chore(deps): update dependency pypdf to v6

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
pypdf (changelog)	dependencies	major	^3.1.0 → ^6.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	CVE-2025-55197

---

Release Notes

py-pdf/pypdf (pypdf)

v6.0.0

Compare Source

New Features (ENH)

• Enhance XMP metadata handling with creation and setter methods (#​3410)
• Add all font metrics for base 14 Type 1 PDF fonts (#​3363)
• Allow deleting embedded files (#​3461)
• Add support for Python in FIPS mode for document identifier (#​3438)

Bug Fixes (BUG)

• Fix handling of UTF-16 encoded destination titles (#​3463)
• Guard empty input to prevent IndexError (#​3448)

Developer Experience (DEV)

• Fix type hint for XMP metadata setter to add bytes type (#​3464)

Full Changelog

v5.9.0

Compare Source

Security (SEC)

• Limit decompressed size for FlateDecode filter (#​3430)

Deprecations (DEP)

• Drop Python 3.8 support (#​3412)

New Features (ENH)

• Move BlackIs1 functionality to tiff_header (#​3421)

Robustness (ROB)

• Skip Go-To actions without a destination (#​3420)

Developer Experience (DEV)

• Update code style related libraries (#​3414)
• Update mypy to 1.17.0 (#​3413)
• Stop testing on Python 3.8 and start testing on Python 3.14 (#​3411)

Maintenance (MAINT)

• Cleanup deprecations (#​3424)

Full Changelog

v5.8.0

Compare Source

New Features (ENH)

• Automatically preserve links in added pages (#​3298)
• Allow writing/updating all properties of an embedded file (#​3374)

Bug Fixes (BUG)

• Fix XMP handling dropping indirect references (#​3392)

Robustness (ROB)

• Deal with DecodeParms being empty list (#​3388)

Documentation (DOC)

• Document how to read and modify XMP metadata (#​3383)

Full Changelog

v5.7.0

Compare Source

New Features (ENH)

• Implement flattening for writer (#​3312)

Bug Fixes (BUG)

• Unterminated object when using PdfWriter with incremental=True (#​3345)

Robustness (ROB)

• Resolve some image extraction edge cases (#​3371)
• Ignore faulty trailing newline during RLE decoding (#​3355)
• Gracefully handle odd-length strings in parse_bfchar (#​3348)

Developer Experience (DEV)

• Modernize license specifiers (#​3338)

Maintenance (MAINT)

• Reduce max-complexity of tool.ruff.lint.mccabe (#​3365)
• Refactor text extraction code

Full Changelog

v5.6.1

Compare Source

Performance Improvements (PI)

• Performance optimization for LZW decoding (#​3329)

Robustness (ROB)

• Flate decoding for streams with faulty tail bytes (#​3332)
• dc_creator could be a Bag as well (#​3333)
• Handle tree being NullObject when retrieving named destinations (#​3331)

Maintenance (MAINT)

• Move inline-image mappings to constants (#​3328)

Full Changelog

v5.6.0

Compare Source

New Features (ENH)

• Add PDF/A XMP metadata support (#​3314)

Robustness (ROB)

• Deal with annotations not being lists on merge (#​3321)
• Handle NullObject for cmap encoding Differences entry (#​3317)

Developer Experience (DEV)

• Update ruff to 0.12.0 (#​3316)

Full Changelog

v5.5.0

Compare Source

New Features (ENH)

• Add basic support for JBIG2 by using jbig2dec (#​3163)

Bug Fixes (BUG)

• Fix crashes by removing unnecessary line (#​3293)
• Add delimiters to NameObject.renumber_table (#​3286)

Robustness (ROB)

• Handle DecodeParms being a NullObject (#​3285)

Code Style (STY)

• Update to mypy 1.16.0 (#​3300)

Full Changelog

v5.4.0

Compare Source

New Features (ENH)

• Add support for IndirectObject.iter (#​3228)
• Allow filtering by font when removing text (#​3216)

Bug Fixes (BUG)

• Add missing named destinations being ByteStringObjects (#​3282)
• Get font information more reliably when removing text (#​3252)
• T* 2D Translation consistent with PDF 1.7 Spec (#​3250)
• Add font stack to q/Q operations in layout mode (#​3225)
• Avoid completely hiding image loading issues like exceeding image size limits (#​3221)
• Using compress_identical_objects on transformed content duplicates differing content (#​3197)
• Consider BlackIs1 parameter for CCITTFaxDecode filter (#​3196)

Robustness (ROB)

• Deal with insufficient cm matrix during text extraction (#​3283)
• Allow merging when annotations miss D entry (#​3281)
• Fix merging documents if there are no Dests (#​3280)
• Fix crash on malformed action in outline (#​3278)
• Fix compression issues for removed images which might be None (#​3246)
• Attempt to deal with non-rectangular FlateDecode streams (#​3245)
• Handle some None values for broken PDF files (#​3230)

Developer Experience (DEV)

• Multiple style improvements
• Update ruff to 0.11.0

Maintenance (MAINT)

• Conform ASCIIHexDecode implementation to specification (#​3274)
• Modify comments of filters that do not use decode_parms (#​3260)

Code Style (STY)

• Simplify warnings & debugging in layout mode text extraction (#​3271)
• Standardize mypy assert statements (#​3276)

Full Changelog

v5.3.1

Compare Source

New Features (ENH)

• Add support for IndirectObject.__contains__ (#​3155)

Bug Fixes (BUG)

• Fix detection of inline images followed by names or numbers (#​3173)

Robustness (ROB)

• Consider root objects without catalog type as fallback (#​3175)
• Raise proper error on infinite loop when reading objects (#​3169)

Documentation (DOC)

• Mention memory consumption of text extraction (#​3168)

Developer Experience (DEV)

• Upgrade to ruff 0.10.0 (#​3191)

Full Changelog

v5.3.0

Compare Source

Bug Fixes (BUG)

• Use the correct name StandardEncoding for the predefined cmap (#​3156)
• Handle inline images containing EI sequences (#​3152)
• Fix check box value which should be name object (#​3124)
• Fix stream position on inline image fallback extraction (#​3120)
• Fix object count for incremental writer (#​3117)

Robustness (ROB)

• Avoid index errors on empty lines in xref table (#​3162)
• Improve handling of LZW decoder table overflow (#​3159)
• Ignore non-numbers for width when building font width map (#​3158)
• Avoid negative seek values when reading partially broken files (#​3157)

Documentation (DOC)

• Fixed PageObject.images example usage for replacing image (#​3149)

Full Changelog

v5.2.0

Compare Source

New Features (ENH)

• Handle attachments in /Kids and provide object-oriented API (#​3108)

Bug Fixes (BUG)

• Handle annotations being None on merging (#​3111)

Robustness (ROB)

• Prevent excessive layout mode text output from Type3 fonts (#​3082)

Documentation (DOC)

• stefan6419846 becomes BDFL of pypdf (#​3078)
• Tidy the visitor function description (#​3086)

Developer Experience (DEV)

• Remove ignoring multiple Ruff rules
• Remove unused mutmut configuration (#​3092)

Testing (TST)

• Fix warning assertions to use pytest.warns() (#​3083)

Full Changelog

v5.1.0

Compare Source

Deprecations (DEP)

• Deprecate with replacement CCITParameters (#​3019)
• Correct deprecation of interiour_color (#​2947)

New Features (ENH)

• Support alternative (U)F names for embedded file retrieval (#​3072)
• Adding support for reading .metadata.keywords (#​2939)

Bug Fixes (BUG)

• Handle further Tf operators in text extraction layout mode (#​3073)
• Ensure add_metadata can deal with _info = None (#​3040)
• Handle IndirectObject in CCITTFaxDecode filter (#​2965)
• Handle chained colorspace for inline images when no filter is set (#​3008)
• Avoid extracting inline images twice and dropping other operators (#​3002)
• Fixed reference of value with str.__new__ in TextStringObject (#​2952)
• Handle indirect objects in font width calculations (#​2967)
• Title sometimes is bytes and not str (#​2930)
• Fix undefined variable for text extraction (regression) (#​2934)
• Don't close stream passed to PdfWriter.write() (#​2909)

Robustness (ROB)

• Handle zero height fonts when extracting text (#​3075)
• Deal with content streams not containing streams (#​3005)
• Gracefully handle some text operators when the operands are missing (#​3006)
• Fall back to non-Adobe Ascii85 format for missing end markers (#​3007)
• Ignore odd-length strings when processing cmap lines (#​3009)
• Skip annotation destination being NullObject in PdfWriter (#​2964)
• Skip destination page being None in PdfWriter (#​2963)
• Fix infinite loop case when reading null objects within an Array
• Fixing infinite loop in ArrayObject read_from_stream (#​2928)

Documentation (DOC)

• Add note about default line colors (#​3014)

Developer Experience (DEV)

• Remove ignoring Ruff rule PGH004 (#​3071)
• Tidy ignore array in tool.ruff.lint (#​3069)
• Move Windows CI to Python 3.13 (#​3003)
• Move to Ubuntu 22.04 (#​3004)

Maintenance (MAINT)

• Fix formatting of warning message and include exception message (#​3076)
• Narrow return type for ContentStream.operations (#​2941)

Testing (TST)

• Fix image similarity for upcoming Ubuntu 24.04 (#​3039)
• Replace broken Apache Tika Corpora urls (#​3041)

Code Style (STY)

• Add form feed to WHITESPACES (#​3054)
• Lots of small internal changes

Full Changelog

v5.0.1

Compare Source

New Features (ENH)

• Add layout_mode_font_height_weight argument to PageObject.extract_text() (#​2920)

Bug Fixes (BUG)

• Fix font specificier for FreeText annotation (#​2893)
• Line breaks are not generated due to incorrect calculation of text leading (#​2890)
• Improve handling of spaces in text extraction (#​2882)

Robustness (ROB)

• Soft failure for flate encode image mode 1 with wrong LUT size (#​2900)

Documentation (DOC)

• Use latest package versions (#​2907)
• Correct example of reading FileAttachment annotation (#​2906)

Developer Experience (DEV)

• Update pinned requirements (#​2918)
• Make make_release.py compatible with Windows environment (#​2894)

Maintenance (MAINT)

• Remove references to outdated Python versions (#​2919)
• Generalize the method of obtaining space_code (#​2891)
• Unnecessary character mapping process (#​2888)
• New LZW decoding implementation (#​2887)

Testing (TST)

• Add LzwCodec for encoding (#​2883)

Code Style (STY)

• Capitalize error messages (#​2903)
• Modify error messages in PdfWriter (#​2902)

Full Changelog

v5.0.0

Compare Source

New Features (ENH)

• Add full parameter to PdfWriter constructor (#​2865)

Bug Fixes (BUG)

• Update pyproject.toml with minimum Python version of 3.8 (#​2859)
• Cope with unbalanced delimiters in dictionary object (#​2878)
• Cope with encoding with too many differences (#​2873)
• Missing spaces in extract_text() method (#​1328) (#​2868)
• Tolerate truncated files and no warning when jumping startxref (#​2855)

Robustness (ROB)

• Repair PDF with invalid Root object (#​2880)
• Continue parsing dictionary object when error is detected (#​2872)
• Merge documents with invalid pages in named destinations (#​2857)
• Tolerate comments in arrays (#​2856)

Developer Experience (DEV)

• Use latest Python version for benchmarking (#​2879)

Maintenance (MAINT)

• Add tests to source distributions (#​2874)
• Refactor _update_field_annotation (#​2862)

Full Changelog

v4.3.1

Compare Source

This version drops support for Python 3.7 (not maintained since July 2023), PdfMerger (use PdfWriter instead) and AnnotationBuilder (use annotations instead).

Deprecations (DEP)

• Remove the deprecated PdfMerger and AnnotationBuilder classes and other deprecations cleanup (#​2813)
• Drop Python 3.7 support (#​2793)

New Features (ENH)

• Add capability to remove /Info from PDF (#​2820)
• Add incremental capability to PdfWriter (#​2811)
• Add UniGB-UTF16 encodings (#​2819)
• Accept utf strings for metadata (#​2802)
• Report PdfReadError instead of RecursionError (#​2800)
• Compress PDF files merging identical objects (#​2795)

Bug Fixes (BUG)

• Fix sheared image (#​2801)

Robustness (ROB)

• Robustify .set_data() (#​2821)
• Raise PdfReadError when missing /Root in trailer (#​2808)
• Fix extract_text() issues on damaged PDFs (#​2760)
• Handle images with empty data when processing an image from bytes (#​2786)

Developer Experience (DEV)

• Fix coverage uploads (#​2832)
• Test against Python 3.13 (#​2776)

Full Changelog

v4.3.0

Compare Source

Bug Fixes (BUG)

• Cope with Matrix entry in field annotations (#​2736)

Robustness (ROB)

• Cope with fields with upside down box/rectangle (#​2729)

Maintenance (MAINT)

• Add deprecate_with_replacement to StreamObject.initializeFromD… (#​2728)
• Deal with cryptography>=43 moving ARC4 (#​2765)

Full Changelog

v4.2.0

Compare Source

New Features (ENH)

• Accept ETen-B5 and UniCNS-UTF16 encodings (#​2721)
• Add decode_as_image() to ContentStreams (#​2615)
• context manager for PdfReader (#​2666)
• Add capability to set font and size in fields (#​2636)
• Allow to pass input file without named argument (#​2576)

Bug Fixes (BUG)

• Fix deprecation for Ressources when using old constants (#​2705)
• Fix images issue 4 bits encoding and LUT starting with UTF16_BOM (#​2675)
• Reading large compressed images takes huge time to process (#​2644)
• Highlighted Text Cannot Be Printed (#​2604)
• Fix UnboundLocalError on malformed pdf (#​2619)

Robustness (ROB)

• Cope with missing Standard 14 fonts in fields (#​2677)
• Improve inline image extraction (#​2622)
• Cope with loops in Fields tree (#​2656)
• Discard /I in choice fields for compatibility with Acrobat (#​2614)
• Cope with some issues in pillow (#​2595)
• Cope with some image extraction issues (#​2591)

Documentation (DOC)

• Various improvements on docstrings and examples

Maintenance (MAINT)

• Deprecate interiour_color with replacement interior_color (#​2706)
• Add deprecate_with_replacement to PdfWriter.find_bookmark (#​2674)

Code Style (STY)

• Change Link to be a non-markup annotation (#​2714)

Full Changelog

v4.1.0

Compare Source

New Features (ENH)

• Allow multiple charsets for NameObject.read_from_stream (#​2585)
• Add support for /Kids in page labels (#​2562)
• Allow to update fields on many pages (#​2571)
• Tolerate PDF with invalid xref pointed objects (#​2335)
• Add Enforce from PDF2.0 in viewer_preferences (#​2511)
• Add += and -= operators to ArrayObject (#​2510)

Bug Fixes (BUG)

• Fix merge_page sometimes generating unknown operator 'QQ' (#​2588)
• Fix fields update where annotations are kids of field (#​2570)
• Process CMYK images without a filter correctly (#​2557)
• Extract text in layout mode without finding resources (#​2555)
• Prevent recursive loop in some PDF files (#​2505)

Robustness (ROB)

• Tolerate "truncated" xref (#​2580)
• Replace error by warning for EOD in RunLengthDecode/ASCIIHexDecode (#​2334)
• Rebuild xref table if one entry is invalid (#​2528)
• Robustify stream extraction (#​2526)

Documentation (DOC)

• Update release process for latest changes (#​2564)
• Encryption/decryption: Clone document instead of copying all pages (#​2546)
• Minor improvements (#​2542)
• Update annotation list (#​2534)
• Update references and formatting (#​2529)
• Correct threads reference, plus minor changes (#​2521)
• Minor readability increases (#​2515)
• Simplify PaperSize examples (#​2504)
• Minor improvements (#​2501)

Developer Experience (DEV)

• Remove unused dependencies (#​2572)
• Remove page labels PR link from message (#​2561)
• Fix changelog generator regarding whitespace and handling of "Other" group (#​2492)
• Add REL to known PR prefixes (#​2554)
• Release using the REL commit instead of git tag (#​2500)
• Unify code between PdfReader and PdfWriter (#​2497)
• Bump softprops/action-gh-release from 1 to 2 (#​2514)

Maintenance (MAINT)

• Ressources → Resources (and internal name childs) (#​2550)
• Fix typos found by codespell (#​2549)
• Update Read the Docs configuration (#​2538)
• Add root_object, _info and _ID to PdfReader (#​2495)

Testing (TST)

• Allow loading truncated images if required (#​2586)
• Fix download issues from #​2562 (#​2578)
• Improve test_get_contents_from_nullobject to show real use-case (#​2524)
• Add missing test annotations (#​2507)

Full Changelog

v4.0.2

Compare Source

Generating name objects (NameObject) without a leading slash
is considered deprecated now. Previously, just a plain warning
would be logged, leading to possibly invalid PDF files. According
to our deprecation policy, this will log a DeprecationWarning
for now.

New Features (ENH)

• Add get_pages_from_field (#​2494)
• Add reattach_fields function (#​2480)
• Automatic access to pointed object for IndirectObject (#​2464)

Bug Fixes (BUG)

• Missing error on name without leading / (#​2387)
• encode_pdfdocencoding() always returns bytes (#​2440)
• BI in text content identified as image tag (#​2459)

Robustness (ROB)

• Missing basefont entry in type 3 font (#​2469)

Documentation (DOC)

• Improve lossless compression example (#​2488)
• Amend robustness documentation (#​2479)

Developer Experience (DEV)

• Fix changelog for UTF-8 characters (#​2462)

Maintenance (MAINT)

• Add _get_page_number_from_indirect in writer (#​2493)
• Remove user assignment for feature requests (#​2483)
• Remove reference to old 2.0.0 branch (#​2482)

Testing (TST)

• Fix benchmark failures (#​2481)
• Broken test due to expired test file URL (#​2468)
• Resolve file naming conflict in test_iss1767 (#​2445)

Full Changelog

v4.0.1

Compare Source

Bug Fixes (BUG)

• Use NumberObject for /Border elements of annotations (#​2451)

Full Changelog

v4.0.0

Compare Source

Bug Fixes (BUG)

• layout mode text extraction ZeroDivisionError (#​2417)

Testing (TST)

• Skip tests using fpdf2 if it's not installed (#​2419)

Full Changelog

---

• If you want to rebase/retry this PR, check this box