[Snyk] Upgrade pdfjs-dist from 5.4.394 to 5.4.449

[ElMaxter99]

Snyk has created this PR to upgrade pdfjs-dist from 5.4.394 to 5.4.449.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: pdfjs-dist

• 5.4.449 - 2025-11-29
  

  This release contains improvements for the annotation editor, performance, text selection and the viewer.

  Changes since v5.4.394

  • Bump the stable version in pdfjs.config by @ timvandermeij in #20414
  • Create the number tree for the ParentTree only one time by @ calixteman in #20425
  • Add the possibility to create a pdf from different ones (bug 1997379) by @ calixteman in #20409
  • Update the page labels tree when a pdf is extracted (bug 1997379) by @ calixteman in #20411
  • Update the named page destinations when some pdf are combined (bug 1997379) by @ calixteman in #20421
  • Version entry in the catalog has to be a name and not a string by @ calixteman in #20432
  • Add a wrapper for the new xref in order to be able to get some values from cloned dictionaries by @ calixteman in #20431
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #20429
  • Introduce a helper function to create a freetext editor in the integration tests by @ timvandermeij in #20430
  • Add telemetry for tagged pdfs (bug 1997134) by @ calixteman in #20405
  • Merge the structure trees coming from different pdfs (bug 1997379) by @ calixteman in #20436
  • Add regression test for PR 19184 by @ maettuu in #20151
  • Bump glob by @ dependabot[bot] in #20448
  • Bump js-yaml from 3.14.1 to 3.14.2 by @ dependabot[bot] in #20449
  • Lint and format the HTML in using Prettier by @ calixteman in #20447
  • Add setter for some FontFaceObject properties by @ Aditi-1400 in #20427
  • fix: deleteAnnotationElement takes a full editor object by @ sachiniyer in #20413
  • When searching for a group of punctuation signs, only add extraspaces around the group by @ calixteman in #20456
  • [XFA] Set default max value in occur tag to -1 (bug 1998843) by @ calixteman in #20455
  • Bump actions/checkout from 5 to 6 by @ dependabot[bot] in #20459
  • Include missing cached-iterable dev dependency in package.json by @ Mario34 in #20450
  • Don't use firstChild/lastChild when getting elements (follow-up of #20447) by @ calixteman in #20458
  • [Editor] Allow to save an edited comment in using CTRL+Enter shortcut. by @ calixteman in #20460
  • Create a sidebar object by @ calixteman in #20467
  • Fix the regex string used to find the chars to normalize with NFKC when searching by @ calixteman in #20465
  • Use OIDC trusted publishing in the GitHub Actions release workflow by @ timvandermeij in #20468
  • Slightly reduce the memory used by thumbnails by @ calixteman in #20462
• 5.4.394 - 2025-11-02
  

  This release contains improvements for the annotation editor, accessibility, font conversion and performance.

  Changes since v5.4.296

  • Bump the stable version in pdfjs.config by @ timvandermeij in #20339
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #20337
  • [Editor] Remove obsolete arguments for setDims calls in the highlight code by @ timvandermeij in #20335
  • Add a test for PR #20320 by @ calixteman in #20338
  • [Editor] Make sure that comment stuff is removed when an editor is deleted (bug 1992987) by @ calixteman in #20342
  • [Editor] Make sure the editor is focused after the comment has been deleted (bug 1992832) by @ calixteman in #20343
  • [Editor] Make sure all editors are focusable with the keyboard (bug 1992868) by @ calixteman in #20341
  • [Editor] Remove the role radio for the editing buttons (bug 1990826) by @ calixteman in #20347
  • [Editor] Make sure that annotation positions in the DOM respect the visual order (bug 1992770) by @ calixteman in #20344
  • [Annotation] Use the annotations rect in order to fix the order in the DOM (bug 1987914) by @ calixteman in #20350
  • [Editor] Avoid to have a null button in the DOM when there's no comment manager by @ calixteman in #20351
  • Improve performance of the struct tree build (bug 1987914) by @ calixteman in #20352
  • [Annotation] Improve the performance of the code for getting glyphs which belongs to annotations bounding boxes (bug 1987914) by @ calixteman in #20353
  • Use enums instead of string for mesh shading figure type by @ Aditi-1400 in #20354
  • Bump github/codeql-action from 3 to 4 by @ dependabot[bot] in #20357
  • Very slightly improve intersector performance by @ calixteman in #20358
  • Use Python 3.14 in the GitHub workflows by @ timvandermeij in #20363
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #20356
  • Reset sameLineText dependencies data on setTextMatrix by @ nicolo-ribaudo in #20361
  • Use a binary format for the glyph paths by @ calixteman in #20367
  • [Editor] Correctly focus the annotation once the comment has been removed in the annotation layer (bug 1994738) by @ calixteman in #20369
  • [Editor] Fix the tooltip of the comment button when in the editor toolbar (bug 1994958) by @ calixteman in #20372
  • [Editor] FreeText annotations aren't supposed to have an attached popup so disable commenting for them (bug 1995028) by @ calixteman in #20374
  • [Editor] Make sure the color picker has the right color when pasting an editor by @ calixteman in #20375
  • [Editor] Fix integration test after #20372 by @ calixteman in #20377
  • Use stream for whatever substrem in stream classes by @ calixteman in #20373
  • Fix stream use when getting the text (follow-up of #20373) by @ calixteman in #20379
  • Add a highlightSpan function in order to simplify a bit the integration tests by @ calixteman in #20355
  • Tweak the "scroll into view" viewer integration test by @ timvandermeij in #20380
  • Don't use the aboutstacks.pdf file in the integration tests by @ timvandermeij in #20378
  • Bump actions/setup-node from 5 to 6 by @ dependabot[bot] in #20381
  • Serialize pattern data into ArrayBuffer by @ Aditi-1400 in #20340
  • [Editor] Fix the css of the button to close the comment sidebar (bug 1995766) by @ calixteman in #20386
  • [Editor] Fix the css of the link in the comment sidebar (bug 1995721) by @ calixteman in #20387
  • [Editor] Avoid to have several Undo entries in the context menu (bug 1995705) by @ calixteman in #20388
  • [Editor] Make sure the left (resp. right) corner of the popup is visible when in LTR (resp. RTL) (bug 1995579) by @ calixteman in #20389
  • Make MathML elements visible in the struct tree (bug 1937438) by @ calixteman in #20384
  • Bump actions/upload-artifact from 4 to 5 by @ dependabot[bot] in #20400
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #20396
  • Add the font PT Astra Serif as a possible substitution for Times New Roman by @ CoelacanthusHex in #20394
  • Collect all child nodes of lists and tables in StructTree by @ edoardocavazza in #20327
  • Add text extractor as an external service by @ gregtatum in #20406
  • Revert "Add some telemetry in order to know what are the certificates used in pdfs (bug 1973573)" by @ calixteman in #20404
  • Don't set the MathML namespace for attributes in MathML tags (bug 1997343) by @ calixteman in #20408
  • [Editor] A new CurrentPointers class to store current pointers used by the editor by @ legraina in #20213

from pdfjs-dist GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
pdf-annotator	Ready	Preview, Comment	Dec 27, 2025 11:19am

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-6a391a27ea3ef974b2ddf762f27b3306

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}