Bump pypdf from 6.4.0 to 6.10.0 by dependabot[bot] · Pull Request #989 · aeecleclair/Hyperion

dependabot · 2026-04-12T11:42:16Z

Bumps pypdf from 6.4.0 to 6.10.0.

Release notes

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

Disallow custom XML entity declarations for XMP metadata (#3724) by @stefan6419846

New Features (ENH)

Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @Ygnas

Bug Fixes (BUG)

Use remove_orphans in compress_identical_objects (#3310) by @j-t-1

Fix PdfReadError when xref table contains comments before trailer (#3710) by @rassie

Correctly verify AES padding during decryption (#3699) by @stefan6419846

Fix stale object cache from non-authoritative object streams (#3698) by @astahlman

Fix extract_links pairing when annotations include non-links (#3687) by @ReinerBRO

Documentation (DOC)

Add AI policy (#3717) by @stefan6419846

Full Changelog

Version 6.9.2, 2026-03-23

What's new

Security (SEC)

Avoid infinite loop in read_from_stream for broken files (#3693) by @stefan6419846

Robustness (ROB)

Resolve UnboundLocalError for xobjs in _get_image (#3684) by @Yuki9814

Full Changelog

Version 6.9.1, 2026-03-17

What's new

Security (SEC)

Improve performance and limit length of array-based content streams (#3686) by @stefan6419846

Full Changelog

Version 6.9.0, 2026-03-15

What's new

New Features (ENH)

Expose /Perms verification result on Encryption object (#3672) by @costajohnt

Performance Improvements (PI)

Fix O(n²) performance in NameObject read/write (#3679) by @dmitry-kostin

Batch-parse all objects in ObjStm on first access (#3677) by @dmitry-kostin

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.10.0, 2026-04-10

Security (SEC)

Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

Use remove_orphans in compress_identical_objects (#3310)

Fix PdfReadError when xref table contains comments before trailer (#3710)

Correctly verify AES padding during decryption (#3699)

Fix stale object cache from non-authoritative object streams (#3698)

Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

Add AI policy (#3717)

Full Changelog

Version 6.9.2, 2026-03-23

Security (SEC)

Avoid infinite loop in read_from_stream for broken files (#3693)

Robustness (ROB)

Resolve UnboundLocalError for xobjs in _get_image (#3684)

Full Changelog

Version 6.9.1, 2026-03-17

Security (SEC)

Improve performance and limit length of array-based content streams (#3686)

Full Changelog

Version 6.9.0, 2026-03-15

New Features (ENH)

Expose /Perms verification result on Encryption object (#3672)

Performance Improvements (PI)

Fix O(n²) performance in NameObject read/write (#3679)

Batch-parse all objects in ObjStm on first access (#3677)

Bug Fixes (BUG)

Avoid sharing array-based content streams between pages (#3681)

Avoid accessing invalid page when inserting blank page under some conditions (#3529)

... (truncated)

Commits

fd0aeca REL: 6.10.0
b15a374 SEC: Disallow custom XML entity declarations for XMP metadata (#3724)
d0d9de6 DEV: Update cryptography to 46.0.7 in ci.txt
1e0e5be DOC: Include policies about AI and PoCs into security policy
3155e04 Bump cryptography from 46.0.6 to 46.0.7 in /requirements (#3723)
696b978 DEV: Bump codecov/codecov-action from 5 to 6 (#3701)
5456731 TST: Extending typing to tests; cover generic and scripts folder files (#3660)
e00505e DOC: Add AI policy (#3717)
bd95bd8 Fix PdfReadError when xref table contains comments before trailer (#3710)
f3f501b DEV: Update pygments version to 2.20.0 (#3707)
Additional commits viewable in compare view

codecov · 2026-04-12T11:51:23Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.43%. Comparing base (b7ab26d) to head (bbf7b70).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #989   +/-   ##
=======================================
  Coverage   84.43%   84.43%           
=======================================
  Files         206      206           
  Lines       14922    14922           
=======================================
  Hits        12600    12600           
  Misses       2322     2322

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

armanddidierjean

Seems to work fine with our PDF templates

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.4.0 to 6.10.0. - [Release notes](https://github.com/py-pdf/pypdf/releases) - [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md) - [Commits](py-pdf/pypdf@6.4.0...6.10.0) --- updated-dependencies: - dependency-name: pypdf dependency-version: 6.10.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-15T20:51:22Z

Superseded by #1002.

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 12, 2026

dependabot Bot mentioned this pull request Apr 12, 2026

Bump pypdf from 6.4.0 to 6.7.3 #967

Closed

dependabot Bot force-pushed the dependabot/pip/pypdf-6.10.0 branch from 1d11ed0 to 0c17031 Compare April 12, 2026 12:16

armanddidierjean approved these changes Apr 12, 2026

View reviewed changes

Marc-Andrieu approved these changes Apr 12, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/pip/pypdf-6.10.0 branch from 0c17031 to bbf7b70 Compare April 13, 2026 00:22

dependabot Bot closed this Apr 15, 2026

dependabot Bot deleted the dependabot/pip/pypdf-6.10.0 branch April 15, 2026 20:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pypdf from 6.4.0 to 6.10.0#989

Bump pypdf from 6.4.0 to 6.10.0#989
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pypdf-6.10.0

dependabot Bot commented on behalf of github Apr 12, 2026 •

edited

Loading

Uh oh!

codecov Bot commented Apr 12, 2026 •

edited

Loading

Uh oh!

armanddidierjean left a comment

Uh oh!

dependabot Bot commented on behalf of github Apr 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Apr 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

New Features (ENH)

Bug Fixes (BUG)

Documentation (DOC)

Version 6.9.2, 2026-03-23

What's new

Security (SEC)

Robustness (ROB)

Version 6.9.1, 2026-03-17

What's new

Security (SEC)

Version 6.9.0, 2026-03-15

What's new

New Features (ENH)

Performance Improvements (PI)

Version 6.10.0, 2026-04-10

Security (SEC)

New Features (ENH)

Bug Fixes (BUG)

Documentation (DOC)

Version 6.9.2, 2026-03-23

Security (SEC)

Robustness (ROB)

Version 6.9.1, 2026-03-17

Security (SEC)

Version 6.9.0, 2026-03-15

New Features (ENH)

Performance Improvements (PI)

Bug Fixes (BUG)

Uh oh!

codecov Bot commented Apr 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

armanddidierjean left a comment

Choose a reason for hiding this comment

Uh oh!

dependabot Bot commented on behalf of github Apr 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot Bot commented on behalf of github Apr 12, 2026 •

edited

Loading

codecov Bot commented Apr 12, 2026 •

edited

Loading