VadimDez
Update pdfjs-dist to 4.2.67 or later
Bug Report or Feature Request (mark with an x)
- [ ] Regression (a behavior that used to work and stopped working in a new release)
- [ ] Bug report -> please search issues before submitting
- [x] Feature request
- [ ] Documentation issue or request
Should be fixed via https://github.com/VadimDez/ng2-pdf-viewer/pull/1092 I suppose?
Yea, worth noting though that pdfjs 4.x has major breaking changes. When I looked at it, it seemed like it would require major rewrites to this package. Not that it's impossible, of course, but certainly not a quick thing. At the very least though this issue is probably a duplicate of https://github.com/VadimDez/ng2-pdf-viewer/issues/1078
Yea, worth noting though that pdfjs 4.x has major breaking changes. When I looked at it, it seemed like it would require major rewrites to this package. Not that it's impossible, of course, but certainly not a quick thing. At the very least though this issue is probably a duplicate of #1078
Yeah, Upgrading 2->3 was also already a new major version, but I guess there weren't that much (breaking) changes anyway? But now with 3->4 a lot more would be required?
I would also prefer to have it upgraded. Npm still mentioned in version 10.2.2 the high severity vulnerability in pdf.js.
But they mentioned an workaround to set the option isEvalSupported to false.
How would that be applied in ng2-pdf-viewer?
I would also prefer to have it upgraded. Npm still mentioned in version
10.2.2the high severity vulnerability in pdf.js.But they mentioned an workaround to set the option
isEvalSupportedtofalse. How would that be applied in ng2-pdf-viewer?
In my understanding, it is done in this library to disable this option. This was patched here: #1092
The best and safest would be of course to upgrade the pdfjs-dist to the latest version, but I'm not sure if it's happening anytime soon.
It was fixed in this for me, thanks alot! https://github.com/VadimDez/ng2-pdf-viewer/pull/1092
Updating to version 4 and above would fix this #624 and possibly also this #824 (Note that 824 is not complete, but a stale bot forced it to be completed anyway...)
- [api-major] Remove the SVG back-end (PR 15173 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/16699[api-major] Output JavaScript modules in the builds (issue 10317) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17055
- [api-major] Remove various deprecated functionality and options by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/16774
- [api-major] Output JavaScript modules in the builds (issue 10317) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17055
- [api-minor] Stop polyfilling structuredClone in legacy builds by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/17086
- [api-minor] Move to Fluent for the localization (bug 1858715) by @calixteman in https://github.com/mozilla/pdf.js/pull/17115
These are possibly breaking changes according to release notes from https://github.com/mozilla/pdf.js/releases/tag/v4.0.189.
I have highlighted (points 3 & 5) that may pose a challenge:
- Output JavaScript modules in the builds - This will require looking at where new ones are and how to load them properly.
- I have no clue how, if at all, translations are handled in this package...
@Tyre88 , vulnerability issue is not getting fixed with "ng2-pdf-viewer": "10.2.2" & "pdfjs-dist": "^3.11.174" version , any idea how to resolve this? or can you help me which file needs to be updated as we are not using pdfjs-dist directly , what changes need to be done in ng2-pdf-viewer?
