Bump react-pdf from 7.7.3 to 9.0.0 in /ui

[dependabot[bot]]

Bumps react-pdf from 7.7.3 to 9.0.0.

Release notes

Sourced from react-pdf's releases.

v9.0.0

See Upgrade guide from version 8.x to 9.x.

This version updates PDF.js to 4.3.136, fixing GHSA-wgrm-67xf-hhpq for good. React-PDF v8.0.2 and v7.7.3 have already included a mitigation of the issue and thus were not affected by this vulnerability, but caused automatic security alerts due to the outdated PDF.js version.

❗️ = breaking change

What's new?

• Updated PDF.js to 4.3.136.
  • Optimizations for CPU and memory usage
  • Performance improvements
  • Image rendering improvements
  • Text selection improvements
  • Accessibility improvements
  • Font conversion improvements
  • Handling of corrupted documents
• Improved Turbopack compatibility.

What's changed?

• ❗️ PDF.js worker extension has been changed from .js to .mjs.
• ❗ PDF.js is now an ESM module. In particular, you may encounter issues running unit tests using Jest. Consider migrating to Vitest.
• ❗️ Removed deprecated svg renderMode.
• ❗️ Dropped support for older browsers and Node.js versions. In particular, you may need Promise.withResolvers polyfill when running Node.js versions older than 22.0.0.

v8.0.2

Bug fixes

• Force isEvalSupported to false. Fixes GHSA-87hq-q4gp-9wr4 (caused by GHSA-wgrm-67xf-hhpq).

v8.0.1

This version shipped an incorrect fix for a security vulnerability and thus has been deprecated.

Bug fixes

• Force isEvalSupported to true. Fixes GHSA-87hq-q4gp-9wr4 (caused by GHSA-wgrm-67xf-hhpq).

v8.0.0

See Upgrade guide from version 7.x to 8.x.

❗️ = breaking change

What's new?

• Added support for React 19.

What's changed?

... (truncated)

Commits

• 52fd082 v9.0.0
• 6881c82 Update docs on compatibility
• 5544c3b Remove forced isEvalSupported value
• b83b127 Update pdfjs-dist to 4.3.136
• fc0343c Remove workaround for wrong downloadManager type
• 2ba89d8 Add Promise.withResolvers polyfill
• 62a7368 [breaking] Update pdfjs-dist to 4.2.67
• c31e769 [breaking] Update pdfjs-dist to 4.0.379
• 3007e58 Replace global with globalThis
• 6bfef4b Use new syntax for notes
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

| Dependency Name | Ignore Conditions | | --- | --- | | react-pdf | [>= 6.2.a, < 6.3] |

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)