fix: bump react-pdf and pdfjs-dist to handle cve

Bumps ReactPDF and pdfjs-dist to avoid the CVE that allows
for code execution in pdf's. This change doesn't specifically
upgrade to the latest pdfjs-dist due to issues with top level
await, instead disabling the evaluation of javascript within
the PDF.

packages/ui/package.json

@@ -63,15 +63,17 @@
     "lucide-react": "^0.279.0",
     "luxon": "^3.4.2",
     "next": "14.0.3",
-    "pdfjs-dist": "3.6.172",
+    "pdfjs-dist": "3.11.174",
+    "react": "18.2.0",
     "react-colorful": "^5.6.1",
     "react-day-picker": "^8.7.1",
+    "react-dom": "18.2.0",
     "react-hook-form": "^7.45.4",
-    "react-pdf": "7.3.3",
+    "react-pdf": "7.7.3",
     "react-rnd": "^10.4.1",
     "tailwind-merge": "^1.12.0",
     "tailwindcss-animate": "^1.0.5",
     "ts-pattern": "^5.0.5",
     "zod": "^3.22.4"
   }
-}
+}