From fe79bedb6f16efc638506c98e73ff8ef9a0396da Mon Sep 17 00:00:00 2001
From: arigatoexpress <95630102+arigatoexpress@users.noreply.github.com>
Date: Wed, 17 Jun 2026 12:48:20 -0600
Subject: [PATCH] chore(deps): bump pypdf 6.12.0 -> 6.12.2 (3 of 5 Dependabot
 alerts)

Clears 3 of 5 open pypdf advisories (medium) that are fixed within the 6.12.x
line. Deliberately stays in 6.12.x: pypdf 6.13.x breaks AcroForm filling in
tools/document_tools.py:578 (writer.update_page_form_field_values ->
"'str' object cannot be interpreted as an integer"), which silently produces
BLANK sales contracts (6 document tests fail on 6.13.0+). The remaining 2
alerts (fixed only in 6.13.0) are deferred to a separate, reviewed pypdf-6.13
compatibility fix.

All document/PDF tests green on 6.12.2 (230 passed).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 3e076e5..4739612 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,7 +16,7 @@ python-multipart==0.0.31
 uvicorn==0.34.0
 redis==5.2.1
 dnspython==2.7.0
-pypdf==6.12.0
+pypdf==6.12.2
 resend==2.5.1
 slowapi>=0.1.9
 PyYAML>=6.0