Skip to content

build(deps): bump pypdf from 6.9.1 to 6.14.2 in /sdk#3279

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/sdk/pypdf-6.13.3
Open

build(deps): bump pypdf from 6.9.1 to 6.14.2 in /sdk#3279
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/sdk/pypdf-6.13.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps pypdf from 6.9.1 to 6.14.2.

Release notes

Sourced from pypdf's releases.

Version 6.14.2, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.1, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.0, 2026-06-22

What's new

Security (SEC)

New Features (ENH)

Robustness (ROB)

Full Changelog

Version 6.13.3, 2026-06-17

What's new

Security (SEC)

Performance Improvements (PI)

Robustness (ROB)

Maintenance (MAINT)

Full Changelog

Version 6.13.2, 2026-06-10

What's new

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.14.2, 2026-06-23

Security (SEC)

  • Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (#3892)

Full Changelog

Version 6.14.1, 2026-06-23

Security (SEC)

  • Detect end of stream during inline image end marker detection (#3891)

Full Changelog

Version 6.14.0, 2026-06-22

Security (SEC)

  • Apply general limit for requested image size (#3888)
  • Speed up recovery when reading broken cross-reference table (#3887)

New Features (ENH)

  • Check whether image is displayed on a given page (#3738)

Robustness (ROB)

  • Several fixes

Full Changelog

Version 6.13.3, 2026-06-17

Security (SEC)

  • Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)

Performance Improvements (PI)

  • Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)

Robustness (ROB)

  • Several fixes

Maintenance (MAINT)

  • Make mypy assert messages consistent (#3849)

Full Changelog

Version 6.13.2, 2026-06-10

Security (SEC)

  • Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847)

Robustness (ROB)

... (truncated)

Commits
  • 2266ee8 REL: 6.14.2
  • 5a33a46 SEC: Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (...
  • 1ee4e58 REL: 6.14.1
  • ec3b145 SEC: Detect end of stream during inline image end marker detection (#3891)
  • c6cd82e ROB: Tolerate malformed inline image settings in _read_inline_image (#3889)
  • 0ae42ba ROB: Tolerate malformed page label entries in get_label_from_nums (#3884)
  • 50617b5 ROB: Tolerate malformed Tm operand count in extract_text (#3877)
  • 86e5a82 MAINT: Improve readability (#3874)
  • 83cb25f DEV: Fix sample files commit
  • 06588ec REL: 6.14.0
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Comment thread sdk/pyproject.toml Outdated
"openpyxl>=3.1.5",
"orjson==3.10",
"pypdf==6.9.1",
"pypdf==6.13.3",

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pypdf 从 6.9.1 升级到 6.13.3 包含多个安全修复(防止无限循环、循环引用检测等)。这是一个相对安全的升级,但建议确认项目中 pypdf 的使用方式是否受新版本中 font 处理变更的影响(6.13.0 修改了 font character 的 unicode 映射逻辑)。

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.9.1 to 6.14.2.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.9.1...6.14.2)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.13.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the base branch from main to develop July 14, 2026 03:14
@dependabot dependabot Bot force-pushed the dependabot/pip/sdk/pypdf-6.13.3 branch from d9cab27 to 4367853 Compare July 14, 2026 03:14
@dependabot dependabot Bot changed the title chore(deps): bump pypdf from 6.9.1 to 6.13.3 in /sdk build(deps): bump pypdf from 6.9.1 to 6.14.2 in /sdk Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant