Skip to content

chore(deps): bump pypdf from 5.3.0 to 6.13.3#98

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pypdf-6.13.3
Open

chore(deps): bump pypdf from 5.3.0 to 6.13.3#98
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pypdf-6.13.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps pypdf from 5.3.0 to 6.13.3.

Release notes

Sourced from pypdf's releases.

Version 6.13.3, 2026-06-17

What's new

Security (SEC)

Performance Improvements (PI)

Robustness (ROB)

Maintenance (MAINT)

Full Changelog

Version 6.13.2, 2026-06-10

What's new

Security (SEC)

Robustness (ROB)

Full Changelog

Version 6.13.1, 2026-06-08

What's new

Security (SEC)

Full Changelog

Version 6.13.0, 2026-06-05

What's new

Security (SEC)

New Features (ENH)

Robustness (ROB)

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.13.3, 2026-06-17

Security (SEC)

  • Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)

Performance Improvements (PI)

  • Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)

Robustness (ROB)

  • Several fixes

Maintenance (MAINT)

  • Make mypy assert messages consistent (#3849)

Full Changelog

Version 6.13.2, 2026-06-10

Security (SEC)

  • Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847)

Robustness (ROB)

  • Fix UnboundLocalError in _read_standard_xref_table on a malformed entry (#3841)
  • Raise PdfStreamError on non-hexadecimal bytes in hex readers (#3832)

Full Changelog

Version 6.13.1, 2026-06-08

Security (SEC)

  • Prevent infinite loops when processing threads/articles (#3839)

Full Changelog

Version 6.13.0, 2026-06-05

Security (SEC)

  • Avoid infinite loops for outlines and text extraction (#3830)

New Features (ENH)

  • Add Japanese predefined CMaps (#3800)
  • Font: Collect all character widths, not only those that can be unicode mapped (#3798)

Robustness (ROB)

  • Recover a corrupt trailing startxref pointer (closes #3238) (#3826)
  • Handle /Pages node without /Kids during flattening (#3825)
  • Accept inline image EI marker at the end of a content stream (#3827)

Maintenance (MAINT)

  • Type the always-raising deprecation helpers as NoReturn (#3819)

... (truncated)

Commits
  • 9aa05e7 REL: 6.13.3
  • bbd083d SEC: Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)
  • d5cd266 ROB: Guard text operators against missing operands in extract_text (#3861)
  • 82f1f90 ROB: Tolerate malformed /Limits in index2label (#3858)
  • 0276a6f PI: Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)
  • 41a9c3c MAINT: Make mypy assert messages consistent (#3849)
  • d1bba60 MAINT: Increase readability of PdfDocCommon (#3834)
  • 53b6fbc DEV: Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#3859)
  • e07c223 MAINT: Enforce G004 (no f-strings in logging) (#3845)
  • 5270f76 ROB: Guard zero unitsPerEm in from_truetype_font_file (#3846)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump pypdf from 5.3.0 to 6.13.3
baceef5 
Bumps [pypdf](https://github.com/py-pdf/pypdf) from 5.3.0 to 6.13.3.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@5.3.0...6.13.3)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.13.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 18, 2026
@dependabot dependabot Bot mentioned this pull request Jun 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants