This version updates PDF.js to 4.3.136, fixing GHSA-wgrm-67xf-hhpq.
React-PDF v8.0.2 already included a mitigation of the issue and thus were not affected by this vulnerability, but caused automatic security alerts due to the outdated PDF.js version.
Breaking changes to confirm are ok with your project:
PDF.js worker extension has been changed from .js to .mjs.
Dropped support for older browsers and Node.js versions. In particular, you may need Promise.withResolvers polyfill when running Node.js versions older than 22.0.0.
This version updates PDF.js to 4.3.136, fixing GHSA-wgrm-67xf-hhpq.
React-PDF v8.0.2 already included a mitigation of the issue and thus were not affected by this vulnerability, but caused automatic security alerts due to the outdated PDF.js version.
Breaking changes to confirm are ok with your project: