Skip to content

chore(deps): bump pdfjs-dist to 6.0.227#1666

Merged
ahorowitz123 merged 1 commit into
masterfrom
bump-pdfjs-6
Jun 3, 2026
Merged

chore(deps): bump pdfjs-dist to 6.0.227#1666
ahorowitz123 merged 1 commit into
masterfrom
bump-pdfjs-6

Conversation

@ahorowitz123

Copy link
Copy Markdown
Contributor

Summary

Bumps pdfjs-dist from 4.3.136 to 6.0.227 (latest) and bumps the package's engines.node minimum to >=22.13.0 to match pdfjs's requirement.

Why

pdfjs-dist@4.x declares canvas in dependencies, which forces npm consumers (any downstream that installs this package) to compile native bindings via node-pre-gyp. That fails on Apple Silicon Macs and CI agents without Python and a C++ toolchain, blocking installation by downstream consumers entirely.

pdfjs-dist@5.x and later moved canvas to optionalDependencies, so install no longer attempts the native build. Bumping to the latest 6.x cleanly fixes this.

What's verified

  • yarn install succeeds without invoking node-pre-gyp / canvas native build
  • yarn build:lib succeeds
  • ✅ Manual runtime test against the npm-load path (useNpmPdfjs=true): PDF rendered correctly, window.pdfjsLib.version reports 6.x
  • ✅ Full doc viewer test suite: 631/631 pass with no source changes

The pdfjs API surfaces we use (getDocument, PDFViewer, PDFLinkService, PDFFindController, EventBus, GlobalWorkerOptions) are unchanged across the 4.x → 6.x breaking-change list. The api-major changes in 5.x/6.x affect editor functionality and getDocument no-args calling, neither of which we touch.

Test plan

  • yarn install from a clean checkout
  • yarn build:lib
  • yarn test src/lib/viewers/doc/
  • Manual PDF preview via local dev server with useNpmPdfjs=true
  • Manual smoke check after merge: multi-page PDF, find/search, thumbnails sidebar, zoom/rotate, password-protected PDF, presentation viewer

🤖 Generated with Claude Code

pdfjs-dist 4.x declared canvas in dependencies, which forced npm
consumers to compile native bindings via node-pre-gyp. That fails on
Apple Silicon Macs and CI agents without Python and a C++ toolchain,
blocking installation of this package by downstream consumers.

pdfjs-dist 5.x and later moved canvas to optionalDependencies, so
install no longer attempts the native build. Bump to 6.0.227 (latest)
and bump the engines.node minimum to match pdfjs's requirement.

The full doc viewer test suite (631 tests) passes against the new
version with no source changes — the API surfaces we use (getDocument,
PDFViewer, PDFLinkService, PDFFindController, EventBus,
GlobalWorkerOptions) are unchanged across the v4 → v6 jump.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ahorowitz123 ahorowitz123 requested a review from a team as a code owner June 3, 2026 16:37
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpdfjs-dist@​4.3.136 ⏵ 6.0.2279510082 +19580

View full report

@ahorowitz123 ahorowitz123 merged commit 7e082b8 into master Jun 3, 2026
7 checks passed
@ahorowitz123 ahorowitz123 deleted the bump-pdfjs-6 branch June 3, 2026 19:57
mrscobbler added a commit that referenced this pull request Jul 9, 2026
Revert the pdfjs-dist 6.0.227 bump (#1666) while v6 regressions are
investigated. Restores engines.node >=20.0.0 (the bump only existed
to satisfy pdfjs 6) and removes the annotationLayer z-index
workaround from #1694, which compensated for v6's earlier page-layer
insertion and is unnecessary on v4.

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Sophia <1317004+mrscobbler@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants