chore(deps): update module github.com/pdfcpu/pdfcpu to v0.13.0#317
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update module github.com/pdfcpu/pdfcpu to v0.13.0#317renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
Contributor
Author
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
renovate
Bot
force-pushed
the
renovate/github.com-pdfcpu-pdfcpu-0.x
branch
from
dfd4714 to
30354a4
Compare
renovate
Bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.11.1→v0.13.0Release Notes
pdfcpu/pdfcpu (github.com/pdfcpu/pdfcpu)
v0.13.0Compare Source
A Release Featuring CLI Pipelines and Safer Defaults
Starting with this release, pdfcpu improves CLI usability with broader stdin/stdout pipeline support and stricter overwrite handling.
Check out the refreshed documentation at https://pdfcpu.io
Many commands now support
-for stdin/stdout, making pdfcpu easier to use in shell pipelines. Explicit output files and non-empty output directories are no longer overwritten implicitly. Use the new global--forceflag when overwriting is intentional.Example:
pdfcpu optimize - out.pdf < in.pdfor:
or a pipeline:
aws s3 cp s3://acme-contracts/master.pdf - \ | pdfcpu optimize - - \ | aws s3 cp - s3://acme-contracts/optimized/master.pdfCLI Improvements
This release adds and refines several user-facing CLI features:
---forceflag for explicit overwrite handlingannotations list --jsonform list --jsoncertificates list --jsonmerge --bookmark-mode wrap|preserveversioncommand behaviorThe new overwrite behavior is intentionally stricter. Existing scripts that relied on implicit overwrites may need to add
--force.Merge Bookmarks
The merge command now supports bookmark handling modes:
Supported modes:
wrappreserveThe default is
wrap.This release also improves bookmark tree preservation and handling of bookmark destination collisions.
JSON Output
JSON output is now available for selected listing commands:
form list --jsonalso supports multi-file form export JSON.Certificate Trust Store Packaging
Standard builds now start with an empty trusted certificate directory.
Embedded EUTL certificate bundles are only included when building with:
certificates resetnow resets the certificate directory to the build defaults.This keeps standard builds smaller and avoids implying a bundled trust store unless it was explicitly selected at build time.
Experimental Windows 7 Build
An experimental Windows 7 x64 build is available in the release assets:
pdfcpu_0.13.0_Windows_x86_64_win7_experimental.zipThis build uses a patched Go toolchain and is not part of the regular supported release matrix. Feedback from Windows 7 SP1 x64 users is welcome (at #870), especially the output of:
Robustness & Safer Processing
This release adds configurable parser and resource limits for:
The corresponding limits are also part of the configuration. Users of older version will be prompted by the CLI to reset their configuration.
Additional cycle and depth checks were added for page trees, form fields, name trees, and object graph traversal.
Stream parsing and filter decoding have also been hardened against oversized, malformed, and overflowing inputs.
Very large or malformed PDFs that were previously attempted may now be rejected earlier.
Fixes and Improvements
This release includes targeted fixes and compatibility improvements for:
RectandQuadPointsDependencies were updated, including
go-runewidth,x/crypto,x/image, andx/text.Signature Validation Notes
Now usage, help text and docs describe the current signature validation scope and trust boundaries more clearly.
This release does not claim complete legal, eIDAS, LTV, or long-term trust validation.
Development
Behind the scenes, this release includes command plumbing refactoring in
pkg/cli, updated tests around command dispatch, and an experimental Windows 7 build workflow.Thanks
Everybody for testing, reporting issues, and feeding back real-world PDFs.
Your bug reports and edge cases continue to make pdfcpu more robust and useful.
Shoutouts to @harish for spending time on submitting a PR.
Changelog
2226694bump version, fix #1410, #1411a212fadrefactor cli cmd plumbing982b418clarify signature trust boundariesd27afe2fix version cmd80b99feadd certificate JSON listing and reset defaultsa3225abrefactor parameter handling4f4129eadd experimental Win7 build84a68afdecrease binary size via default build w/o bundled certificates, provide build tag pdfcpu_eutl for bundling EUTL trust-list certsecb6888fix #12913491406fix identify versione102024fix #1316d886d17fix #1375d27963bfix #1317174230afix #13598719193fix merge bookmark destination collisions991e0ecfix: #1364b11ad47fix: #13943a73dfarefactor: cli command plumbing6ac18f9fix arg validation895371afix #139659ca0dbfix #140214e191dfix handling of os.Exitcbbb3b5add missing GoDoc comments8983029add cycle-detectionb4c1f98add recursion-depth checking54d7f0aadd limits to configuration21f8b3bsanitize file pathse8abb82harden filter decoders and stream parsing against overflow0ea56f8update scripts05e8897add stdin/stdout support, add --forcev0.12.1Compare Source
Bugfix Release
This is a fix for what was a miss on the decrypt command during the CLI Cobra migration.
🙏🏻 Thanks 🙏🏻
everybody for the bug reports.
Shoutouts 👏🏻 go to @znbang for spending time on submitting a PR.
Changelog
148d18dBump version6d531deFix decrypt command argument handling2cf9addFix #1389981a489Fix #1319, #132257979baFix #1357, #13884eb85e0Cleanup10e0a57Fix api error handlingb843d28Fix #1381v0.12.0Compare Source
A Release Featuring Command Completion
Starting with this release, pdfcpu now offers shell command completion for CLI users.
Supported shells:
Big thanks to @doronbehar for providing the Cobra integration 🙌
CLI Improvements
This release also refines how command flags work:
Clear distinction between short and long flags
-fvs--fullShort flags can now be chained:
is equivalent to:
Tradeoff
As a result of this cleanup:
However, the CLI is now more predictable and easier to use overall.
👉 Learn more:
👉 For command help going forward:
🛠️ Stability & Ongoing Work
This release also represents a significant amount of work behind the scenes focused on overall stability and parser robustness. Many edge cases have been addressed to make pdfcpu more reliable when dealing with real-world PDF files.
Work on digital signature creation and validation is actively ongoing. These features will be released once the maintainers are confident they meet the expected standards for quality, correctness, and practical usefulness.
✂️ Removing Signatures (
--rmsig)This flag removes all signatures as part of processing.
Supported commands:
mergeoptimizeThere is also a dedicated command:
Flags:
--rmenc→ also remove encryption-h, --help→ show help🔓 Removing Encryption (
--rmenc)The
--rmencflag removes any existing encryption when writing a file.Supported commands:
optimizesignatures remove🔐 Encryption
pdfcpu now supports AES-256 GCM encryption (ISO/TS 32003).
encryptcommand defaults to AES-256 GCM🙏🏻 Thanks 🙏🏻
everybody for testing and feeding back your real world PDFs and bug reports.
Shoutouts 👏🏻 go to @mdmcconnell, @13rac1, @doronbehar and @joeyave for spending their time on submitting PR's.
Changelog
bce7271Cleanup, bump version9db810aEnforce max recurse level during parsingdc9ab24Add recover from internal panic3936dcemerge in cli cobra integrationa181c19fix: replace os.Exit with panic in library code to prevent process termination when used as dependency7312d20Fix #132939be9acFix #1341871b367Fix #13458f565ddFix #1334d5ab3a4Fix #1330c6084d1Fix #1331de6e4e8ci: include all packages in coverage with -coverpkge893a96ci: fix tests to use macOS and Windows runners81a495bFix #130701f68bdCleanup Fix #12116fe7e7aIgnore newlines in non-multiline fieldsc4472c7Text wrapping test4c8aa9fImproved text wrapping73a9f46Implement some word wrapping for form text fields4b45c54Fix #1298344bd7fFix #1297170d7bdFix #129245f3147Fix #1285b9d1197Fix #1276d288782Fix #127896ebe63Fix #128067f5eecFix #126159a817cFix #12638286ba3Fix #12551a5fcf4Fix #12299421da0Use sync.Once for cert loadingf17b3d5Fix lazy font loading223cdb0Implement lazy font loading to reduce memory footprint2add6c8Fix #642ce634b6Fix #399238d720Fix #12670a7f670Fix #12010c5a8c0Fix #1268Configuration
📅 Schedule: (UTC)
* 2 1-3 * 1-5)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.