla/pdf.js/pull/17737
[Editor] Count the colors used when highlighting whatever the highlight kind is by @calixteman in https://github.com/mozilla/pdf.js/pull/17748
Inline the HighlightEditor.#telemetryType getter at its only call-site (PR 17748 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17750
[Editor] Add the possibility to move the caret with the keyboard once an highlight has been made (bug 1881684) by @calixteman in https://github.com/mozilla/pdf.js/pull/17755
[Editor] Make the delete button clickable with the space key (bug 1882248) by @calixteman in https://github.com/mozilla/pdf.js/pull/17756
[Editor] Enable the thickness input when no editors are selected (bug 1881219) by @calixteman in https://github.com/mozilla/pdf.js/pull/17757
Simplify the XMLHttpRequest-branch in the fetchData helper function (PR 17277 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17710
[Editor] Fix the quadpoints value when serializing an highlight annotation by @calixteman in https://github.com/mozilla/pdf.js/pull/17760
[Editor] Indicate if the highlight-thickness slider is disabled by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17761
[Editor] Set the creation method for free highlights to 'main_toolbar' (bug 1883394) by @calixteman in https://github.com/mozilla/pdf.js/pull/17768
[Editor] Unselect highlight editor when pressing Escape when the focus is on the color picker without a dropdown menu by @calixteman in https://github.com/mozilla/pdf.js/pull/17766
[Editor] Use a null instead of an empty stats object when sending the telemetry by @calixteman in https://github.com/mozilla/pdf.js/pull/17764
Don't stringify data for telemetry by @calixteman in https://github.com/mozilla/pdf.js/pull/17772
[GeckoView] Remove the open-in-app button (bug 1832519) by @calixteman in https://github.com/mozilla/pdf.js/pull/17771
[Editor] Let a free highlight be clipped when its bounding box exceeds the page limits (bug 1883632) by @calixteman in https://github.com/mozilla/pdf.js/pull/17775
[Annotations] Widget annotations must be in front of the other ones (bug 1883609) by @calixteman in https://github.com/mozilla/pdf.js/pull/17776
In the m-c automation, give the possibility to remove window listeners when a test ended by @calixteman in https://github.com/mozilla/pdf.js/pull/17767
[Editor] Add a toggle button to show/hide all the highlights (bug 1867740) by @calixteman in https://github.com/mozilla/pdf.js/pull/17778
[Editor] Make sure the alt-text button is there when pasting an image from an other tab by @calixteman in https://github.com/mozilla/pdf.js/pull/17781
Use the Fetch API to download the l10n files by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17711
[Editor] Improve the accessibility of the highlight editor (bug 1881743) by @calixteman in https://github.com/mozilla/pdf.js/pull/17788
[api-minor] Implement basic support for OptionalContent Usage dicts (issue 5764, bug 1826783) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17726
Combine a few lines in the dist-pre target (PR 17681 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17717
[Editor] Add a floating button close to the selected text to highlight it (bug 1867742) by @calixteman in https://github.com/mozilla/pdf.js/pull/17732
Use fs/promises in the Node.js-specific code in the src/-folder by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17714
Add better validation for the "PREFERENCE" kind AppOptions by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17694
When zooming the scrollbar can disappear and then no scrollend is triggered by @calixteman in https://github.com/mozilla/pdf.js/pull/17793
Bump follow-redirects from 1.15.4 to 1.15.6 by @dependabot in https://github.com/mozilla/pdf.js/pull/17799
Don't render corrupted inlined images by @calixteman in https://github.com/mozilla/pdf.js/pull/17795
Update packages and translations by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17800
[Editor] Fix the rect used to click in some freetext integration tests by @calixteman in https://github.com/mozilla/pdf.js/pull/17802
[api-minor] Use the Fetch API, when supported, to load PDF documents in Node.js environments by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17706
[Editor] Make the text layer focusable before the editors (bug 1881746) by @calixteman in https://github.com/mozilla/pdf.js/pull/17790
Don't hide the editor layer when rotating (follow-up of #17802) by @calixteman in https://github.com/mozilla/pdf.js/pull/17809
Simplify the copy & paste integration test by @calixteman in https://github.com/mozilla/pdf.js/pull/17811
Move the alias-building out of the createWebpackConfig function by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17691
[Editor] Make sure the text in the mark has null dimensions to avoid to see a meaningless rectangle in voiceover (bug 1886427) by @calixteman in https://github.com/mozilla/pdf.js/pull/17814
Avoid wrong scrolling when calling zoomReset by @calixteman in https://github.com/mozilla/pdf.js/pull/17817
Allow listening for preference changes in the Firefox PDF viewer (bug 1886586) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17818
Remove PDFViewerApplication.initPassiveLoading and directly invoke the open-method from the extension-specific code by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17813
[Editor] Add a label to the highight floating button readable with NVDA (bug 1886964) by @calixteman in https://github.com/mozilla/pdf.js/pull/17825
Update puppeteer to 22.6.0 by @calixteman in https://github.com/mozilla/pdf.js/pull/17831
[Editor] Fix undoing an editor deletion (bug 1886959) by @calixteman in https://github.com/mozilla/pdf.js/pull/17823
Update the Path2D polyfill for Node.js environments by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17830
Add alternative text to annotation if any by @calixteman in https://github.com/mozilla/pdf.js/pull/17835
[Editor] Add a divider before the show all button by @calixteman in https://github.com/mozilla/pdf.js/pull/17827
Increase the maxCanvasPixels value to 2 ** 25 by @calixteman in https://github.com/mozilla/pdf.js/pull/17837
A couple of small tweaks of the BasePreferences class by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17842
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17844
[Editor] Correctly handle lines when pasting some text in a freetext by @calixteman in https://github.com/mozilla/pdf.js/pull/17852
[api-minor] Update the minimum supported Google Chrome version to 98 by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17851
Add better support for /Launch actions with /FileSpec dictionaries (issue 17846) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17847
Display outlines even if one has no title by @calixteman in https://github.com/mozilla/pdf.js/pull/17857
Ensure that Mesh /Shadings have non-zero width/height (issue 17848) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17858
Remove the addWindowResolutionChange listener unconditionally (PR 17767 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17865
Avoid useless CSS animation when nothing is done (bug 1888657) by @calixteman in https://github.com/mozilla/pdf.js/pull/17855
Limit all compatibilityParams handling to the GENERIC viewer by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17861
[api-minor] Replace the PromiseCapability with Promise.withResolvers() by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17854
Don't translate char codes when platform,encoding isn't (3,0) by @calixteman in https://github.com/mozilla/pdf.js/pull/17810
Update the current stride before composing when decoding a text region by @calixteman in https://github.com/mozilla/pdf.js/pull/17875
[Editor] Remove the mark from the highlight element and set its role to mark (bug 1889623) by @calixteman in https://github.com/mozilla/pdf.js/pull/17885
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17880
Fix annotation border style parsing by handling empty dash arrays by @timvandermeij in https://github.com/mozilla/pdf.js/pull/17905
Convert the thumbnail view(er) code to use proper private methods by @timvandermeij in [https://github.com/Convert the thumbnail view(er) code to use proper private methods mozilla/pdf.js#17891](https://redirect.github

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the security This issue is about the overall security of the application label May 7, 2024

renovate bot requested a review from make-github-pseudonymous-again as a code owner May 7, 2024 11:08

renovate bot temporarily deployed to Snyk May 7, 2024 11:08 Inactive

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 764d731 to a0fb753 Compare May 11, 2024 13:50

renovate bot temporarily deployed to Snyk May 11, 2024 13:50 Inactive

make-github-pseudonymous-again mentioned this pull request May 11, 2024

Upgrade pdfjs-dist to v4 #936

Draft

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from a0fb753 to 875aa62 Compare May 14, 2024 01:03

renovate bot temporarily deployed to Snyk May 14, 2024 01:03 Inactive

make-github-pseudonymous-again added technology/pdf This has to do with leveraging the portable document format. dependencies Pull requests that update a dependency file deps This issue has to do with dependencies labels May 14, 2024

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 875aa62 to 9c37f22 Compare May 14, 2024 02:37

renovate bot temporarily deployed to Snyk May 14, 2024 02:37 Inactive

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 9c37f22 to b0c1c0a Compare May 14, 2024 08:11

renovate bot temporarily deployed to Snyk May 14, 2024 08:11 Inactive

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from b0c1c0a to f92a98e Compare May 14, 2024 08:54

renovate bot temporarily deployed to Snyk May 14, 2024 08:54 Inactive

make-github-pseudonymous-again added the waiting-for-upstream This issues needs an update from upstream before it can be resolved. label May 22, 2024

💣 deps: Upgrade dependency pdfjs-dist to v4 [SECURITY].

f55bcc8

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from f92a98e to f55bcc8 Compare June 4, 2024 23:18

renovate bot temporarily deployed to Snyk June 4, 2024 23:18 Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

💣 deps: Upgrade dependency pdfjs-dist to v4 [SECURITY]. #928

💣 deps: Upgrade dependency pdfjs-dist to v4 [SECURITY]. #928

renovate bot commented May 7, 2024 •

edited

Loading

💣 deps: Upgrade dependency pdfjs-dist to v4 [SECURITY]. #928

Are you sure you want to change the base?

💣 deps: Upgrade dependency pdfjs-dist to v4 [SECURITY]. #928

Conversation

renovate bot commented May 7, 2024 • edited Loading

GitHub Vulnerability Alerts

CVE-2024-4367

Impact

Patches

Workarounds

References

Release Notes

v4.2.67

Changes since v4.1.392

v4.1.392

Changes since v4.0.379

Configuration

renovate bot commented May 7, 2024 •

edited

Loading

`v4.2.67`

`v4.1.392`