Fix CVE-2026-33123: Update pypdf to 6.9.1 (#13473)

Co-authored-by: OpenHands CVE Fix Bot <openhands@all-hands.dev>
2026-03-22 05:37:20 +08:00 · 2026-03-19 10:05:30 -05:00
parent 0ec962e96b
commit 2d1e9fa35b
4 changed files with 13 additions and 13 deletions
--- a/uv.lock
+++ b/uv.lock
@@ -3846,7 +3846,7 @@ requires-dist = [
    { name = "pygithub", specifier = ">=2.5" },
    { name = "pyjwt", specifier = ">=2.12" },
    { name = "pylatexenc" },
-    { name = "pypdf", specifier = ">=6.7.2" },
+    { name = "pypdf", specifier = ">=6.9.1" },
    { name = "python-docx" },
    { name = "python-dotenv" },
    { name = "python-frontmatter", specifier = ">=1.1" },
@@ -7385,11 +7385,11 @@ wheels = [

 [[package]]
 name = "pypdf"
-version = "6.8.0"
+version = "6.9.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/b4/a3/e705b0805212b663a4c27b861c8a603dba0f8b4bb281f96f8e746576a50d/pypdf-6.8.0.tar.gz", hash = "sha256:cb7eaeaa4133ce76f762184069a854e03f4d9a08568f0e0623f7ea810407833b", size = 5307831, upload-time = "2026-03-09T13:37:40.591Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/f9/fb/dc2e8cb006e80b0020ed20d8649106fe4274e82d8e756ad3e24ade19c0df/pypdf-6.9.1.tar.gz", hash = "sha256:ae052407d33d34de0c86c5c729be6d51010bf36e03035a8f23ab449bca52377d", size = 5311551, upload-time = "2026-03-17T10:46:07.876Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/8c/ec/4ccf3bb86b1afe5d7176e1c8abcdbf22b53dd682ec2eda50e1caadcf6846/pypdf-6.8.0-py3-none-any.whl", hash = "sha256:2a025080a8dd73f48123c89c57174a5ff3806c71763ee4e49572dc90454943c7", size = 332177, upload-time = "2026-03-09T13:37:38.774Z" },
+    { url = "https://files.pythonhosted.org/packages/f9/f4/75543fa802b86e72f87e9395440fe1a89a6d149887e3e55745715c3352ac/pypdf-6.9.1-py3-none-any.whl", hash = "sha256:f35a6a022348fae47e092a908339a8f3dc993510c026bb39a96718fc7185e89f", size = 333661, upload-time = "2026-03-17T10:46:06.286Z" },
 ]

 [[package]]