Draft: Upgrade pdf.js version to 4.5.136 (!163388) · Merge requests · GitLab.org / GitLab

Chaoyue Zhao requested to merge 462822-pdf into master Aug 20, 2024

What does this MR do and why?

Upgrade pdf.js version to 4.5.136. This allows us to safely remove the patch that prevented PDF.js from evaluating scripts when rendering PDF files in the UI to close a security vulnerability but had performance implications around rendering fonts.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

On Master, without patch	On this branch, without patch
Screen_Recording_2024-08-20_at_3.58.38_PM	Screen_Recording_2024-08-20_at_4.07.00_PM

How to set up and validate locally

Upload a pdf with exploits bad.pdf
No alerts should pop up

Also tested a PDF without exploits render properly

Related to #462822

Draft: Upgrade pdf.js version to 4.5.136

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports