Skip to content

Bump the pip group across 1 directory with 2 updates#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/pip-55fba1b899
Open

Bump the pip group across 1 directory with 2 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/pip-55fba1b899

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown

Bumps the pip group with 2 updates in the /backend directory: pypdf and pytest.

Updates pypdf from 5.1.0 to 6.12.0

Release notes

Sourced from pypdf's releases.

Version 6.12.0, 2026-05-21

What's new

Security (SEC)

New Features (ENH)

Performance Improvements (PI)

Bug Fixes (BUG)

  • Fix TreeObject.insert_child KeyError on fresh children (#3786) by @​Abzaek

Robustness (ROB)

  • AppearanceStream: Also honor user-set font name when not flattening annotations (#3781) by @​PJBrs

Documentation (DOC)

Full Changelog

Version 6.11.0, 2026-05-09

What's new

New Features (ENH)

Robustness (ROB)

Developer Experience (DEV)

Full Changelog

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

Full Changelog

Version 6.10.1, 2026-04-14

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.12.0, 2026-05-21

Security (SEC)

  • Disallow cross-reference streams with zero-only width values (#3791)
  • Avoid excessive whitespace in layout mode text extraction (#3790)

New Features (ENH)

  • Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
  • CID font resource from font file to encode more characters (#3652)

Performance Improvements (PI)

  • Optimize retrieval of named destinatinos in reader (#3442)

Bug Fixes (BUG)

  • Fix TreeObject.insert_child KeyError on fresh children (#3786)

Robustness (ROB)

  • AppearanceStream: Also honor user-set font name when not flattening annotations (#3781)

Documentation (DOC)

  • Block encrypting writer in incremental mode (#3789)

Full Changelog

Version 6.11.0, 2026-05-09

New Features (ENH)

  • Initialise a Font from an embedded font file (#3704)

Robustness (ROB)

  • Allow to fix AES padding length in non-strict mode (#3742)

Developer Experience (DEV)

  • Enable PyPy testing again (#3752)
  • Align mypy Makefile target with strict mode (#3690)

Full Changelog

Version 6.10.2, 2026-04-15

Security (SEC)

  • Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

  • Limit the allowed size of xref and object streams (#3733)

... (truncated)

Commits
  • 08eb143 REL: 6.12.0
  • 507d7c9 SEC: Disallow cross-reference streams with zero-only width values (#3791)
  • 9d27470 SEC: Avoid excessive whitespace in layout mode text extraction (#3790)
  • 0a8e699 DOC: Block encrypting writer in incremental mode (#3789)
  • 541ebd4 DEV: Update idna from version 3.10 to 3.15
  • de405a8 DEV: Update idna from version 3.10 to 3.15
  • a2b90f9 ROB: AppearanceStream: Also honor user-set font name when not flattening anno...
  • 22bd60f MAINT: Tiny change of comments (#3787)
  • 2995392 ENH: Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
  • e044789 TST: Disable PyPy update checks after image update
  • Additional commits viewable in compare view

Updates pytest from 8.3.4 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

  • #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

    You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

    Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

  • #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

  • #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 2 updates
fb097e9 
Bumps the pip group with 2 updates in the /backend directory: [pypdf](https://github.com/py-pdf/pypdf) and [pytest](https://github.com/pytest-dev/pytest).


Updates `pypdf` from 5.1.0 to 6.12.0
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@5.1.0...6.12.0)

Updates `pytest` from 8.3.4 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.3.4...9.0.3)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.12.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants