chore(deps): bump pypdf from 6.10.2 to 6.12.0 in /envs/repl_env#790
Conversation
Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.10.2 to 6.12.0. - [Release notes](https://github.com/py-pdf/pypdf/releases) - [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md) - [Commits](py-pdf/pypdf@6.10.2...6.12.0) --- updated-dependencies: - dependency-name: pypdf dependency-version: 6.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
Dependencies
python:uv
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Automated dependency bump, scope is clean. Two files changed (envs/repl_env/pyproject.toml, envs/repl_env/uv.lock), nothing else touched.
Version bump analysis:
| Before | After | |
|---|---|---|
pyproject.toml minimum constraint |
>=4.0.0 |
>=6.12.0 |
Resolved version in uv.lock |
6.10.2 |
6.12.0 |
This is a minor bump (6.10.2 → 6.12.0) within the same major series. The lock file hashes and URLs are updated consistently.
One observation (non-blocking): The pyproject.toml lower bound has been raised from >=4.0.0 to >=6.12.0 — two major versions — as a side effect of Dependabot pinning the constraint to the new resolved version. This is consistent with the lock but means the declared compatibility floor is now tighter than before. This is acceptable here since pypdf usage is a soft import with a graceful fallback (pypdf = None), but worth being aware of if this package is ever installed outside the lock.
No unrelated changes, no debug code, no security issues, no architectural concerns. LGTM.
Automated review by Claude Code | Learn more
|
Rolled into #789 so maintainers can merge the env Dependabot updates together. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review Report
Automated Checks
- Lint: N/A - change is limited to
pyproject.tomlanduv.lock; no Python source modified - Debug code: CLEAN - no Python source touched
Tier 1: Fixes Required
None.
- Scope is correct: only
envs/repl_env/pyproject.tomlandenvs/repl_env/uv.lockare modified. - Version bump from
6.10.2to6.12.0is syntactically correct and internally consistent across both files. - The lower-bound constraint in
pyproject.tomlis tightened from>=4.0.0to>=6.12.0, which aligns with the resolved lock entry. - sdist and wheel hashes in the lock are updated and present for the new version.
- No other
pyproject.tomlin the repo pinspypdf, so there is no cross-env conflict.
Tier 2: Alignment Discussion
None identified. This change is isolated to a single environment's dependency manifest and does not touch any OpenEnv core API, invariants, or architectural boundaries.
Summary
- 0 mechanical issues
- 0 alignment points for human review
The 6.12.0 release includes two upstream security fixes (malformed cross-reference stream handling, excessive-whitespace layout-mode extraction) that are relevant to repl_env's PDF document-upload feature. Clean patch to approve.
Automated review by Claude Code | Learn more
2 participants
Bumps pypdf from 6.10.2 to 6.12.0.
Release notes
Sourced from pypdf's releases.
Changelog
Sourced from pypdf's changelog.
Commits
08eb143REL: 6.12.0507d7c9SEC: Disallow cross-reference streams with zero-only width values (#3791)9d27470SEC: Avoid excessive whitespace in layout mode text extraction (#3790)0a8e699DOC: Block encrypting writer in incremental mode (#3789)541ebd4DEV: Update idna from version 3.10 to 3.15de405a8DEV: Update idna from version 3.10 to 3.15a2b90f9ROB: AppearanceStream: Also honor user-set font name when not flattening anno...22bd60fMAINT: Tiny change of comments (#3787)2995392ENH: Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)e044789TST: Disable PyPy update checks after image updateDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.