Force isEvalSupported to false. Fixes GHSA-87hq-q4gp-9wr4 (caused by GHSA-wgrm-67xf-hhpq).
v7.7.2
This version shipped an incorrect fix for a security vulnerability and thus has been deprecated.
Bug fixes
Force isEvalSupported to true. Fixes GHSA-87hq-q4gp-9wr4 (caused by GHSA-wgrm-67xf-hhpq).
v7.7.1
Bug fixes
Fixed Outline, Page and Thumbnail components crashing when placed outside Document, but provided with pdf prop (#1709).
Fixed documentation for using vite-plugin-static-copy suggesting a solution that doesn't work on Windows.
v7.7.0
What's new?
Detect not memoized file and options props.
What's changed?
Updated documentation to make it clear SVG renderMode is deprecated and will be removed in the future.
Replaced tiny-warning with more popular (and equally tiny!) warning.
v7.6.0
What's new?
Improved developer experience by moving prop documentation to JSDoc. This means that you can now see descriptions, default values, and examples for all props in your IDE.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ohoareau/libs-js/network/alerts).
Bumps react-pdf from 4.1.0 to 7.7.3.
Release notes
Sourced from react-pdf's releases.
... (truncated)
Commits
1a69776v7.7.3208f28dForce isEvalSupported to false8ca4d07v7.7.2260295bForce isEvalSupported to true93b09c3v7.7.1f01d41eBump eslint-config-wojtekmaj from 0.9.0 to 0.11.0a9d0b52Bump eslint from 8.37.0 to 8.56.057eaaf7Bump jsdom from 21.1.1 to 24.0.0e339525Fix Outline, Page and Thumbnail components crashing when placed outside Documentcf5327bAdd missing linkService in DocumentContext in unit testsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show