Skip to content

chore(deps): update weasyprint requirement from >=62,<69 to >=62,<70 in /services/api#292

Merged
beenuar merged 1 commit into
mainfrom
dependabot/pip/services/api/weasyprint-gte-62-and-lt-70
Jun 9, 2026
Merged

chore(deps): update weasyprint requirement from >=62,<69 to >=62,<70 in /services/api#292
beenuar merged 1 commit into
mainfrom
dependabot/pip/services/api/weasyprint-gte-62-and-lt-70

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updates the requirements on weasyprint to permit the latest version.

Release notes

Sourced from weasyprint's releases.

v69.0

This is a security update (CVE-2026-49452).

We strongly recommend to upgrade WeasyPrint to the latest version if you use the --presentational-hints option and render untrusted HTML with restricted CSS properties.

Read about this release on our blog.

Security

  • Avoid CSS injection with HTML presentational hints.

Command-line API

  • The --srgb option has been replaced by --output-intent=srgb. Other values are possible: device-cmyk for CMYK documents with no ICC profile, or the CSS identifier of a @color-profile rule.

Python API

  • The output_intent string entry replaces the srgb boolean in default options.

Features

Bug fixes

  • #2697, #2691: Avoid endless loops in grids
  • #2709: Be less strict for gradient rasterization in tests
  • #2683: Fix rendering of emojis in SVG
  • #2688: Always describe font using absolute sizes
  • #2676: Fix inheritance for svg/symbol tags referenced by use tags
  • #2681: Add dc:description field to PDF/A metadata
  • #2680: Force first grid row rendering on empty pages
  • #2690: Compute units in gradients used in border background
  • #2689: Cut flex elements with fixed height and overflowing children
  • #2651, #2696: Fix tests on Debian
  • #2698, #2699: Fix alignment of right-to-left elements with auto width and set min/max-width
  • #2556: Apply presentational hints to svg tags
  • #2706: Handle infinite border radii
  • #2707, #2708, #2710: Get mimetypes from Python code instead of various third-party files
  • #2717, #2580, #2740: Fix table break retry after padding overflow
  • #2769: Add year in PDF/UA-2 metadata
  • #2768: Allow SVG lists of numbers to be split on + character
  • #2770: Add namespace to Document tag in PDF 2
  • #2771: Never try to render SVG use tags with external sources
  • #2774: Fix calc in logical

... (truncated)

Changelog

Sourced from weasyprint's changelog.

Version 69.0

Released on 2026-06-02.

This is a security update (CVE-2026-49452).

We strongly recommend to upgrade WeasyPrint to the latest version if you use the --presentational-hints option and render untrusted HTML with restricted CSS properties.

Security:

  • Avoid CSS injection with HTML presentational hints.

Command-line API:

  • The --srgb option has been replaced by --output-intent=srgb. Other values are possible: device-cmyk for CMYK documents with no ICC profile, or the CSS identifier of a @color-profile rule.

Python API:

  • The output_intent string entry replaces the srgb boolean in default options.

Features:

  • [#2357](https://github.com/Kozea/WeasyPrint/issues/2357) <https://github.com/Kozea/WeasyPrint/issues/2357>, [#2700](https://github.com/Kozea/WeasyPrint/issues/2700) <https://github.com/Kozea/WeasyPrint/pull/2700>: Support logical properties
  • [#1194](https://github.com/Kozea/WeasyPrint/issues/1194) <https://github.com/Kozea/WeasyPrint/issues/1194>, [#2702](https://github.com/Kozea/WeasyPrint/issues/2702) <https://github.com/Kozea/WeasyPrint/pull/2702>: Support viewport units
  • [#2686](https://github.com/Kozea/WeasyPrint/issues/2686) <https://github.com/Kozea/WeasyPrint/issues/2686>_: Detect redirection loops early in URL fetcher
  • [#2735](https://github.com/Kozea/WeasyPrint/issues/2735) <https://github.com/Kozea/WeasyPrint/issues/2735>, [#2737](https://github.com/Kozea/WeasyPrint/issues/2737) <https://github.com/Kozea/WeasyPrint/pull/2737>: Support SVG transform angle units
  • [#2636](https://github.com/Kozea/WeasyPrint/issues/2636) <https://github.com/Kozea/WeasyPrint/issues/2636>, [#2720](https://github.com/Kozea/WeasyPrint/issues/2720) <https://github.com/Kozea/WeasyPrint/pull/2720>, [#2773](https://github.com/Kozea/WeasyPrint/issues/2773) <https://github.com/Kozea/WeasyPrint/pull/2773>_: Use HTML parsers for presentational hints
  • [#2631](https://github.com/Kozea/WeasyPrint/issues/2631) <https://github.com/Kozea/WeasyPrint/issues/2631>, [#2778](https://github.com/Kozea/WeasyPrint/issues/2778) <https://github.com/Kozea/WeasyPrint/pull/2778>, [#2785](https://github.com/Kozea/WeasyPrint/issues/2785) <https://github.com/Kozea/WeasyPrint/issues/2785>, [#2788](https://github.com/Kozea/WeasyPrint/issues/2788) <https://github.com/Kozea/WeasyPrint/pull/2788>: Allow users to set PDF output intent

Bug fixes:

... (truncated)

Commits
  • 3287311 Version 69.0
  • 6f58a9a Add security message in Changelog
  • 2d13d3d Update test comment to indicate related issue
  • 227f5f7 Merge pull request #2791 from Kozea/improve-var
  • ff72115 Improve management of variables
  • b419c7f Merge pull request #2788 from Kozea/fix-hints
  • 1729ce4 Fix minor errors in presentational hints
  • 9898e84 Merge pull request #2787 from danfitz36/fix-namespace-type-typo
  • 15eea9f Add lang attribute to PDF/UA-2 namespace test
  • cb5f66c Fix /Namepace typo in PDF 2 structure-tree namespace
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 8, 2026
@dependabot dependabot Bot requested a review from beenuar as a code owner June 8, 2026 06:19
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 8, 2026
@beenuar

beenuar commented Jun 9, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot
chore(deps): update weasyprint requirement in /services/api
bce3470 
Updates the requirements on [weasyprint](https://github.com/Kozea/WeasyPrint) to permit the latest version.
- [Release notes](https://github.com/Kozea/WeasyPrint/releases)
- [Changelog](https://github.com/Kozea/WeasyPrint/blob/main/docs/changelog.rst)
- [Commits](Kozea/WeasyPrint@v62.0...v69.0)

---
updated-dependencies:
- dependency-name: weasyprint
  dependency-version: '69.0'
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/services/api/weasyprint-gte-62-and-lt-70 branch from b70bc4b to bce3470 Compare June 9, 2026 03:26
@beenuar beenuar merged commit 6d29cd2 into main Jun 9, 2026
26 checks passed
@beenuar beenuar deleted the dependabot/pip/services/api/weasyprint-gte-62-and-lt-70 branch June 9, 2026 03:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beenuar beenuar Awaiting requested review from beenuar beenuar is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@beenuar