Merge branch 'security-55503-fix-pdf-js-vulnerability' into 'master'

Fix PDF.js vulnerability

See merge request gitlab/gitlabhq!2999

app/assets/javascripts/pdf/index.vue

@@ -28,7 +28,7 @@ export default {
   },
   watch: { pdf: 'load' },
   mounted() {
-    pdfjsLib.PDFJS.workerSrc = workerSrc;
+    pdfjsLib.GlobalWorkerOptions.workerSrc = workerSrc;
     if (this.hasPDF) this.load();
   },
   methods: {

changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml

+---
+title: Fix PDF.js vulnerability
+merge_request:
+author:
+type: security

spec/javascripts/pdf/index_spec.js

 import Vue from 'vue';
-import { PDFJS } from 'vendor/pdf';
+import { GlobalWorkerOptions } from 'vendor/pdf';
 import workerSrc from 'vendor/pdf.worker.min';
 import PDFLab from '~/pdf/index.vue';
 import pdf from '../fixtures/blob/pdf/test.pdf';
-PDFJS.workerSrc = workerSrc;
+GlobalWorkerOptions.workerSrc = workerSrc;
 const Component = Vue.extend(PDFLab);
 describe('PDF component', () => {

spec/javascripts/pdf/page_spec.js

@@ -12,7 +12,7 @@ describe('Page component', () => {
   let testPage;
   beforeEach(done => {
-    pdfjsLib.PDFJS.workerSrc = workerSrc;
+    pdfjsLib.GlobalWorkerOptions.workerSrc = workerSrc;
     pdfjsLib
       .getDocument(testPDF)
       .then(pdf => pdf.getPage(1))