From b34a726acd25b296ac11353528ce91ee1cf004ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Apr 2026 18:43:19 +0800
Subject: [PATCH] Build(deps): Bump pypdf from 6.9.2 to 6.10.2 (#14184)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.9.2 to 6.10.2.
Release notes
Sourced from pypdf's
releases.
Version 6.10.2, 2026-04-15
What's new
Security (SEC)
Full
Changelog
Version 6.10.1, 2026-04-14
What's new
Security (SEC)
Robustness (ROB)
Documentation (DOC)
Full
Changelog
Version 6.10.0, 2026-04-10
What's new
Security (SEC)
New Features (ENH)
- Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)
by
@Ygnas
Bug Fixes (BUG)
- Use remove_orphans in compress_identical_objects (#3310)
by
@j-t-1
- Fix PdfReadError when xref table contains comments before trailer
(#3710)
by
@rassie
- Correctly verify AES padding during decryption (#3699)
by
@stefan6419846
- Fix stale object cache from non-authoritative object streams (#3698)
by
@astahlman
- Fix extract_links pairing when annotations include non-links (#3687)
by
@ReinerBRO
Documentation (DOC)
Full
Changelog
Changelog
Sourced from pypdf's
changelog.
Version 6.10.2, 2026-04-15
Security (SEC)
- Do not rely on possibly invalid /Size for incremental cloning (#3735)
- Introduce limits for FlateDecode parameters and image decoding (#3734)
Full
Changelog
Version 6.10.1, 2026-04-14
Security (SEC)
- Limit the allowed size of xref and object streams (#3733)
Robustness (ROB)
- Consider strict mode setting for decryption errors (#3731)
Documentation (DOC)
- Use new parameter names for compress_identical_objects
Full
Changelog
Version 6.10.0, 2026-04-10
Security (SEC)
- Disallow custom XML entity declarations for XMP metadata (#3724)
New Features (ENH)
- Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)
Bug Fixes (BUG)
- Use remove_orphans in compress_identical_objects (#3310)
- Fix PdfReadError when xref table contains comments before trailer
(#3710)
- Correctly verify AES padding during decryption (#3699)
- Fix stale object cache from non-authoritative object streams (#3698)
- Fix extract_links pairing when annotations include non-links (#3687)
Documentation (DOC)
Full
Changelog
Commits
c476b4f
REL: 6.10.2c50a010
SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)ac734da
SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)b49e7eb
REL: 6.10.162338e9
SEC: Limit the allowed size of xref and object streams (#3733)5dcc0ae
DEV: Update pytest-benchmark to 5.2.3b42e4aa
DEV: Update pinned pillow and pytest where possible (#3732)717446b
ROB: Consider strict mode setting for decryption errors (#3731)9e461d3
DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)500d09d
TST: Update test_embedded_file__basic to use
tmp_path fixture (#3726)- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/infiniflow/ragflow/network/alerts).
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
pyproject.toml | 2 +-
uv.lock | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/pyproject.toml b/pyproject.toml
index 8f6cd4a669..dcd2898faf 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -82,7 +82,7 @@ dependencies = [
"pyobvector==0.2.22",
"pyodbc>=5.2.0,<6.0.0",
"pypandoc>=1.16",
- "pypdf>=6.8.0",
+ "pypdf>=6.10.2",
"python-calamine>=0.4.0",
"python-docx>=1.1.2,<2.0.0",
"python-pptx>=1.0.2,<2.0.0",
diff --git a/uv.lock b/uv.lock
index 15393287cd..d355ed7fa9 100644
--- a/uv.lock
+++ b/uv.lock
@@ -6057,11 +6057,11 @@ wheels = [
[[package]]
name = "pypdf"
-version = "6.9.2"
+version = "6.10.2"
source = { registry = "https://mirrors.aliyun.com/pypi/simple" }
-sdist = { url = "https://mirrors.aliyun.com/pypi/packages/31/83/691bdb309306232362503083cb15777491045dd54f45393a317dc7d8082f/pypdf-6.9.2.tar.gz", hash = "sha256:7f850faf2b0d4ab936582c05da32c52214c2b089d61a316627b5bfb5b0dab46c" }
+sdist = { url = "https://mirrors.aliyun.com/pypi/packages/7b/3f/9f2167401c2e94833ca3b69535bad89e533b5de75fefe4197a2c224baec2/pypdf-6.10.2.tar.gz", hash = "sha256:7d09ce108eff6bf67465d461b6ef352dcb8d84f7a91befc02f904455c6eea11d" }
wheels = [
- { url = "https://mirrors.aliyun.com/pypi/packages/a5/7e/c85f41243086a8fe5d1baeba527cb26a1918158a565932b41e0f7c0b32e9/pypdf-6.9.2-py3-none-any.whl", hash = "sha256:662cf29bcb419a36a1365232449624ab40b7c2d0cfc28e54f42eeecd1fd7e844" },
+ { url = "https://mirrors.aliyun.com/pypi/packages/0c/d6/1d5c60cc17bbdf37c1552d9c03862fc6d32c5836732a0415b2d637edc2d0/pypdf-6.10.2-py3-none-any.whl", hash = "sha256:aa53be9826655b51c96741e5d7983ca224d898ac0a77896e64636810517624aa" },
]
[[package]]
@@ -6755,7 +6755,7 @@ requires-dist = [
{ name = "pyobvector", specifier = "==0.2.22" },
{ name = "pyodbc", specifier = ">=5.2.0,<6.0.0" },
{ name = "pypandoc", specifier = ">=1.16" },
- { name = "pypdf", specifier = ">=6.8.0" },
+ { name = "pypdf", specifier = ">=6.10.2" },
{ name = "python-calamine", specifier = ">=0.4.0" },
{ name = "python-docx", specifier = ">=1.1.2,<2.0.0" },
{ name = "python-gitlab", specifier = ">=7.0.0" },