Draft: Upgrade pdf.js version to 4.5.136
What does this MR do and why?
Upgrade pdf.js version to 4.5.136. This allows us to safely remove the patch that prevented PDF.js from evaluating scripts when rendering PDF files in the UI to close a security vulnerability but had performance implications around rendering fonts.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
On Master, without patch | On this branch, without patch |
---|---|
Screen_Recording_2024-08-20_at_3.58.38_PM | Screen_Recording_2024-08-20_at_4.07.00_PM |
How to set up and validate locally
- Upload a pdf with exploits bad.pdf
- No alerts should pop up
Also tested a PDF without exploits render properly
Related to #462822