[Snyk] Upgrade pdfjs-dist from 4.8.69 to 4.10.38

[VadimDez]

Snyk has created this PR to upgrade pdfjs-dist from 4.8.69 to 4.10.38.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released 8 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Improper Link Resolution Before File Access ('Link Following') SNYK-JS-TARFS-10293725	482	No Known Exploit
	Symlink Attack SNYK-JS-TARFS-9535930	482	Mature

Release notes

Package name: pdfjs-dist

• 4.10.38 - 2025-01-01
  

  This release contains improvements for accessibility, the annotation editor, font conversion, performance, SMasks and the viewer.

  Changes since v4.9.155

  • Bump the stable version in pdfjs.config by @ timvandermeij in #19178
  • When zooming replace the css-zoomed canvas by the new one only when rendering is finished by @ calixteman in #19164
  • Ensure that a missing/invalid "Content-Range" header is handled in PDFNetworkStream (issue 19075) by @ Snuffleupagus in #19114
  • Do not stringify errors when logging them by @ nicolo-ribaudo in #19148
  • Get the first codepoint instead of the first char when using the toUnicode map by @ calixteman in #19184
  • Support toggling the PDFFindBar options with the Enter key (issue 19175) by @ Snuffleupagus in #19185
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #19190
  • Print more warnings about potential problems in Node.js environments by @ Snuffleupagus in #19191
  • Fix intermittent issues in the issue14307.pdf integration tests by @ timvandermeij in #19192
  • Add a ref test for setting disableFontFace to true by @ calixteman in #19197
  • Take the userUnit into account in the PageViewport class (issue 19176) by @ Snuffleupagus in #19196
  • Improve perfs of the font renderer by @ calixteman in #19189
  • Remove the raw path-strings after creating the actual Path2D glyph-objects by @ Snuffleupagus in #19200
  • Update OpenJPEG to 2.5.3 by @ calixteman in #19203
  • [Editor] Don't commit the current drawing while zooming by @ calixteman in #19202
  • Make sure the canvas is always the first child of its wrapper by @ calixteman in #19204
  • [Editor] When resizing a stamp annotation, the opposite corner must stay fixed by @ calixteman in #19201
  • Simplify logic to insert canvas as first element by @ nicolo-ribaudo in #19206
  • Fix intermittent failures when moving a freetext annotation in integration tests by @ calixteman in #19198
  • Update Puppeteer to version 23.10.2 by @ calixteman in #19208
  • Update Puppeteer to version 23.10.3 by @ calixteman in #19210
  • [Editor] Improve drawing on a touch screen. by @ calixteman in #19209
  • [Editor] Avoid to focus an existing editor when enabling the layer by @ calixteman in #19215
  • Move the pinch stuff in its own file in order to use for editors by @ calixteman in #19216
  • [Editor] Add the ability to resize an editor in using a pinch gesture by @ calixteman in #19219
  • Don't remove trailing regular spaces from the "raw" response headers (issue 19205) by @ Snuffleupagus in #19214
  • [api-minor] Remove deprecated getDocument options (PR 18776 follow-up) by @ Snuffleupagus in #19224
  • Bump library version to 4.10 by @ Snuffleupagus in #19225
  • Disable touch-zooming, in the viewer, if AbortSignal.any is unsupported (PR 19216 follow-up) by @ Snuffleupagus in #19226
  • Add basic support for non-embedded HelveticaLTStd-Bold fonts (issue 19234) by @ Snuffleupagus in #19236
  • Take the absolute value of the font size when the annotation contents is in xhtml (bug 1938087) by @ calixteman in #19238
  • Disable the handle reading ranges with missing/invalid "Content-Range" header unit-test in Google Chrome (PR 19114 follow-up) by @ Snuffleupagus in #19237
  • Fix left offset when scrolling to search result by @ nicolo-ribaudo in #19232
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #19243
  • Add missing startWorkerTask calls in the "SaveDocument" handler by @ Snuffleupagus in #19246
  • Improve the test folder structure by @ timvandermeij in #19254
  • Remove mention of Bower from the README (PR 15390 follow-up) by @ Snuffleupagus in #19258
  • Shorten some if-statements in the src/core/ folder by @ Snuffleupagus in #19260
  • Remove the unused glyphNameMap parameter from Type2Compiled by @ Snuffleupagus in #19263
  • Assert that the fontMatrix is always valid in compileGlyph by @ Snuffleupagus in #19262
  • Reduce duplication when handling "DocException" and "PasswordRequest" messages by @ Snuffleupagus in #19259
  • For images that include SMask/Mask entries, ignore an SMask defined in the current graphics state (bug 986450) by @ Snuffleupagus in #19269
  • Update l10n files by @ Snuffleupagus in #19271
  • Remove the requestRange/requestFull methods from the NetworkManager class by @ Snuffleupagus in #19273
• 4.9.155 - 2024-12-05
  

  This release primarily contains a bugfix for a Node.js-specific regression in the previous release; see #19145 and #19149 for context. Moreover, improvements for the annotation editor are included.

  Changes since v4.9.124

  • Bump the stable version in pdfjs.config by @ timvandermeij in #19139
  • Fix the clickable area for rotated ink annotations by @ calixteman in #19142
  • [Editor] Don't focus a newly added drawing if it isn't visible on screen by @ calixteman in #19144
  • [Editor] Make ink annotation editable by @ calixteman in #19151
  • Add test cases for redirected responses by @ Rob--W in #19074
  • Annotation deletion popup (bug 1899731) by @ ryzokuken in #18900
  • [Editor] Corrrectly get the words from the alt-text when reporting the telemetry (bug 1929311) by @ calixteman in #19155
  • Fix unused css variables (follow-up of #18900) by @ calixteman in #19160
  • Introduce Promise.try() usage in the code-base by @ Snuffleupagus in #19161
  • Correctly wait for the editor mode when double clicking on an annotation in integration tests by @ calixteman in #19163
  • Ensure that the .toggleButton, as used in the findbar, always have visible hover/focus state (issue 19165) by @ Snuffleupagus in #19172
  • [Editor] Correctly update the current drawing when zooming by @ calixteman in #19174
  • Avoid to display an alert or a confirm dialog if the message is empty by @ calixteman in #19177
  • Prevent Webpack from resolving import.meta.url statements during building (issue 19145) by @ Snuffleupagus in #19149
• 4.9.124 - 2024-12-01
  

  This release contains improvements for the annotation editor, form rendering, image conversion, text selection and the viewer.

  Changes since v4.8.69

  • Bump the stable version in pdfjs.config by @ timvandermeij in #18994
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #18995
  • Enable the "should have an alt attribute from toolTip" unit-test in Node.js by @ Snuffleupagus in #18998
  • Enable the 'gets PDF filename from query string appended to "blob:" URL' unit-test in Node.js by @ Snuffleupagus in #18997
  • Use the toBase64Util helper function in the unit-tests by @ Snuffleupagus in #18999
  • Install and use the most recent Node types for the types tests by @ timvandermeij in #19000
  • Fix the "must convert input to uppercase" scripting integration test by @ timvandermeij in #19001
  • [api-minor] Update the minimum supported Node.js version to 20, and only support the Fetch API for "remote" PDF documents in Node.js by @ Snuffleupagus in #18959
  • Fix error on empty response headers by @ CyberAndrii in #19010
  • Try to improve handling of missing trailer dictionaries in XRef.indexObjects (issue 18986) by @ Snuffleupagus in #19007
  • Shorten a few helper functions in src/core/core_utils.js by @ Snuffleupagus in #19005
  • Add helper functions to load image blob/bitmap data in test/unit/api_spec.js by @ Snuffleupagus in #19003
  • Bump library version to 4.9 by @ Snuffleupagus in #19002
  • Simplify toRomanNumerals function by @ calixteman in #19011
  • Fix Typo:XFATemplate class Para Styling paddingight => paddingRight by @ Snuffleupagus in #19012
  • Set the padding of the buttons in the toolbars to zero by @ calixteman in #19018
  • Shorten the Page.prototype.userUnit getter slightly by @ Snuffleupagus in #19019
  • [api-minor] Replace the canvas package with @ napi-rs/canvas by @ Snuffleupagus in #19015
  • Apply gradient when stroking text by @ calixteman in #19023
  • Disable ref test 'issue18896' for Chrome because it takes too much time by @ calixteman in #19024
  • Simplify saving added/modified annotations. by @ calixteman in #19026
  • Migrate to ESLint flat config by @ nicolo-ribaudo in #19029
  • Add a PartialEvaluator helper for fetching CMap and Standard Font data by @ Snuffleupagus in #19021
  • Use Python 3.13 in the GitHub workflows by @ timvandermeij in #19035
  • Update dependencies and translations to the most recent versions by @ timvandermeij in #19033
  • [api-minor] Add a getDocument option to disable ImageDecoder usage by @ Snuffleupagus in #19031
  • Remove the extensions/chromium/.eslintrc file (PR 19029 follow-up) by @ Snuffleupagus in #19052
  • Enable the ESLint no-var rule in the src/core/evaluator.js file by @ Snuffleupagus in #19050
  • Enable the ESLint no-console rule in parts of the code-base by @ Snuffleupagus in #19042
  • Avoid redundant CMap-value lookup in extendCMap (PR 5101 follow-up) by @ Snuffleupagus in #19057
  • Convert the Dict-implem...

[bluecheese007]

Hi @VadimDez can you pls merge this PR?