Skip to content

Commit 0ef3206

Browse files
a-klosrenovate-bot
andauthored
chore(deps): update dependency pypdf to v6.13.3 [security] (#420)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [pypdf](https://redirect.github.com/py-pdf/pypdf) ([changelog](https://pypdf.readthedocs.io/en/latest/meta/CHANGELOG.html)) | `6.13.0` -> `6.13.3` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pypdf/6.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pypdf/6.13.0/6.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [GHSA-jm82-fx9c-mx94](https://redirect.github.com/py-pdf/pypdf/security/advisories/GHSA-jm82-fx9c-mx94) ### Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as `MAX_DECLARED_STREAM_LENGTH` is sometimes ignored. This requires parsing a content stream without a `/Length` value. ### Patches This has been fixed in [pypdf==6.13.3](https://redirect.github.com/py-pdf/pypdf/releases/tag/6.13.3). ### Workarounds If you cannot upgrade yet, consider applying the changes from PR [#&#8203;3871](https://redirect.github.com/py-pdf/pypdf/pull/3871). --- ### Release Notes <details> <summary>py-pdf/pypdf (pypdf)</summary> ### [`v6.13.3`](https://redirect.github.com/py-pdf/pypdf/blob/HEAD/CHANGELOG.md#Version-6140-2026-06-22) [Compare Source](https://redirect.github.com/py-pdf/pypdf/compare/6.13.2...6.13.3) ##### Security (SEC) - Apply general limit for requested image size ([#&#8203;3888](https://redirect.github.com/py-pdf/pypdf/issues/3888)) - Speed up recovery when reading broken cross-reference table ([#&#8203;3887](https://redirect.github.com/py-pdf/pypdf/issues/3887)) ##### New Features (ENH) - Check whether image is displayed on a given page ([#&#8203;3738](https://redirect.github.com/py-pdf/pypdf/issues/3738)) ##### Robustness (ROB) - Several fixes [Full Changelog](https://redirect.github.com/py-pdf/pypdf/compare/6.13.3...6.14.0) ### [`v6.13.2`](https://redirect.github.com/py-pdf/pypdf/blob/HEAD/CHANGELOG.md#Version-6133-2026-06-17) [Compare Source](https://redirect.github.com/py-pdf/pypdf/compare/6.13.1...6.13.2) ##### Security (SEC) - Apply MAX\_DECLARED\_STREAM\_LENGTH to streams without length as well ([#&#8203;3871](https://redirect.github.com/py-pdf/pypdf/issues/3871)) ##### Performance Improvements (PI) - Avoid per-pixel getpixel loop for 1-bit indexed images ([#&#8203;3854](https://redirect.github.com/py-pdf/pypdf/issues/3854)) ##### Robustness (ROB) - Several fixes ##### Maintenance (MAINT) - Make mypy assert messages consistent ([#&#8203;3849](https://redirect.github.com/py-pdf/pypdf/issues/3849)) [Full Changelog](https://redirect.github.com/py-pdf/pypdf/compare/6.13.2...6.13.3) ### [`v6.13.1`](https://redirect.github.com/py-pdf/pypdf/blob/HEAD/CHANGELOG.md#Version-6132-2026-06-10) [Compare Source](https://redirect.github.com/py-pdf/pypdf/compare/6.13.0...6.13.1) ##### Security (SEC) - Detect multi-hop cyclic /Pages trees in \_flatten to prevent SIGSEGV ([#&#8203;3847](https://redirect.github.com/py-pdf/pypdf/issues/3847)) ##### Robustness (ROB) - Fix UnboundLocalError in \_read\_standard\_xref\_table on a malformed entry ([#&#8203;3841](https://redirect.github.com/py-pdf/pypdf/issues/3841)) - Raise PdfStreamError on non-hexadecimal bytes in hex readers ([#&#8203;3832](https://redirect.github.com/py-pdf/pypdf/issues/3832)) [Full Changelog](https://redirect.github.com/py-pdf/pypdf/compare/6.13.1...6.13.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJweXRob24iLCJyZW5vdmF0ZSJdfQ==--> Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>
1 parent 4447e3e commit 0ef3206

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

libs/extractor-api-lib/poetry.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)