[PR #4] [MERGED] feat: upgrade to latest react pdf #3

Closed
opened 2026-02-16 00:20:23 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/run-llama/pdf-viewer/pull/4
Author: @thucpn
Created: 7/24/2024
Status: Merged
Merged: 7/24/2024
Merged by: @marcusschiesser

Base: mainHead: feat/upgrade-to-latest-react-pdf


📝 Commits (1)

  • 465cf49 feat: upgrade to latest react pdf

📊 Changes

3 files changed (+329 additions, -50 deletions)

View changed files

📝 package.json (+2 -2)
📝 src/view/VirtualizedPdf.tsx (+1 -1)
📝 yarn.lock (+326 -47)

📄 Description

react-pdf is experiencing a security issue, so we need to update it to the patch versions: https://github.com/wojtekmaj/react-pdf/security/advisories/GHSA-87hq-q4gp-9wr4

Updating react-pdf to 7.7.3 or 8.0.2 serves as a workaround, but since it still uses pdfjs-dist version 3, it does not ensure complete security. See: https://github.com/advisories/GHSA-wgrm-67xf-hhpq

In this PR, I have updated it to the latest version of react-pdf (9.1.0), following the guide:
https://github.com/wojtekmaj/react-pdf/wiki/Upgrade-guide-from-version-8.x-to-9.x


NextJs applications also need to update their configuration to be compatible with react-pdf v9 and pdfjs v4.
A common issue often seen with NextJs is: TypeError: Promise.withResolvers is not a function
Therefore, if we use the PDF component within NextJs components, we need to use dynamic import with ssr = false (to indicate to NextJs to use it for client-side rendering only).

See example how to fix in NextJs of create-llama:
https://github.com/run-llama/create-llama/pull/179/files#diff-7a26bbeebbf3ae33ffa6274bafc31222b853ecec01ab960f965451723324282d

References:
https://github.com/wojtekmaj/react-pdf/wiki/Upgrade-guide-from-version-8.x-to-9.x#dropped-support-for-older-browsers-and-nodejs-versions
https://github.com/wojtekmaj/react-pdf/issues/1811


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/run-llama/pdf-viewer/pull/4 **Author:** [@thucpn](https://github.com/thucpn) **Created:** 7/24/2024 **Status:** ✅ Merged **Merged:** 7/24/2024 **Merged by:** [@marcusschiesser](https://github.com/marcusschiesser) **Base:** `main` ← **Head:** `feat/upgrade-to-latest-react-pdf` --- ### 📝 Commits (1) - [`465cf49`](https://github.com/run-llama/pdf-viewer/commit/465cf497a51eeacc864779e1bfb3b7a7ad7780ae) feat: upgrade to latest react pdf ### 📊 Changes **3 files changed** (+329 additions, -50 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+2 -2) 📝 `src/view/VirtualizedPdf.tsx` (+1 -1) 📝 `yarn.lock` (+326 -47) </details> ### 📄 Description react-pdf is experiencing a security issue, so we need to update it to the patch versions: https://github.com/wojtekmaj/react-pdf/security/advisories/GHSA-87hq-q4gp-9wr4 Updating react-pdf to 7.7.3 or 8.0.2 serves as a workaround, but since it still uses pdfjs-dist version 3, it does not ensure complete security. See: https://github.com/advisories/GHSA-wgrm-67xf-hhpq In this PR, I have updated it to the latest version of react-pdf (9.1.0), following the guide: https://github.com/wojtekmaj/react-pdf/wiki/Upgrade-guide-from-version-8.x-to-9.x ---------- NextJs applications also need to update their configuration to be compatible with react-pdf v9 and pdfjs v4. A common issue often seen with NextJs is: `TypeError: Promise.withResolvers is not a function` Therefore, if we use the PDF component within NextJs components, we need to use dynamic import with `ssr = false` (to indicate to NextJs to use it for client-side rendering only). See example how to fix in NextJs of create-llama: https://github.com/run-llama/create-llama/pull/179/files#diff-7a26bbeebbf3ae33ffa6274bafc31222b853ecec01ab960f965451723324282d References: https://github.com/wojtekmaj/react-pdf/wiki/Upgrade-guide-from-version-8.x-to-9.x#dropped-support-for-older-browsers-and-nodejs-versions https://github.com/wojtekmaj/react-pdf/issues/1811 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-16 00:20:23 -05:00
yindo closed this issue 2026-02-16 00:20:23 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: run-llama/pdf-viewer#3