Skip to content

chore(deps)(deps-dev): bump pdfjs-dist from 5.7.284 to 6.1.200#102

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pdfjs-dist-6.1.200
Open

chore(deps)(deps-dev): bump pdfjs-dist from 5.7.284 to 6.1.200#102
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pdfjs-dist-6.1.200

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps pdfjs-dist from 5.7.284 to 6.1.200.

Release notes

Sourced from pdfjs-dist's releases.

v6.1.200

This release contains improvements for annotation rendering, annotation editing, font conversion, image conversion, merging files, SMask rendering and the viewer.

Changes since v6.0.227

... (truncated)

Commits
  • 6353ace Merge pull request #21508 from Snuffleupagus/optional-chaining-not-length
  • b7b3a4c Use more optional chaining in the src/ and web/ folders
  • 8bdd159 Merge pull request #21505 from Snuffleupagus/StructTreeRoot-rm-init
  • 195226e Merge pull request #21500 from calixteman/bug2050191
  • d852613 Merge pull request #21487 from calixteman/issue17333
  • 8232440 Inline the init method in the StructTreeRoot constructor
  • 86ffd68 Merge pull request #21504 from nicolo-ribaudo/move-selection-styles
  • 5d81fe5 Move SVG text selection styles to pdf_viewer.css
  • a1953e7 Merge pull request #21502 from Snuffleupagus/issue17906-test-forms
  • beb332a Change issue17906 to test "forms" rendering
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: deps. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Jun 29, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9937917f2f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread pnpm-lock.yaml
axios@>=1.0.0 <1.16.0: '>=1.16.0'
uuid: '>=14.0.0'
pdfjs-dist: 5.7.284
pdfjs-dist: 6.1.200

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Sync the pdfjs override in the manifest

In this commit the lockfile override is updated to 6.1.200, but the committed root package.json still has pnpm.overrides.pdfjs-dist pinned to 5.7.284 at line 94. Since .github/workflows/ci.yml and security.yml run pnpm install --frozen-lockfile, and the pnpm docs say frozen installs fail when the lockfile is out of sync with the manifest, clean CI installs will fail until the root override is bumped or this lockfile entry is reverted.

Useful? React with 👍 / 👎.

Comment thread pnpm-lock.yaml
'@qrcommunication/gigapdf-lib':
specifier: latest
version: 0.106.0
version: 0.108.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Avoid bundling an unrelated engine upgrade

This pdfjs dev-dependency bump also changes the production @qrcommunication/gigapdf-lib resolution from 0.106.0 to 0.108.0 for packages/pdf-engine (and the same drift appears in packages/canvas) even though neither manifest changed that dependency. Merging this PR would therefore deploy a different native PDF engine along with the pdfjs update, so any parse/render behavior changes from 0.108.0 become part of this release without review; please revert this lockfile drift or split it into its own dependency update.

Useful? React with 👍 / 👎.

Bumps [pdfjs-dist](https://github.com/mozilla/pdf.js) from 5.7.284 to 6.1.200.
- [Release notes](https://github.com/mozilla/pdf.js/releases)
- [Commits](mozilla/pdf.js@v5.7.284...v6.1.200)

---
updated-dependencies:
- dependency-name: pdfjs-dist
  dependency-version: 6.1.200
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/pdfjs-dist-6.1.200 branch from 9937917 to 4b19163 Compare June 30, 2026 02:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants