BUG: pdfjs-dist security vulnerability

[pixiwyn]

Link to notice concerning security vulnerability in pdfjs-dist affecting users of any version less recent than 4.2.67: https://vulert.com/vuln-db/CVE-2024-4367

Business Impact/Reason for Severity A PDF containing malicious JavaScript could actually execute code.

In which environment did you see this bug? All.

Expected Behavior Implement workaround, pdf functionality remains same.

Actual Behavior Security vulnerability.

Cause of Bug, If Known TBD

Definition of Done (Updated 4-14-21)

Product Owner

• [ ] Bug fix has been validated in the Court's test environment

Engineering

• [ ] Automated test scripts have been written
• [ ] Field level and page level validation errors (front-end and server-side) integrated and functioning
• [ ] Verify that language for docket record for internal users and external users is identical
• [ ] New screens have been added to pa11y scripts
• [ ] All new functionality verified to work with keyboard and macOS voiceover https://www.apple.com/voiceover/info/guide/_1124.html
• [ ] READMEs, other appropriate docs and swagger/APIs fully updated
• [ ] UI should be touch optimized and responsive for external only (functions on supported mobile devices and optimized for screen sizes as required)
• [ ] Interactors should validate entities before calling persistence methods
• [ ] Code refactored for clarity and to remove any known technical debt
• [ ] Deployed to the Court's test environment if prod-like data is required. Otherwise, deployed to any experimental environment for review.

[pixiwyn]

For testing: upload court issued document, make sure it's searchable, and that it can be signed. Please try a variety of different PDFs. Note: Fillable forms weren't searchable prior to this ticket.

[pixiwyn]

Related ticket: https://app.zenhub.com/workspaces/flexionef-cms-5bbe4bed4b5806bc2bec65d3/issues/gh/flexion/ef-cms/10300