Skip to content

Commit 8c257f9

Browse files
danxuliubackportbot[bot]
danxuliu
authored and
backportbot[bot]
committed
fix: Pin pdfjs-dist to exact 4.0.189
The PDF viewer explicitly sets "isEvalSupported" to "false", so it is not affected by the security issue reported for versions <= 4.1.392, which assume the default value of "true". pdfjs-dist is the main dependency of the PDF viewer, and any version update requires additional work in the PDF viewer, it is not just increasing the version and that is it. Due to all of the above, the pdfjs-dist version is pinned for now to exact 4.0.189 to avoid dealing again and again with incorrect updates after running "npm audit fix". Signed-off-by: Daniel Calviño Sánchez <[email protected]>
1 parent 8a674f9 commit 8c257f9

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

package-lock.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"@nextcloud/logger": "^3.0.2",
3535
"@nextcloud/router": "^3.0.1",
3636
"@nextcloud/sharing": "^0.2.4",
37-
"pdfjs-dist": "^4.0.189"
37+
"pdfjs-dist": "4.0.189"
3838
},
3939
"browserslist": [
4040
"extends @nextcloud/browserslist-config"

0 commit comments

Comments
 (0)