fix(deps): update dependency pdfjs-dist to v5 [security] #70

renovate · 2024-05-07T13:49:25Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pdfjs-dist (source)	`^3.0.0` -> `^5.0.0`

GitHub Vulnerability Alerts

CVE-2024-4367

Impact

If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.

Patches

The patch removes the use of eval:
https://github.com/mozilla/pdf.js/pull/18015

Workarounds

Set the option isEvalSupported to false.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

Release Notes

mozilla/pdf.js (pdfjs-dist)

`v5.1.91`

Compare Source

This release contains improvements for the annotation editor, font conversion, performance, SMask rendering and the viewer, as well as bugfixes and improvements after feedback on the initial PDF.js 5.0 release.

Changes since v5.0.375

Bump the stable version in pdfjs.config by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19663
Replace a few simple regular expressions in the XFA-code with string parsing by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19662
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19665
[api-minor] Attempt to support fetching the raw data of the PDF document from the PDFDocumentLoadingTask-instance (issue 15085) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19632
Bump library version to 5.1 by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19667
Don't get ICC color space files if required API options are missing by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19669
Fix the "Signature Editor Basic operations must check copy and paste" integration test by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19671
Remove documentation for unused l10n variable (PR 18492 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19673
For JPEG images with CMYK-data, ensure that the alpha-component is set correctly when WebAssembly is disabled (issue 19676) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19677
Introduce a fetchSync helper function for the IccColorSpace classes by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19675
Introduce more async code in the src/core/document.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19674
Improve addSignatureDescription/editSignatureDescription handling (issue 19683) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19684
[Editor] Take into account the parent rotation when switch to edit mode (issue #19424) by @calixteman in https://github.com/mozilla/pdf.js/pull/19685
Fix the MD5 computation in the src/core/writer.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19693
Improve the implementation in src/core/writer.js a little bit by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19692
Replace the setValues function with Array.prototype.fill() in the src/core/bidi.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19703
[api-minor] Add a basic AbortSignal.any polyfill in PDF.js legacy builds by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19681
Extend getSupplementalGlyphMapForCalibri with Pound-sign (issue 19695) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19696
Isolate the scripting integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19705
[api-minor] Use a Path2D when doing a path operation in the canvas (bug 1946953) by @calixteman in https://github.com/mozilla/pdf.js/pull/19689
Isolate the "move editor with arrows" freetext editor integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19706
Introduce Math.sumPrecise usage in the code-base by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19710
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19704
Fix save/restore while in smask mode by @calixteman in https://github.com/mozilla/pdf.js/pull/19708
Isolate the "create editor with keyboard" freetext editor integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19711
Take into account the path and the line width when consuming a stroked path by @calixteman in https://github.com/mozilla/pdf.js/pull/19715
Use the MathClamp helper function even more (PR 19617 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19714
Add new bounding-box helpers in Util to reduce code duplication by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19713
Take into account the group bbox by @calixteman in https://github.com/mozilla/pdf.js/pull/19716
Don't overwrite the global alpha when switching to smask mode (bug 1764587) by @calixteman in https://github.com/mozilla/pdf.js/pull/19717
In the struct tree a kid can be a reference to an MCID entry (issue #19694) by @calixteman in https://github.com/mozilla/pdf.js/pull/19702
Remove Array.prototype.reduce usage from the src/core/xfa/template.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19691
[api-minor] Enable enableAutoLinking by default by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19701
Pass the XRef-instance explicitly to the StructTreeRoot class, and simplify the StructElementNode.prototype.role getter by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19719
[Editor] Fix the border color of a tab panel in HCM (bug 1956110) by @calixteman in https://github.com/mozilla/pdf.js/pull/19722
[Editor] in the signature UI, disable the description input if there is no signature (bug 1956114) by @calixteman in https://github.com/mozilla/pdf.js/pull/19725
Use Util.rectBoundingBox more in the annotation code (PR 19713 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19726
[Editor] Set an aria-description for an added signature (bug 1956513) by @calixteman in https://github.com/mozilla/pdf.js/pull/19728
Update @fluent/dom to 0.10.1 by @calixteman in https://github.com/mozilla/pdf.js/pull/19730
Pre-apply the transform when building the Path2D objects for Type3-fonts by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19731
[Editor] Add a border to the undo button in the snackbar in order to make a contrast (bug 1952563) by @calixteman in https://github.com/mozilla/pdf.js/pull/19734
Spell "properly" in viewer integration-test names by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19740
Simplify handling of the color-parameter in TilingPattern (PR 4824 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19737
Shorten the PDFViewerApplication._initializeViewerComponents method by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19720
Reduce duplication when specifying the fn-operations in buildPaintImageXObject by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19739
[api-minor] Attempt to improve support for using the PDF.js builds with Vite by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19733
Apply char/word-spacing correctly for missing Type3-glyphs by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19735

`v5.0.375`

Compare Source

PDF.js 5.0 is a major release that contains a number of API changes, features and bugfixes.

The following significant new features are highlighted:

Improved JPEG 2000 decoding support
- The OpenJPEG decoder was moved into a separate .wasm file, which requires setting a new wasmUrl API option in order to use it; see PR https://github.com/mozilla/pdf.js/pull/19329.
- A (much slower) JavaScript OpenJPEG fallback decoder was added (also uses the wasmUrl API option) for environments without WebAssembly support; see PR https://github.com/mozilla/pdf.js/pull/19525.
Support for ICC profiles
- This requires WebAssembly support, and that the wasmUrl API option is set; see PR https://github.com/mozilla/pdf.js/pull/19564.
- Use an ICC profile to improve CMYK to RGB color conversion, which requires setting a new iccUrl API option in order to use it; see PR https://github.com/mozilla/pdf.js/pull/19620.
- Currently Lab profiles are not supported, which is tracked in bug 1717767.
Improved rendering of large pages in the viewer
- Render the currently visible portion of pages at full resolution, once we've reached the size limits and are falling back to CSS-zooming; see PR https://github.com/mozilla/pdf.js/pull/19128.
- Limit the maximum canvas dimensions, to avoid rendering breaking and canvases being empty; see PR https://github.com/mozilla/pdf.js/pull/19604.
Enable creation of hyperlinks, in the viewer, from text that look like URLs
- This is disabled by default because of some remaining issues, but can be enabled in the viewer with the enableAutoLinking option/preference; see PR https://github.com/mozilla/pdf.js/pull/19110.

The following significant changes are highlighted (which may require changes in third-party PDF.js implementations):

Addition of a couple of new CSS variables, that e.g. the text and annotation layers now depend upon; see PR https://github.com/mozilla/pdf.js/pull/19469.
Removal of a couple of old exceptions; see PR https://github.com/mozilla/pdf.js/pull/19264.

The complete list of changes in this release is shown below. If you're upgrading to PDF.js 5.0 we recommend checking the changes prefixed with [api-minor] and [api-major] since those might require updates to your code.

Changes since v4.10.38

Bump the stable version in pdfjs.config by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19276
Remove the getSelectedEditors integration test helper function by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19277
Use Dict iteration more (PR 19051 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19278
Skip LinkAnnotations when collecting field objects (issue 19281) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19289
Use the waitForUnselectedEditor integration test helper function more by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19290
Implement a commit helper function for the freetext integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19291
Let be more tolerant with predefined phone number format by @calixteman in https://github.com/mozilla/pdf.js/pull/19280
Update the toggle-button css after the changes in m-c (bug 1940085) by @calixteman in https://github.com/mozilla/pdf.js/pull/19295
Remove unused CSS variables by @calixteman in https://github.com/mozilla/pdf.js/pull/19300
Remove the fuzz tests (issue 19297) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19307
Access the bbox/background data correctly in the MeshShadingPattern class (issue 18816) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19305
[Editor] Set a unique id for each element in the draw layer by @calixteman in https://github.com/mozilla/pdf.js/pull/19309
[Editor] Don't try to use an non-existing canvas when rendering an in visible existing stamp editor by @calixteman in https://github.com/mozilla/pdf.js/pull/19311
[Editor] Improve zooming with a pinch gesture while drawing by @calixteman in https://github.com/mozilla/pdf.js/pull/19312
Update dependencies to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19313
Re-use existing helper functions in FontRendererFactory by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19317
Upgrade Puppeteer to version 24.0.0 by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19318
Improve performance when reading very large TrueType "cmap" tables (issue 19319) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19321
Enable editor when double-clicking on stamp annotation by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/19320
Access the number of components correctly in JPEG 2000 images with color space entries (issue 19326) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19327
Allow searching for number-number on two lines by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/19324
[api-major] Add openjpeg.wasm to pdf.js (bug 1935076) by @calixteman in https://github.com/mozilla/pdf.js/pull/19329
[api-major] Replace MissingPDFException and UnexpectedResponseException with one exception by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19264
Bump library version to 5.0 by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19332
Handle JPX wasm fetch-response errors correctly (PR 19329 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19333
Reduce console spam when running tests in Firefox by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19335
Handle the case where openjpeg.wasm is missing by @calixteman in https://github.com/mozilla/pdf.js/pull/19340
Simplify the JSDocs for the various getDocument Factory-parameters by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19331
Inline the default Factory-definitions in getDocument by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19341
Update dependencies to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19342
Implement helper functions for (un)selecting an editor in the integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19344
Centralize the editor selector definitions in the stamp editor integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19350
Centralize the editor selector definitions in the ink editor integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19351
Replace the EXIF-block with dummy data to prevent JPEG images being rotated (bug 1942064) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19356
Enable the import/no-restricted-paths ESLint plugin rule for the viewer by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19353
Support multiple wasm-files in the development viewer by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19337
Correctly render the glyph outline when it has a stroke pattern by @calixteman in https://github.com/mozilla/pdf.js/pull/19361
[Editor] Ensure that highlightSelection waits until we've fully updated the editing-mode (issue 19369) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19371
[GENERIC viewer] Re-initialize the viewer-toolbar ColorPicker for each PDF document by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19372
[Editor] Don't scroll when drawing (issue 17327) by @avdoseferovic in https://github.com/mozilla/pdf.js/pull/19338
[api-major] Change viewer component render-methods to take parameter objects by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19365
[Editor] Add validation for the target element of curve endpoints by @Hydraulicus in https://github.com/mozilla/pdf.js/pull/19373
Bump undici from 6.19.8 to 6.21.1 by @dependabot in https://github.com/mozilla/pdf.js/pull/19382
Remove unused isInEditingMode method (PR 19311 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19381
Enable the "checks that the viewer re-exports the expected API functionality" unit-test in Node.js by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19358
[api-minor] Simplify clean-up of page resources after rendering by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19368
Handle empty BigInt64Array/BigUint64Array in the isNumberArray helper by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19384
Introduce a readInt16 helper function in the src/core/core_utils.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19388
Support the password field-flag in TextWidgetAnnotation (issue 19389) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19390
[Editor] (WIP) Add a new tool in order to add an handwritten signature to a pdf (bug 1942343) by @calixteman in https://github.com/mozilla/pdf.js/pull/19339
Initialize the image-options, on the worker-thread, once per document by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19392
Use fewer hasFieldFlag calls in the src/core/annotation.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19393
Move the array containing the supported image mime types in display_utils by @calixteman in https://github.com/mozilla/pdf.js/pull/19394
Avoid to remove the active overlay when a cancelled dialog (like the file picker) was called from a dialog by @calixteman in https://github.com/mozilla/pdf.js/pull/19395
[Editor] Add some functions in order to extract contours from text and to generate a drawing from a drawn signature by @calixteman in https://github.com/mozilla/pdf.js/pull/19396
Add width/height getters in the Annotation class by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19397
Add width/height getters in the AnnotationElement class by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19402
Replace uninformative README badge (issue 19406) by @hamirmahal in https://github.com/mozilla/pdf.js/pull/19407
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19404
Centralize the editor selector definitions in the highlight editor integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19405
Remove the color-mix fallback used with PopupAnnotations by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19408
Centralize the editor selector definitions in the freetext editor integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19410
Bundle wasm-files in pdfjs-dist (PR 19329 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19415
[api-minor] Add more validation for the cMapUrl, standardFontDataUrl, and wasmUrl parameters by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19416
[Editor] Add a new dialog for the signature editor (bug 1945574) by @calixteman in https://github.com/mozilla/pdf.js/pull/19414
Enable automatic URL linking (bug 1019475) by @ryzokuken in https://github.com/mozilla/pdf.js/pull/19110
Enable autolinking in Firefox (bug 1019475) by @calixteman in https://github.com/mozilla/pdf.js/pull/19429
Fix --save-warning-color CSS variable typo (PR 19414 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19431
[GENERIC viewer] Add Fluent PLATFORM function (PR 19414 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19430
Use the FeatureTest helper in the src/display/font_loader.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19432
[Editor] Add an icon for the signature tool and move it before the highlight one by @calixteman in https://github.com/mozilla/pdf.js/pull/19433
Disable the "Blank issue" alternative when using the GitHub "New issue"-button by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19419
Use the getPdfColorArray helper more in the src/core/annotation.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19423
Combine the main-thread message handlers for CMap-, StandardFontData-, and Wasm-files by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19436
[api-minor] Simplify the TextLayer.#getAscent fallback (PR 12896 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19399
Use crypto.getRandomValues unconditionally in the src/core/crypto.js file by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19450
Check for the correct link-id prefix in "must not add links when unnecessary" integration-test (PR 19110 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19447
Shorten the MeshStreamReader.prototype.readBits method a little bit by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19446
[api-minor] Update the minimum supported Google Chrome version to 110 by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19454
[Editor] Add the ability to print and save some newly added signatures (bug 1946795) by @calixteman in https://github.com/mozilla/pdf.js/pull/19437
Replace a couple of loops with TypedArray.prototype.fill() by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19456
Isolate the ink editor integration tests by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19457
Ignore the URLs when checking if inferred links overlap existing LinkAnnotations (PR 19110 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19449
Check that the annotationLayer is still active before injecting inferred links (PR 19110 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19460
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19458
Create the borderStyle of inferred links lazily (PR 19110 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19461
[Editor] Add the possibility to compress/decompress the signature data in order to store them in the logins storage in Firefox (bug 1946171) by @calixteman in https://github.com/mozilla/pdf.js/pull/19425
Catch and ignore any errors during auto-linking parsing (PR 19110 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19464
Fix the color of the background button when hovering it by @calixteman in https://github.com/mozilla/pdf.js/pull/19472
[api-major] Apply the userUnit using CSS, to fix the text/annotation layers (bug 1947248) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19469
[Editor] Populate the 'Add signature' menu with the saved signatures (bug 1947828) by @calixteman in https://github.com/mozilla/pdf.js/pull/19478
Slightly shorten an Array.from usage in the SignatureManager class by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19485
Move the auto-link handling into its own PDFPageView helper-method, and dispatch a "linkannotationsadded" event by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19475
[GenericL10n] Fetch the language bundles in parallel to reduce load time by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19481
[Editor] Add the possibility to change a signature description (bug 1948116) by @calixteman in https://github.com/mozilla/pdf.js/pull/19486
Add a new closeIfActive method in the OverlayManager class by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19487
Search for destinations in both /Names and /Dests dictionaries (issue 19474) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19476
Add some unicode mapping for ligatures when writing the cmap table in the font (bug 1946181) by @calixteman in https://github.com/mozilla/pdf.js/pull/19427
Shorten the CipherTransformFactory.prototype.#buildObjectKey method by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19496
Check more of the stream when looking for commands after inline image (issue 19494) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19495
Ensure that the useWorkerFetch fallback value is always a boolean by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19499
[Editor] Add two integration tests for the signature UI by @calixteman in https://github.com/mozilla/pdf.js/pull/19500
Remove a few eslint-disable statements in the web/ folder by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19503
[Editor] Add a scrollbar to the signature doorhanger when it's overflowing (bug 1948771) by @calixteman in https://github.com/mozilla/pdf.js/pull/19507
[Editor] Scale the signature editor when it's too large (bug 1948741) by @calixteman in https://github.com/mozilla/pdf.js/pull/19506
[JS] Skip throwing actions by @calixteman in https://github.com/mozilla/pdf.js/pull/19508
[Editor] Wait for switching to stamp mode before adding a new editor when dnd'ing an image by @calixteman in https://github.com/mozilla/pdf.js/pull/19511
Fix all outstanding ESLint arrow-body-style warnings by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19504
[Editor] Add two integration tests for the signature feature by @calixteman in https://github.com/mozilla/pdf.js/pull/19512
Don't cache free/missing XRef entries (issue 19510) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19513
Fix autolinking errors by @ryzokuken in https://github.com/mozilla/pdf.js/pull/19470
[Editor] Remove the error panel when the user click on an other tab (bug 1949201) by @calixteman in https://github.com/mozilla/pdf.js/pull/19516
[Editor] Make the editing toolbar buttons text visible when hovered in HCM with Desert theme (bug 1949417) by @calixteman in https://github.com/mozilla/pdf.js/pull/19522
[Editor] Fix the outline of a focused button in the doorhanger while navigating with the keyboard by @calixteman in https://github.com/mozilla/pdf.js/pull/19523
[Editor] Fix the color of the labels in the editing doorhangers by @calixteman in https://github.com/mozilla/pdf.js/pull/19524
Move the EXIF-block replacement into JpegStream (PR 19356 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19518
Introduce some URL.parse() usage in the code-base by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19493
Consider textRise when showing Type3 font glyphs (issue 19532) by @Xiphoseer in https://github.com/mozilla/pdf.js/pull/19533
[api-minor] Render high-res partial page views when falling back to CSS zoom (bug 1492303) by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/19128
[Editor] Add a test for copy & paste a signature editor by @calixteman in https://github.com/mozilla/pdf.js/pull/19534
Provide a js fallback when the wasm version of openjpeg is failing to load (bug 1935076) by @calixteman in https://github.com/mozilla/pdf.js/pull/19525
Disable the loading of node types in the type tests by @stof in https://github.com/mozilla/pdf.js/pull/19531
[api-minor] Re-factor how the useWorkerFetch option is used internally by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19537
[Editor] Fix the position in the page of a drawing after it has been moved with the keyboard by @calixteman in https://github.com/mozilla/pdf.js/pull/19538
Update dependencies and translations to the most recent versions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19542
Refactor the editor integration test helper functions by @timvandermeij in https://github.com/mozilla/pdf.js/pull/19543
Fix the link for issue5939.pdf by @hecerinc in https://github.com/mozilla/pdf.js/pull/19545
[Editor] Shift the signature editor when pasted by @calixteman in https://github.com/mozilla/pdf.js/pull/19539
Add a comment 'THIS FILE IS GENERATED - DO NOT EDIT' in openjpeg files generated with emscripten by @calixteman in https://github.com/mozilla/pdf.js/pull/19552
Fix the assert in FontLoader.prototype.loadSystemFont by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19551
[Editor] Add some telemetry for the signature editor (bug 1945827) by @calixteman in https://github.com/mozilla/pdf.js/pull/19554
Pad rev 4 encryption keys to be >= 16 bytes (issue 19484) by @rossj in https://github.com/mozilla/pdf.js/pull/19555
Reset #renderError on RenderingCancelledException (PR 19128 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19558
Send disableFontFace and fontExtraProperties as part of the exported font-data by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19548
[Editor] Fix the telemetry for the signature stuff by @calixteman in https://github.com/mozilla/pdf.js/pull/19565
[api-minor] Stop exporting, by default, a few additional Font properties (PR 11777 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19549
Use more local variables in PDFViewerApplication._initializeViewerComponents by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19556
Abort various timeouts, in PDFViewer, when closing the document (PR 19128 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19557
Extend getGlyphMapForStandardFonts with some Cyrillic entries (issue 19550) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19562
Invoke TranslatedFont.prototype.loadType3Data only once per font by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19563
Don't attempt to use auto-linking in XFA documents (PR 19110 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19574
Reenable viewerCssTheme option for Firefox by @hecerinc in https://github.com/mozilla/pdf.js/pull/19544
Fix the build of the openjpeg decoder in order to use an optimized build of the openjpeg library (bug 1951128) by @calixteman in https://github.com/mozilla/pdf.js/pull/19584
Add a GlobalColorSpaceCache to reduce unnecessary re-parsing by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19583
Try reducing flakiness of CSS-only zoom test by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/19578
Add the missing return type for PDFWorker.fromPort() by @yjoer in https://github.com/mozilla/pdf.js/pull/19571
Don't bundle the FakeMLManager class in regular builds by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19568
Replace a loop with TypedArray.prototype.fill() in the RunLengthStream class by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19589
Write string-data into the .error-file created for broken test-manifest links (issue 19579) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19581
Be sure to consume responses in case of error in downloading test files (issue 19580) by @dhdaines in https://github.com/mozilla/pdf.js/pull/19582
Re-use the isValidExplicitDest helper function in the worker/viewer by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19577
Use arrow function with various Array methods by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19596
Fix autolinking with highlighted search results by @nicolo-ribaudo in https://github.com/mozilla/pdf.js/pull/19576
Use arrow functions with some Promise.then calls by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19597
Also cache "sub" ColorSpaces globally (PR 19583 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19598
[api-minor] Limit the maximum canvas width/height, in addition to its total area (bug 1943094) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19604
Use the latest emsdk version to compile openjpeg decoder by @calixteman in https://github.com/mozilla/pdf.js/pull/19585
[api-minor] Support using ICC profiles in using qcms (bug 860023) by @calixteman in https://github.com/mozilla/pdf.js/pull/19564
Remove ColorSpaceUtils.parseAsync and simplify the ColorSpace "API-surface" by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19599
Simplify the ColorSpaceUtils.singletons handling (PR 19564 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19607
Update l10n files by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19608
[Editor] Remove the unused opacityToHex helper function (PR 19093 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19610
Introduce a helper function for clamping a value to a range by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/19617
[Editor] In edit mode, a non-editable stamp must be visible after the page is rendered by @calixteman in [https://githu

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 4 times, most recently from a66cc13 to d3754ed Compare May 15, 2024 23:27

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from 693e413 to 9745c06 Compare June 6, 2024 01:51

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 6 times, most recently from dfe0a0a to c89fc0f Compare June 27, 2024 09:46

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from 7d5c4ba to 0c31352 Compare July 14, 2024 14:43

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from 2206bb6 to a8c85ea Compare July 21, 2024 13:55

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from b6cb31f to 3c03da8 Compare July 28, 2024 17:42

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from 5e75682 to cddb0a6 Compare October 9, 2024 12:13

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from 355ab8a to 1ea4f2d Compare October 28, 2024 15:17

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from c2d938d to a70d00a Compare November 17, 2024 19:19

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from b88aa14 to e093843 Compare December 2, 2024 11:31

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 4 times, most recently from e35d156 to 66ec744 Compare December 22, 2024 22:49

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from a39e219 to cd6d43c Compare January 15, 2025 03:13

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 3 times, most recently from 9fdb332 to 49b1a71 Compare January 30, 2025 15:49

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 49b1a71 to 599e424 Compare January 30, 2025 19:52

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from 6904cc7 to 312226c Compare February 9, 2025 18:26

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 2 times, most recently from 44c4696 to a68d9b0 Compare March 3, 2025 19:12

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch 5 times, most recently from 8c5ed6d to 98e1dfc Compare March 17, 2025 15:46

renovate bot changed the title ~~fix(deps): update dependency pdfjs-dist to v4 [security]~~ fix(deps): update dependency pdfjs-dist to v5 [security] Mar 17, 2025

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 98e1dfc to 600f820 Compare March 17, 2025 19:47

renovate bot changed the title ~~fix(deps): update dependency pdfjs-dist to v5 [security]~~ fix(deps): update dependency pdfjs-dist to v4 [security] Mar 17, 2025

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 600f820 to f486ae8 Compare April 5, 2025 19:51

renovate bot changed the title ~~fix(deps): update dependency pdfjs-dist to v4 [security]~~ fix(deps): update dependency pdfjs-dist to v5 [security] Apr 5, 2025

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from f486ae8 to 3f782f6 Compare April 5, 2025 20:22

renovate bot changed the title ~~fix(deps): update dependency pdfjs-dist to v5 [security]~~ fix(deps): update dependency pdfjs-dist to v4 [security] Apr 5, 2025

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 3f782f6 to 4ce0ac4 Compare April 8, 2025 15:21

renovate bot changed the title ~~fix(deps): update dependency pdfjs-dist to v4 [security]~~ fix(deps): update dependency pdfjs-dist to v5 [security] Apr 8, 2025

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from 4ce0ac4 to b36e4e9 Compare April 8, 2025 18:37

renovate bot changed the title ~~fix(deps): update dependency pdfjs-dist to v5 [security]~~ fix(deps): update dependency pdfjs-dist to v4 [security] Apr 8, 2025

fix(deps): update dependency pdfjs-dist to v5 [security]

7840fea

renovate bot force-pushed the renovate/npm-pdfjs-dist-vulnerability branch from b36e4e9 to 7840fea Compare April 24, 2025 12:11

renovate bot changed the title ~~fix(deps): update dependency pdfjs-dist to v4 [security]~~ fix(deps): update dependency pdfjs-dist to v5 [security] Apr 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency pdfjs-dist to v5 [security] #70

fix(deps): update dependency pdfjs-dist to v5 [security] #70

renovate bot commented May 7, 2024 •

edited

Loading

fix(deps): update dependency pdfjs-dist to v5 [security] #70

Are you sure you want to change the base?

fix(deps): update dependency pdfjs-dist to v5 [security] #70

Conversation

renovate bot commented May 7, 2024 • edited Loading

GitHub Vulnerability Alerts

CVE-2024-4367

Impact

Patches

Workarounds

References

Release Notes

v5.1.91

Changes since v5.0.375

v5.0.375

Changes since v4.10.38

Configuration

renovate bot commented May 7, 2024 •

edited

Loading

`v5.1.91`

`v5.0.375`