Skip to content

chore(deps): update dependency pypdf to v6#9

Open
dev-mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/pypdf-6.x
Open

chore(deps): update dependency pypdf to v6#9
dev-mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/pypdf-6.x

Conversation

@dev-mend-for-github-com
Copy link

This PR contains the following updates:

Package Type Update Change
pypdf (changelog) dependencies major ^3.1.0^6.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability Reachability
High High 7.5 CVE-2025-55197

Release Notes

py-pdf/pypdf (pypdf)

v6.0.0

Compare Source

New Features (ENH)
  • Enhance XMP metadata handling with creation and setter methods (#​3410)
  • Add all font metrics for base 14 Type 1 PDF fonts (#​3363)
  • Allow deleting embedded files (#​3461)
  • Add support for Python in FIPS mode for document identifier (#​3438)
Bug Fixes (BUG)
  • Fix handling of UTF-16 encoded destination titles (#​3463)
  • Guard empty input to prevent IndexError (#​3448)
Developer Experience (DEV)
  • Fix type hint for XMP metadata setter to add bytes type (#​3464)

Full Changelog

v5.9.0

Compare Source

Security (SEC)
  • Limit decompressed size for FlateDecode filter (#​3430)
Deprecations (DEP)
New Features (ENH)
  • Move BlackIs1 functionality to tiff_header (#​3421)
Robustness (ROB)
  • Skip Go-To actions without a destination (#​3420)
Developer Experience (DEV)
  • Update code style related libraries (#​3414)
  • Update mypy to 1.17.0 (#​3413)
  • Stop testing on Python 3.8 and start testing on Python 3.14 (#​3411)
Maintenance (MAINT)

Full Changelog

v5.8.0

Compare Source

New Features (ENH)
  • Automatically preserve links in added pages (#​3298)
  • Allow writing/updating all properties of an embedded file (#​3374)
Bug Fixes (BUG)
  • Fix XMP handling dropping indirect references (#​3392)
Robustness (ROB)
  • Deal with DecodeParms being empty list (#​3388)
Documentation (DOC)
  • Document how to read and modify XMP metadata (#​3383)

Full Changelog

v5.7.0

Compare Source

New Features (ENH)
  • Implement flattening for writer (#​3312)
Bug Fixes (BUG)
  • Unterminated object when using PdfWriter with incremental=True (#​3345)
Robustness (ROB)
  • Resolve some image extraction edge cases (#​3371)
  • Ignore faulty trailing newline during RLE decoding (#​3355)
  • Gracefully handle odd-length strings in parse_bfchar (#​3348)
Developer Experience (DEV)
  • Modernize license specifiers (#​3338)
Maintenance (MAINT)
  • Reduce max-complexity of tool.ruff.lint.mccabe (#​3365)
  • Refactor text extraction code

Full Changelog

v5.6.1

Compare Source

Performance Improvements (PI)
  • Performance optimization for LZW decoding (#​3329)
Robustness (ROB)
  • Flate decoding for streams with faulty tail bytes (#​3332)
  • dc_creator could be a Bag as well (#​3333)
  • Handle tree being NullObject when retrieving named destinations (#​3331)
Maintenance (MAINT)
  • Move inline-image mappings to constants (#​3328)

Full Changelog

v5.6.0

Compare Source

New Features (ENH)
  • Add PDF/A XMP metadata support (#​3314)
Robustness (ROB)
  • Deal with annotations not being lists on merge (#​3321)
  • Handle NullObject for cmap encoding Differences entry (#​3317)
Developer Experience (DEV)

Full Changelog

v5.5.0

Compare Source

New Features (ENH)
  • Add basic support for JBIG2 by using jbig2dec (#​3163)
Bug Fixes (BUG)
  • Fix crashes by removing unnecessary line (#​3293)
  • Add delimiters to NameObject.renumber_table (#​3286)
Robustness (ROB)
  • Handle DecodeParms being a NullObject (#​3285)
Code Style (STY)

Full Changelog

v5.4.0

Compare Source

New Features (ENH)
  • Add support for IndirectObject.iter (#​3228)
  • Allow filtering by font when removing text (#​3216)
Bug Fixes (BUG)
  • Add missing named destinations being ByteStringObjects (#​3282)
  • Get font information more reliably when removing text (#​3252)
  • T* 2D Translation consistent with PDF 1.7 Spec (#​3250)
  • Add font stack to q/Q operations in layout mode (#​3225)
  • Avoid completely hiding image loading issues like exceeding image size limits (#​3221)
  • Using compress_identical_objects on transformed content duplicates differing content (#​3197)
  • Consider BlackIs1 parameter for CCITTFaxDecode filter (#​3196)
Robustness (ROB)
  • Deal with insufficient cm matrix during text extraction (#​3283)
  • Allow merging when annotations miss D entry (#​3281)
  • Fix merging documents if there are no Dests (#​3280)
  • Fix crash on malformed action in outline (#​3278)
  • Fix compression issues for removed images which might be None (#​3246)
  • Attempt to deal with non-rectangular FlateDecode streams (#​3245)
  • Handle some None values for broken PDF files (#​3230)
Developer Experience (DEV)
  • Multiple style improvements
  • Update ruff to 0.11.0
Maintenance (MAINT)
  • Conform ASCIIHexDecode implementation to specification (#​3274)
  • Modify comments of filters that do not use decode_parms (#​3260)
Code Style (STY)
  • Simplify warnings & debugging in layout mode text extraction (#​3271)
  • Standardize mypy assert statements (#​3276)

Full Changelog

v5.3.1

Compare Source

New Features (ENH)
  • Add support for IndirectObject.__contains__ (#​3155)
Bug Fixes (BUG)
  • Fix detection of inline images followed by names or numbers (#​3173)
Robustness (ROB)
  • Consider root objects without catalog type as fallback (#​3175)
  • Raise proper error on infinite loop when reading objects (#​3169)
Documentation (DOC)
  • Mention memory consumption of text extraction (#​3168)
Developer Experience (DEV)

Full Changelog

v5.3.0

Compare Source

Bug Fixes (BUG)
  • Use the correct name StandardEncoding for the predefined cmap (#​3156)
  • Handle inline images containing EI sequences (#​3152)
  • Fix check box value which should be name object (#​3124)
  • Fix stream position on inline image fallback extraction (#​3120)
  • Fix object count for incremental writer (#​3117)
Robustness (ROB)
  • Avoid index errors on empty lines in xref table (#​3162)
  • Improve handling of LZW decoder table overflow (#​3159)
  • Ignore non-numbers for width when building font width map (#​3158)
  • Avoid negative seek values when reading partially broken files (#​3157)
Documentation (DOC)
  • Fixed PageObject.images example usage for replacing image (#​3149)

Full Changelog

v5.2.0

Compare Source

New Features (ENH)
  • Handle attachments in /Kids and provide object-oriented API (#​3108)
Bug Fixes (BUG)
  • Handle annotations being None on merging (#​3111)
Robustness (ROB)
  • Prevent excessive layout mode text output from Type3 fonts (#​3082)
Documentation (DOC)
  • stefan6419846 becomes BDFL of pypdf (#​3078)
  • Tidy the visitor function description (#​3086)
Developer Experience (DEV)
  • Remove ignoring multiple Ruff rules
  • Remove unused mutmut configuration (#​3092)
Testing (TST)
  • Fix warning assertions to use pytest.warns() (#​3083)

Full Changelog

v5.1.0

Compare Source

Deprecations (DEP)
  • Deprecate with replacement CCITParameters (#​3019)
  • Correct deprecation of interiour_color (#​2947)
New Features (ENH)
  • Support alternative (U)F names for embedded file retrieval (#​3072)
  • Adding support for reading .metadata.keywords (#​2939)
Bug Fixes (BUG)
  • Handle further Tf operators in text extraction layout mode (#​3073)
  • Ensure add_metadata can deal with _info = None (#​3040)
  • Handle IndirectObject in CCITTFaxDecode filter (#​2965)
  • Handle chained colorspace for inline images when no filter is set (#​3008)
  • Avoid extracting inline images twice and dropping other operators (#​3002)
  • Fixed reference of value with str.__new__ in TextStringObject (#​2952)
  • Handle indirect objects in font width calculations (#​2967)
  • Title sometimes is bytes and not str (#​2930)
  • Fix undefined variable for text extraction (regression) (#​2934)
  • Don't close stream passed to PdfWriter.write() (#​2909)
Robustness (ROB)
  • Handle zero height fonts when extracting text (#​3075)
  • Deal with content streams not containing streams (#​3005)
  • Gracefully handle some text operators when the operands are missing (#​3006)
  • Fall back to non-Adobe Ascii85 format for missing end markers (#​3007)
  • Ignore odd-length strings when processing cmap lines (#​3009)
  • Skip annotation destination being NullObject in PdfWriter (#​2964)
  • Skip destination page being None in PdfWriter (#​2963)
  • Fix infinite loop case when reading null objects within an Array
  • Fixing infinite loop in ArrayObject read_from_stream (#​2928)
Documentation (DOC)
  • Add note about default line colors (#​3014)
Developer Experience (DEV)
  • Remove ignoring Ruff rule PGH004 (#​3071)
  • Tidy ignore array in tool.ruff.lint (#​3069)
  • Move Windows CI to Python 3.13 (#​3003)
  • Move to Ubuntu 22.04 (#​3004)
Maintenance (MAINT)
  • Fix formatting of warning message and include exception message (#​3076)
  • Narrow return type for ContentStream.operations (#​2941)
Testing (TST)
  • Fix image similarity for upcoming Ubuntu 24.04 (#​3039)
  • Replace broken Apache Tika Corpora urls (#​3041)
Code Style (STY)
  • Add form feed to WHITESPACES (#​3054)
  • Lots of small internal changes

Full Changelog

v5.0.1

Compare Source

New Features (ENH)
  • Add layout_mode_font_height_weight argument to PageObject.extract_text() (#​2920)
Bug Fixes (BUG)
  • Fix font specificier for FreeText annotation (#​2893)
  • Line breaks are not generated due to incorrect calculation of text leading (#​2890)
  • Improve handling of spaces in text extraction (#​2882)
Robustness (ROB)
  • Soft failure for flate encode image mode 1 with wrong LUT size (#​2900)
Documentation (DOC)
  • Use latest package versions (#​2907)
  • Correct example of reading FileAttachment annotation (#​2906)
Developer Experience (DEV)
  • Update pinned requirements (#​2918)
  • Make make_release.py compatible with Windows environment (#​2894)
Maintenance (MAINT)
  • Remove references to outdated Python versions (#​2919)
  • Generalize the method of obtaining space_code (#​2891)
  • Unnecessary character mapping process (#​2888)
  • New LZW decoding implementation (#​2887)
Testing (TST)
Code Style (STY)
  • Capitalize error messages (#​2903)
  • Modify error messages in PdfWriter (#​2902)

Full Changelog

v5.0.0

Compare Source

New Features (ENH)
  • Add full parameter to PdfWriter constructor (#​2865)
Bug Fixes (BUG)
  • Update pyproject.toml with minimum Python version of 3.8 (#​2859)
  • Cope with unbalanced delimiters in dictionary object (#​2878)
  • Cope with encoding with too many differences (#​2873)
  • Missing spaces in extract_text() method (#​1328) (#​2868)
  • Tolerate truncated files and no warning when jumping startxref (#​2855)
Robustness (ROB)
  • Repair PDF with invalid Root object (#​2880)
  • Continue parsing dictionary object when error is detected (#​2872)
  • Merge documents with invalid pages in named destinations (#​2857)
  • Tolerate comments in arrays (#​2856)
Developer Experience (DEV)
  • Use latest Python version for benchmarking (#​2879)
Maintenance (MAINT)
  • Add tests to source distributions (#​2874)
  • Refactor _update_field_annotation (#​2862)

Full Changelog

v4.3.1

Compare Source

This version drops support for Python 3.7 (not maintained since July 2023), PdfMerger (use PdfWriter instead) and AnnotationBuilder (use annotations instead).

Deprecations (DEP)
  • Remove the deprecated PdfMerger and AnnotationBuilder classes and other deprecations cleanup (#​2813)
  • Drop Python 3.7 support (#​2793)
New Features (ENH)
  • Add capability to remove /Info from PDF (#​2820)
  • Add incremental capability to PdfWriter (#​2811)
  • Add UniGB-UTF16 encodings (#​2819)
  • Accept utf strings for metadata (#​2802)
  • Report PdfReadError instead of RecursionError (#​2800)
  • Compress PDF files merging identical objects (#​2795)
Bug Fixes (BUG)
Robustness (ROB)
  • Robustify .set_data() (#​2821)
  • Raise PdfReadError when missing /Root in trailer (#​2808)
  • Fix extract_text() issues on damaged PDFs (#​2760)
  • Handle images with empty data when processing an image from bytes (#​2786)
Developer Experience (DEV)

Full Changelog

v4.3.0

Compare Source

Bug Fixes (BUG)
  • Cope with Matrix entry in field annotations (#​2736)
Robustness (ROB)
  • Cope with fields with upside down box/rectangle (#​2729)
Maintenance (MAINT)
  • Add deprecate_with_replacement to StreamObject.initializeFromD… (#​2728)
  • Deal with cryptography>=43 moving ARC4 (#​2765)

Full Changelog

v4.2.0

Compare Source

New Features (ENH)
  • Accept ETen-B5 and UniCNS-UTF16 encodings (#​2721)
  • Add decode_as_image() to ContentStreams (#​2615)
  • context manager for PdfReader (#​2666)
  • Add capability to set font and size in fields (#​2636)
  • Allow to pass input file without named argument (#​2576)
Bug Fixes (BUG)
  • Fix deprecation for Ressources when using old constants (#​2705)
  • Fix images issue 4 bits encoding and LUT starting with UTF16_BOM (#​2675)
  • Reading large compressed images takes huge time to process (#​2644)
  • Highlighted Text Cannot Be Printed (#​2604)
  • Fix UnboundLocalError on malformed pdf (#​2619)
Robustness (ROB)
  • Cope with missing Standard 14 fonts in fields (#​2677)
  • Improve inline image extraction (#​2622)
  • Cope with loops in Fields tree (#​2656)
  • Discard /I in choice fields for compatibility with Acrobat (#​2614)
  • Cope with some issues in pillow (#​2595)
  • Cope with some image extraction issues (#​2591)
Documentation (DOC)
  • Various improvements on docstrings and examples
Maintenance (MAINT)
  • Deprecate interiour_color with replacement interior_color (#​2706)
  • Add deprecate_with_replacement to PdfWriter.find_bookmark (#​2674)
Code Style (STY)
  • Change Link to be a non-markup annotation (#​2714)

Full Changelog

v4.1.0

Compare Source

New Features (ENH)
  • Allow multiple charsets for NameObject.read_from_stream (#​2585)
  • Add support for /Kids in page labels (#​2562)
  • Allow to update fields on many pages (#​2571)
  • Tolerate PDF with invalid xref pointed objects (#​2335)
  • Add Enforce from PDF2.0 in viewer_preferences (#​2511)
  • Add += and -= operators to ArrayObject (#​2510)
Bug Fixes (BUG)
  • Fix merge_page sometimes generating unknown operator 'QQ' (#​2588)
  • Fix fields update where annotations are kids of field (#​2570)
  • Process CMYK images without a filter correctly (#​2557)
  • Extract text in layout mode without finding resources (#​2555)
  • Prevent recursive loop in some PDF files (#​2505)
Robustness (ROB)
  • Tolerate "truncated" xref (#​2580)
  • Replace error by warning for EOD in RunLengthDecode/ASCIIHexDecode (#​2334)
  • Rebuild xref table if one entry is invalid (#​2528)
  • Robustify stream extraction (#​2526)
Documentation (DOC)
  • Update release process for latest changes (#​2564)
  • Encryption/decryption: Clone document instead of copying all pages (#​2546)
  • Minor improvements (#​2542)
  • Update annotation list (#​2534)
  • Update references and formatting (#​2529)
  • Correct threads reference, plus minor changes (#​2521)
  • Minor readability increases (#​2515)
  • Simplify PaperSize examples (#​2504)
  • Minor improvements (#​2501)
Developer Experience (DEV)
  • Remove unused dependencies (#​2572)
  • Remove page labels PR link from message (#​2561)
  • Fix changelog generator regarding whitespace and handling of "Other" group (#​2492)
  • Add REL to known PR prefixes (#​2554)
  • Release using the REL commit instead of git tag (#​2500)
  • Unify code between PdfReader and PdfWriter (#​2497)
  • Bump softprops/action-gh-release from 1 to 2 (#​2514)
Maintenance (MAINT)
  • Ressources → Resources (and internal name childs) (#​2550)
  • Fix typos found by codespell (#​2549)
  • Update Read the Docs configuration (#​2538)
  • Add root_object, _info and _ID to PdfReader (#​2495)
Testing (TST)
  • Allow loading truncated images if required (#​2586)
  • Fix download issues from #​2562 (#​2578)
  • Improve test_get_contents_from_nullobject to show real use-case (#​2524)
  • Add missing test annotations (#​2507)

Full Changelog

v4.0.2

Compare Source

Generating name objects (NameObject) without a leading slash
is considered deprecated now. Previously, just a plain warning
would be logged, leading to possibly invalid PDF files. According
to our deprecation policy, this will log a DeprecationWarning
for now.

New Features (ENH)
  • Add get_pages_from_field (#​2494)
  • Add reattach_fields function (#​2480)
  • Automatic access to pointed object for IndirectObject (#​2464)
Bug Fixes (BUG)
  • Missing error on name without leading / (#​2387)
  • encode_pdfdocencoding() always returns bytes (#​2440)
  • BI in text content identified as image tag (#​2459)
Robustness (ROB)
  • Missing basefont entry in type 3 font (#​2469)
Documentation (DOC)
  • Improve lossless compression example (#​2488)
  • Amend robustness documentation (#​2479)
Developer Experience (DEV)
  • Fix changelog for UTF-8 characters (#​2462)
Maintenance (MAINT)
  • Add _get_page_number_from_indirect in writer (#​2493)
  • Remove user assignment for feature requests (#​2483)
  • Remove reference to old 2.0.0 branch (#​2482)
Testing (TST)
  • Fix benchmark failures (#​2481)
  • Broken test due to expired test file URL (#​2468)
  • Resolve file naming conflict in test_iss1767 (#​2445)

Full Changelog

v4.0.1

Compare Source

Bug Fixes (BUG)
  • Use NumberObject for /Border elements of annotations (#​2451)

Full Changelog

v4.0.0

Compare Source

Bug Fixes (BUG)
  • layout mode text extraction ZeroDivisionError (#​2417)
Testing (TST)
  • Skip tests using fpdf2 if it's not installed (#​2419)

Full Changelog


  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Feb 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by Mend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants