Marmelator/pdf.js.mirror
1
0
Fork 0
mirror of https://github.com/mozilla/pdf.js.git synced 2026-05-31 07:11:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,761 Commits 1 Branch 107 Tags
Commit Graph

543 Commits

Author SHA1 Message Date
Calixte Denizet
7bda0fc97c Enable 'eslint-plugin-regexp' and fix existing findings 
Enable the recommended preset and fix or per-line-disable the 78
findings it surfaces. Most are equivalent rewrites, intentional
patterns (control chars, the whatwg email regex, autolinker URL regex)
keep their behavior via targeted disables.
 2026-05-25 14:31:55 +02:00
Tim van der Meij
33d8f45fc5
Fix vulnerabilities in dependency versions 
This patch is generated automatically using `npm audit fix`, and brings
the number of reported vulnerabilities back to zero by patching:

- GHSA-jxxr-4gwj-5jf2: "brace-expansion: Large numeric range defeats
  documented `max` DoS protection"
- GHSA-58qx-3vcg-4xpx: "ws: Uninitialized memory disclosure"
 2026-05-24 19:34:07 +02:00
Tim van der Meij
f1f8e2c04e
Upgrade postcss-values-parser to version 8.0.0 
This is a major version bump, but the changelog at
17304bbe9c
doesn't indicate any breaking changes that should impact us.
 2026-05-24 19:29:57 +02:00
Tim van der Meij
0fa006997b
Update dependencies to the most recent versions 2026-05-24 19:29:09 +02:00
Tim van der Meij
4da7a9aa29
Upgrade typescript to version 6.0.3 
This is a major version bump containing two breaking changes for us:

- the `baseUrl` option is removed;
- the `moduleResolution` option doesn't support `node10` (or the `node`
  alias) anymore.

The migration guide at https://github.com/microsoft/TypeScript/issues/62508
indicates that we can remove `baseUrl` and change `moduleResolution` to
`bundler` (the latter is consistent with what other projects do that are
linked to the issue, and more details on that configuration option can
be found at https://www.typescriptlang.org/tsconfig/#moduleResolution).

Note that this is enough to get `npx gulp typestest` green and that is
all validation we can do on our side, so as usual if any follow-up fixes
for types are necessary we rely on the community to provide patches and
extend the types test where possible to improve validation.
 2026-05-11 21:05:11 +02:00
Tim van der Meij
c67306b435
Upgrade postcss-discard-comments to version 8.0.0 
This is a major version bump, but the changelog at
https://github.com/cssnano/cssnano/blob/master/packages/postcss-discard-comments/CHANGELOG.md
doesn't indicate any breaking changes that should impact us.
 2026-05-11 21:05:11 +02:00
Tim van der Meij
dd05ebad71
Upgrade @napi-rs/canvas to version 1.0.0 
This is a major version bump, but the changelog at
https://github.com/Brooooooklyn/canvas/releases/tag/v1.0.0
doesn't indicate any breaking changes that should impact us.
 2026-05-11 21:05:11 +02:00
Tim van der Meij
25a9196d9c
Update dependencies to the most recent versions 2026-05-11 21:05:11 +02:00
Tim van der Meij
e8a051cee5
Merge pull request #21248 from mozilla/dependabot/npm_and_yarn/babel/plugin-transform-modules-systemjs-7.29.4 
Bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4
 2026-05-10 14:07:18 +02:00
Tim van der Meij
e511c88f11
Merge pull request #21244 from mozilla/dependabot/npm_and_yarn/fast-uri-3.1.2 
Bump fast-uri from 3.1.0 to 3.1.2
 2026-05-10 14:06:27 +02:00
dependabot[bot]
f6e69b8a20
Bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4 
Bumps [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) from 7.29.0 to 7.29.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-09 17:40:37 +00:00
dependabot[bot]
b5af8151f6
Bump fast-uri from 3.1.0 to 3.1.2 
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-09 00:28:57 +00:00
dependabot[bot]
e94f9a9797
Bump fast-xml-builder from 1.1.5 to 1.2.0 
Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.5 to 1.2.0.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.5...v1.2.0)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-08 18:32:54 +00:00
dependabot[bot]
175c184956
Bump ip-address from 10.1.0 to 10.2.0 
Bumps [ip-address](https://github.com/beaugunderson/ip-address) from 10.1.0 to 10.2.0.
- [Commits](https://github.com/beaugunderson/ip-address/commits)

---
updated-dependencies:
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-07 00:37:45 +00:00
Jonas Jenwald
270b68feb9 [api-major] Update the minimum supported browsers, and remove no longer needed polyfills 
By removing support for older browsers it's possible to simplify both the code and the build-scripts, in addition to removing manually implemented polyfills.
Using the PDF.js library/viewer will now require native support for the following features:
 - The `AbortSignal.any()` static method, see https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal/any_static#browser_compatibility
 - The `:dir()` CSS pseudo-class, see https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/:dir#browser_compatibility
 - The `light-dark()` CSS function, see https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Values/color_value/light-dark#browser_compatibility
 - The CSS `&` nesting selector, see https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#browser_compatibility

This patch updates the minimum supported browsers as follows:
 - Google Chrome 125, which was released on 2024-05-15; see https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
 - Safari 18, which was released on 2024-09-16; see https://developer.apple.com/documentation/safari-release-notes/safari-18-release-notes
   *Note:* This version is the first with experimental support for the `CanvasRenderingContext2D.filter` property, which is a long-standing missing feature in Safari, however it must be *manually enabled*; see https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/filter#browser_compatibility

Note that nowadays we usually try, where feasible and possible, to support browsers that are about two years old. By limiting support to only "recent" browsers we reduce the risk of holding back improvements of the *built-in* Firefox PDF Viewer, and also (significantly) reduce the maintenance/support burden for the PDF.js contributors.

*Please note:* As always, the minimum supported browser version assumes that a `legacy`-build of the PDF.js library is being used; see https://github.com/mozilla/pdf.js/wiki/Frequently-Asked-Questions#faq-support
 2026-04-30 20:32:08 +02:00
Calixte Denizet
46fd67a191
Add some colors in the logs in order to easily see failures and add a summary of the failures at the end 2026-04-30 14:00:54 +02:00
Calixte Denizet
47f0bdc6a5
Use Istanbul instrumentation for unittestcli code coverage 2026-04-29 11:02:51 +02:00
Tim van der Meij
9afc31751a
Update dependencies to the most recent versions 2026-04-26 15:02:02 +02:00
dependabot[bot]
ae1b4796bd
Bump fast-xml-parser from 5.5.7 to 5.7.1 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.7 to 5.7.1.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.7...v5.7.1)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.7.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-23 06:04:13 +00:00
Tim van der Meij
a058acb34d
Fix vulnerability in the basic-ftp dependency 
This patch is generated with `npm audit fix` and fixes
GHSA-rp42-5vxx-qpwr.
 2026-04-18 16:09:56 +02:00
Tim van der Meij
ba2cc9c1e2
Update dependencies to the most recent versions 2026-04-18 16:07:10 +02:00
Jonas Jenwald
aced833344 Remove the basic Math.sumPrecise polyfill 
This is already polyfilled properly via core-js in `legacy` builds, and the only reason that it wasn't already removed is that the tests (on the bots) use the "modern" builds and Chrome didn't support `Math.sumPrecise` until now; see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/sumPrecise#browser_compatibility
 2026-04-15 16:32:13 +02:00
Tim van der Meij
d3b00c3b32
Upgrade babel-plugin-istanbul to version 8.0.0 
This is a major version bump, but the changelog at
https://github.com/istanbuljs/babel-plugin-istanbul/releases/tag/v8.0.0
doesn't indicate any breaking changes that should impact us (the
dependency update meant a bump of the minimal required Node.js version
to 18, but our minimal supported version is already higher than that).
 2026-04-12 16:17:03 +02:00
Tim van der Meij
583c9d6b98
Update dependencies to the most recent versions 
Note that the `globals` update rendered two ESLint ignore lines obsolete
because the `Sanitizer` global is now registered [1].

[1] 5d84602967
 2026-04-12 16:16:21 +02:00
dependabot[bot]
ec827e0766
Bump basic-ftp from 5.2.1 to 5.2.2 
Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/patrickjuchli/basic-ftp/compare/v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.2.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 22:09:53 +00:00
dependabot[bot]
81644a7ee9
Bump basic-ftp from 5.2.0 to 5.2.1 
Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-08 20:13:58 +00:00
Jonas Jenwald
5aaf30a071
Merge pull request #21018 from Snuffleupagus/Node-22 
[api-minor] Update the minimum supported Node.js version to 22
 2026-04-05 12:39:36 +02:00
Tim van der Meij
a6a66c077e
Fix vulnerabilities in dependency versions 
This patch is generated automatically using `npm audit fix`, and brings
the number of reported vulnerabilities to zero.
 2026-04-03 20:37:53 +02:00
Tim van der Meij
b6d5f122e3
Upgrade eslint-plugin-unicorn to version 64.0.0 
This is a major version bump, but the changelog at
https://github.com/sindresorhus/eslint-plugin-unicorn/releases/tag/v64.0.0
doesn't indicate any breaking changes that should impact us.
 2026-04-03 20:34:53 +02:00
Tim van der Meij
e97c847e93
Update dependencies to the most recent versions 2026-04-03 20:34:10 +02:00
Jonas Jenwald
e0423ebbe4 [api-minor] Update the minimum supported Node.js version to 22 
This patch updates the minimum supported environments as follows:
 - Node.js 22, which was initially released on 2024-04-24 and has now entered the "Maintenance"-phase; see https://github.com/nodejs/release#release-schedule

Furthermore, note also that Node.js 20 will reach end-of-life on 2026-04-30 which coincides (approximately) with the next PDF.js release.
 2026-04-01 12:06:32 +02:00
Jonas Jenwald
90fe6c70ff [Node.js] Remove the node-readable-to-web-readable-stream polyfill 
While `Readable.toWeb` wasn't marked as stable until more recently, the functionality itself has existed since Node.js version `17.0.0`; note https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options

Hence the polyfill shouldn't actually be necessary, which is confirmed by the unit-tests passing in Node.js version `20` in GitHub Actions.
 2026-03-30 13:45:13 +02:00
dependabot[bot]
5e4ca58785
Bump picomatch 
Bumps  and [picomatch](https://github.com/micromatch/picomatch). These dependencies needed to be updated together.

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-25 22:14:25 +00:00
Tim van der Meij
9151b69665
Merge pull request #20922 from mozilla/dependabot/npm_and_yarn/fast-xml-parser-5.5.7 
Bump fast-xml-parser from 5.5.6 to 5.5.7
 2026-03-19 20:53:30 +01:00
dependabot[bot]
281761d07d
Bump fast-xml-parser from 5.5.6 to 5.5.7 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.6 to 5.5.7.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.6...v5.5.7)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.5.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 19:47:38 +00:00
dependabot[bot]
9cf2718a69
Bump flatted from 3.4.1 to 3.4.2 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.4.1 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.4.1...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 19:44:37 +00:00
dependabot[bot]
15bb5fcebb
Bump fast-xml-parser from 5.5.5 to 5.5.6 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.5 to 5.5.6.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.5...v5.5.6)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 02:53:38 +00:00
calixteman
d5ac981d62
Update eslint to version 10 
Unfortunately, eslint-plugin-import depends on eslint 9. This plugin doesn't seem to be
actively maintained (lot of open issues and PRs).
Fortunately there's a fork of the plugin that doesn't support eslint 10 yet but is actively maintained.
So this PR changes the eslint version to 10 and replaces eslint-plugin-import with eslint-plugin-import-x.
 2026-03-15 19:36:54 +01:00
Tim van der Meij
534a199d18
Fix vulnerability in the flatted dependency 
This patch is generated with `npm audit fix` and fixes CVE-2026-32141.
 2026-03-15 14:54:11 +01:00
Tim van der Meij
b7ebd80db8
Update dependencies to the most recent versions 2026-03-15 14:53:11 +01:00
dependabot[bot]
85fe14ac94
Bump undici from 7.21.0 to 7.24.2 
Bumps [undici](https://github.com/nodejs/undici) from 7.21.0 to 7.24.2.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v7.21.0...v7.24.2)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-14 10:34:32 +00:00
Tim van der Meij
c7d345db76
Fix vulnerability in the underscore dependency 
This patch is generated with `npm audit fix` and fixes CVE-2026-27601.
 2026-03-07 19:02:23 +01:00
Tim van der Meij
57a8028ee2
Update dependencies to the most recent versions 2026-03-07 19:00:26 +01:00
Calixte Denizet
064e6a8b1c
Remove gulp-sourcemaps dependency which is unmaintained 2026-03-05 22:28:44 +01:00
Tim van der Meij
3d2d145329
Fix vulnerabilities in dependency versions 
This patch is generated automatically using `npm audit fix`.
 2026-03-01 20:44:42 +01:00
Tim van der Meij
ced9b4717f
Upgrade c8 to version 11.0.0 
This is a major version bump, but the changelog at
https://github.com/bcoe/c8/releases/v11.0.0 doesn't indicate any
breaking changes that should impact us.
 2026-03-01 20:43:20 +01:00
Tim van der Meij
4cb0d504b0
Update dependencies to the most recent versions 2026-03-01 20:42:19 +01:00
Tim van der Meij
5cbb8413cb
Merge pull request #20768 from calixteman/rm_yargs 
Remove dependency to yargs and use node:utils parseArgs
 2026-03-01 20:19:11 +01:00
Tim van der Meij
6299bf7fd6
Merge pull request #20762 from mozilla/dependabot/npm_and_yarn/multi-f5f34deeac 
Bump minimatch
 2026-03-01 19:56:30 +01:00
calixteman
f57b73d881
Remove dependency to yargs and use node:utils parseArgs 2026-03-01 15:01:31 +01:00