build(deps): bump pdfjs-dist from 3.11.174 to 4.2.67

[dependabot]

Bumps pdfjs-dist from 3.11.174 to 4.2.67.

Release notes

Sourced from pdfjs-dist's releases.

v4.2.67

This release includes a new JPX decoder, based on OpenJPEG, which improves JPX image rendering performance and correctness. Moreover, this release contains improvements for the annotation editor, font conversion and the viewer.

Note that text selection boxes for some PDF files may overlap visually. This is a known issue that we currently track in mozilla/pdf.js#17561.

Changes since v4.1.392

• Bump the stable version in pdfjs.config by @​timvandermeij in mozilla/pdf.js#17924
• Convert the history code to use proper private methods by @​timvandermeij in mozilla/pdf.js#17925
• Update dependencies and translations to the most recent versions by @​timvandermeij in mozilla/pdf.js#17927
• Remove the tag for missing font subset when trying to find a substitution by @​calixteman in mozilla/pdf.js#17930
• Fix resetting of cursor-tools when closing the document (PR 17464 follow-up) by @​Snuffleupagus in mozilla/pdf.js#17933
• Warn when a non-embedded font has an invalid name by @​calixteman in mozilla/pdf.js#17934
• Remove the mkdirp dependency in favor of the built-in Node.js fs.mkdirSync by @​timvandermeij in mozilla/pdf.js#17935
• Improve type definitions for the viewer by @​ex37 in mozilla/pdf.js#17879
• Fix the "must check that invisible fields are made visible" scripting integration test by @​timvandermeij in mozilla/pdf.js#17940
• Remove the rimraf dependency in favor of the built-in Node.js fs.rmSync in the test folder by @​timvandermeij in mozilla/pdf.js#17938
• [api-minor] Update the minimum supported Safari version to 16.4 by @​Snuffleupagus in mozilla/pdf.js#17942
• Fix the "must check that a field has the correct value when a choice is changed" scripting integration test by @​timvandermeij in mozilla/pdf.js#17947
• [api-minor] Add a jpx decoder based on OpenJPEG 2.5.2 by @​calixteman in mozilla/pdf.js#17946
• Bump library version to 4.2 by @​Snuffleupagus in mozilla/pdf.js#17949
• Build the openjpeg-based decoder in a web environment in order to avoid issues when used in node by @​calixteman in mozilla/pdf.js#17954
• Fix JpxImage API issues (PR 17946 follow-up) by @​timvandermeij in mozilla/pdf.js#17951
• [JPX] Throw an exception with the error messages returned by openjpeg by @​calixteman in mozilla/pdf.js#17956
• [Editor] Provide an element to render in the annotation layer after a freetext has been edited (bug 1890535) by @​calixteman in mozilla/pdf.js#17914
• Remove waitForTimeout usage from the helper functions by @​timvandermeij in mozilla/pdf.js#17966
• Remove some event listeners with signal in the viewer by @​Snuffleupagus in mozilla/pdf.js#17964
• [Editor] Don't show the context menu when resizing by @​calixteman in mozilla/pdf.js#17973
• Correctly update the xref table when an annotation is deleted by @​calixteman in mozilla/pdf.js#17970
• Update dependencies and translations to the most recent versions by @​timvandermeij in mozilla/pdf.js#17972
• Improve jpx decoding by around 20% in enabling simd support when compiling OpenJPEG by @​calixteman in mozilla/pdf.js#17983
• [api-minor] Remove the image-related error message prefixes by @​Snuffleupagus in mozilla/pdf.js#17979
• Use the pdf.js warn when using jpx decoder by @​calixteman in mozilla/pdf.js#17985
• Extend the globally cached image main-thread copying to "complex" images as well (PR 17428 follow-up) by @​Snuffleupagus in mozilla/pdf.js#17978
• Update JpxImage.parseImageProperties to support TypedArray data in IMAGE_DECODERS builds by @​Snuffleupagus in mozilla/pdf.js#17977
• Add signal-support in the EventBus, and utilize it in the viewer (PR 17964 follow-up) by @​Snuffleupagus in mozilla/pdf.js#17967
• Set correctly the change property for the event triggered when a choice list is changed by @​calixteman in mozilla/pdf.js#17999
• Remove all waitForTimeout usage from the annotation integration tests by @​timvandermeij in mozilla/pdf.js#17969
• Validate explicit destinations on the worker-thread to prevent DataCloneError (issue 17981) by @​Snuffleupagus in mozilla/pdf.js#17984
• Allow to insert several annotations under the same parent in the structure tree by @​calixteman in mozilla/pdf.js#17986
• Always enable smoothing when rendering downscaled image by @​calixteman in mozilla/pdf.js#17868
• Simplify the way to pass the glyph drawing instructions from the worker to the main thread by @​calixteman in mozilla/pdf.js#18015
• Validate additional font-dictionary properties by @​Snuffleupagus in mozilla/pdf.js#18014
• Add more validation of width-data by @​Snuffleupagus in mozilla/pdf.js#18017
• Reduce code-duplication when caching data in CompiledFont.getPathJs by @​Snuffleupagus in mozilla/pdf.js#18018
• Re-factor SimpleLinkService to extend PDFLinkService by @​Snuffleupagus in mozilla/pdf.js#18013
• [api-minor] Move the page reference/number caching into the API by @​Snuffleupagus in mozilla/pdf.js#18001

v4.1.392

This release features improvements, bugfixes and optimizations for accessibility, annotation rendering, annotation editing, font rendering, form handling, image rendering, text selection and the viewer.

... (truncated)

Commits

• 49b3881 Merge pull request #18001 from Snuffleupagus/api-pageRefCache
• 150964d Remove unnecessary check from PDFLinkService.goToDestination (PR 17984 foll...
• f6cd039 [api-minor] Move the page reference/number caching into the API
• fa69d9a Inline the helper method in PDFLinkService.goToDestination
• 3052e99 Merge pull request #18013 from Snuffleupagus/SimpleLinkService-extends-PDFLin...
• 2b2ade7 Merge pull request #18018 from Snuffleupagus/CompiledFont-tweak-caching
• 627fe2d Merge pull request #18017 from Snuffleupagus/validate-widths
• 85ff8f3 Reduce code-duplication when caching data in CompiledFont.getPathJs
• d411a07 Add more validation of width-data
• 234067e Merge pull request #18014 from Snuffleupagus/validate-font-properties
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

✅ Deploy Preview for wfp-hungermap ready!

Name	Link
🔨 Latest commit	7f7ba37
🔍 Latest deploy log	https://app.netlify.com/sites/wfp-hungermap/deploys/67641223258dc9000859ba61
😎 Deploy Preview	https://deploy-preview-139--wfp-hungermap.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[Tschonti]

@ahmtslmngcl can you check if we can use pdf-js v4? v3 had a big security vulnerability.

[marinovl7]

@ahmtslmngcl can you check if we can use pdf-js v4? v3 had a big security vulnerability.

CC: @bohdangarchu

[bohdangarchu]

@Tschonti I think we don't need this dependency anyway. pdfjs is always imported from react-pdf in our code

[ahmtslmngcl]

@Tschonti works fine but we also don't need it as @bohdangarchu noticed correctly

[Tschonti]

But react-pdf depends on this package, so even if pdfjs-dist is not in our package.json, it'll be in our project (in yarn.lock), so make sure we're using v4