Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump pdfjs-dist and react-pdf #8023

Merged
merged 2 commits into from
Jun 26, 2024
Merged

Bump pdfjs-dist and react-pdf #8023

merged 2 commits into from
Jun 26, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 12, 2024

Bumps pdfjs-dist to 4.3.136 and updates ancestor dependency react-pdf. These dependencies need to be updated together.

Updates pdfjs-dist from 3.11.174 to 4.3.136

Commits

Updates react-pdf from 7.7.3 to 9.0.0

Release notes

Sourced from react-pdf's releases.

v9.0.0

See Upgrade guide from version 8.x to 9.x.

This version updates PDF.js to 4.3.136, fixing GHSA-wgrm-67xf-hhpq for good. React-PDF v8.0.2 and v7.7.3 have already included a mitigation of the issue and thus were not affected by this vulnerability, but caused automatic security alerts due to the outdated PDF.js version.

❗️ = breaking change

What's new?

  • Updated PDF.js to 4.3.136.
    • Optimizations for CPU and memory usage
    • Performance improvements
    • Image rendering improvements
    • Text selection improvements
    • Accessibility improvements
    • Font conversion improvements
    • Handling of corrupted documents
  • Improved Turbopack compatibility.

What's changed?

  • ❗️ PDF.js worker extension has been changed from .js to .mjs.
  • ❗ PDF.js is now an ESM module.
    • In particular, you may encounter issues running unit tests using Jest. Consider migrating to Vitest.
    • Next.js also have issues with ESM Workers, but a working configuration is already known - see Upgrade guide and updated samples.
  • ❗️ Removed deprecated svg renderMode.
  • ❗️ Dropped support for older browsers and Node.js versions. In particular, you may need Promise.withResolvers polyfill when running Node.js versions older than 22.0.0.

v8.0.2

Bug fixes

v8.0.1

This version shipped an incorrect fix for a security vulnerability and thus has been deprecated.

Bug fixes

v8.0.0

See Upgrade guide from version 7.x to 8.x.

❗️ = breaking change

What's new?

  • Added support for React 19.

... (truncated)

Commits
  • 52fd082 v9.0.0
  • 6881c82 Update docs on compatibility
  • 5544c3b Remove forced isEvalSupported value
  • b83b127 Update pdfjs-dist to 4.3.136
  • fc0343c Remove workaround for wrong downloadManager type
  • 2ba89d8 Add Promise.withResolvers polyfill
  • 62a7368 [breaking] Update pdfjs-dist to 4.2.67
  • c31e769 [breaking] Update pdfjs-dist to 4.0.379
  • 3007e58 Replace global with globalThis
  • 6bfef4b Use new syntax for notes
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump pdfjs-dist and react-pdf
ac6bf2d 
Bumps [pdfjs-dist](https://github.com/mozilla/pdfjs-dist) to 4.3.136 and updates ancestor dependency [react-pdf](https://github.com/wojtekmaj/react-pdf/tree/HEAD/packages/react-pdf). These dependencies need to be updated together.


Updates `pdfjs-dist` from 3.11.174 to 4.3.136
- [Commits](https://github.com/mozilla/pdfjs-dist/commits)

Updates `react-pdf` from 7.7.3 to 9.0.0
- [Release notes](https://github.com/wojtekmaj/react-pdf/releases)
- [Commits](https://github.com/wojtekmaj/react-pdf/commits/v9.0.0/packages/react-pdf)

---
updated-dependencies:
- dependency-name: pdfjs-dist
  dependency-type: indirect
- dependency-name: react-pdf
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner June 12, 2024 06:23
@vercel Vercel
Copy link

vercel bot commented Jun 12, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
care-storybook ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 26, 2024 1:14pm

@netlify Netlify
Copy link

netlify bot commented Jun 12, 2024
edited
Loading

Deploy Preview for care-egov-staging ready!

Name Link
🔨 Latest commit 74a59f1
🔍 Latest deploy log https://app.netlify.com/sites/care-egov-staging/deploys/667c1423749a5d0008965bad
😎 Deploy Preview https://deploy-preview-8023--care-egov-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@github-actions GitHub Actions
Copy link

Hi, This pr has been automatically marked as stale because it has not had any recent activity. It will be automatically closed if no further activity occurs for 7 more days. Thank you for your contributions.

@github-actions github-actions bot added the stale label Jun 20, 2024
@cypress Cypress
Copy link

cypress bot commented Jun 26, 2024

Passing run #2798 ↗︎

0 126 0 0 Flakiness 0

Details:

Bump pdfjs-dist and react-pdf
Project: CARE Commit: 74a59f1691
Status: Passed Duration: 02:59 💡
Started: Jun 26, 2024 1:19 PM Ended: Jun 26, 2024 1:22 PM

Review all test suite changes for PR #8023 ↗︎

@khavinshankar khavinshankar merged commit 7cd5506 into develop Jun 26, 2024
62 checks passed
@khavinshankar khavinshankar deleted the dependabot/npm_and_yarn/multi-ccc2d99898 branch June 26, 2024 13:22
@github-actions GitHub Actions
Copy link

@dependabot[bot] Your efforts have helped advance digital healthcare and TeleICU systems. 🚀 Thank you for taking the time out to make CARE better. We hope you continue to innovate and contribute; your impact is immense! 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khavinshankar khavinshankar khavinshankar approved these changes

Assignees
No one assigned
Labels
dependencies npm stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@khavinshankar