From 2d1e9fa35b58f22bbafc266fe61f045e0d781cbd Mon Sep 17 00:00:00 2001 From: aivong-openhands Date: Thu, 19 Mar 2026 10:05:30 -0500 Subject: [PATCH] Fix CVE-2026-33123: Update pypdf to 6.9.1 (#13473) Co-authored-by: OpenHands CVE Fix Bot --- enterprise/poetry.lock | 6 +++--- poetry.lock | 8 ++++---- pyproject.toml | 4 ++-- uv.lock | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/enterprise/poetry.lock b/enterprise/poetry.lock index 1bb48f24c6..39ef61101d 100644 --- a/enterprise/poetry.lock +++ b/enterprise/poetry.lock @@ -11587,14 +11587,14 @@ diagrams = ["jinja2", "railroad-diagrams"] [[package]] name = "pypdf" -version = "6.8.0" +version = "6.9.1" description = "A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files" optional = false python-versions = ">=3.9" groups = ["main"] files = [ - {file = "pypdf-6.8.0-py3-none-any.whl", hash = "sha256:2a025080a8dd73f48123c89c57174a5ff3806c71763ee4e49572dc90454943c7"}, - {file = "pypdf-6.8.0.tar.gz", hash = "sha256:cb7eaeaa4133ce76f762184069a854e03f4d9a08568f0e0623f7ea810407833b"}, + {file = "pypdf-6.9.1-py3-none-any.whl", hash = "sha256:f35a6a022348fae47e092a908339a8f3dc993510c026bb39a96718fc7185e89f"}, + {file = "pypdf-6.9.1.tar.gz", hash = "sha256:ae052407d33d34de0c86c5c729be6d51010bf36e03035a8f23ab449bca52377d"}, ] [package.extras] diff --git a/poetry.lock b/poetry.lock index bccd0eea80..9644ef383c 100644 --- a/poetry.lock +++ b/poetry.lock @@ -11564,14 +11564,14 @@ diagrams = ["jinja2", "railroad-diagrams"] [[package]] name = "pypdf" -version = "6.8.0" +version = "6.9.1" description = "A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files" optional = false python-versions = ">=3.9" groups = ["main"] files = [ - {file = "pypdf-6.8.0-py3-none-any.whl", hash = "sha256:2a025080a8dd73f48123c89c57174a5ff3806c71763ee4e49572dc90454943c7"}, - {file = "pypdf-6.8.0.tar.gz", hash = "sha256:cb7eaeaa4133ce76f762184069a854e03f4d9a08568f0e0623f7ea810407833b"}, + {file = "pypdf-6.9.1-py3-none-any.whl", hash = "sha256:f35a6a022348fae47e092a908339a8f3dc993510c026bb39a96718fc7185e89f"}, + {file = "pypdf-6.9.1.tar.gz", hash = "sha256:ae052407d33d34de0c86c5c729be6d51010bf36e03035a8f23ab449bca52377d"}, ] [package.extras] @@ -14833,4 +14833,4 @@ third-party-runtimes = ["daytona", "e2b-code-interpreter", "modal", "runloop-api [metadata] lock-version = "2.1" python-versions = "^3.12,<3.14" -content-hash = "1a8151b36fb64667d1a2e83f38060841de15bd0284f18e8f58c6ee95095e933e" +content-hash = "1d1661870075ed85d87818cc3f3bd30bf23dcd00d1604be57f616f60b583c758" diff --git a/pyproject.toml b/pyproject.toml index 87609dbf9b..9595af0fab 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -76,7 +76,7 @@ dependencies = [ "pygithub>=2.5", "pyjwt>=2.12", "pylatexenc", - "pypdf>=6.7.2", + "pypdf>=6.9.1", "python-docx", "python-dotenv", "python-frontmatter>=1.1", @@ -224,7 +224,7 @@ python-docx = "*" bashlex = "^0.18" # Explicitly pinned packages for latest versions -pypdf = "^6.7.2" +pypdf = "^6.9.1" pillow = "^12.1.1" starlette = "^0.49.1" urllib3 = "^2.6.3" diff --git a/uv.lock b/uv.lock index 67c7965698..269ff03c0f 100644 --- a/uv.lock +++ b/uv.lock @@ -3846,7 +3846,7 @@ requires-dist = [ { name = "pygithub", specifier = ">=2.5" }, { name = "pyjwt", specifier = ">=2.12" }, { name = "pylatexenc" }, - { name = "pypdf", specifier = ">=6.7.2" }, + { name = "pypdf", specifier = ">=6.9.1" }, { name = "python-docx" }, { name = "python-dotenv" }, { name = "python-frontmatter", specifier = ">=1.1" }, @@ -7385,11 +7385,11 @@ wheels = [ [[package]] name = "pypdf" -version = "6.8.0" +version = "6.9.1" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/b4/a3/e705b0805212b663a4c27b861c8a603dba0f8b4bb281f96f8e746576a50d/pypdf-6.8.0.tar.gz", hash = "sha256:cb7eaeaa4133ce76f762184069a854e03f4d9a08568f0e0623f7ea810407833b", size = 5307831, upload-time = "2026-03-09T13:37:40.591Z" } +sdist = { url = "https://files.pythonhosted.org/packages/f9/fb/dc2e8cb006e80b0020ed20d8649106fe4274e82d8e756ad3e24ade19c0df/pypdf-6.9.1.tar.gz", hash = "sha256:ae052407d33d34de0c86c5c729be6d51010bf36e03035a8f23ab449bca52377d", size = 5311551, upload-time = "2026-03-17T10:46:07.876Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/8c/ec/4ccf3bb86b1afe5d7176e1c8abcdbf22b53dd682ec2eda50e1caadcf6846/pypdf-6.8.0-py3-none-any.whl", hash = "sha256:2a025080a8dd73f48123c89c57174a5ff3806c71763ee4e49572dc90454943c7", size = 332177, upload-time = "2026-03-09T13:37:38.774Z" }, + { url = "https://files.pythonhosted.org/packages/f9/f4/75543fa802b86e72f87e9395440fe1a89a6d149887e3e55745715c3352ac/pypdf-6.9.1-py3-none-any.whl", hash = "sha256:f35a6a022348fae47e092a908339a8f3dc993510c026bb39a96718fc7185e89f", size = 333661, upload-time = "2026-03-17T10:46:06.286Z" }, ] [[package]]