chore(deps): bump pypdf from 6.9.1 to 6.9.2

[dependabot]

Bumps pypdf from 6.9.1 to 6.9.2.

Release notes

Sourced from pypdf's releases.

Version 6.9.2, 2026-03-23

What's new

Security (SEC)

• Avoid infinite loop in read_from_stream for broken files (#3693) by @​stefan6419846

Robustness (ROB)

• Resolve UnboundLocalError for xobjs in _get_image (#3684) by @​Yuki9814

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.9.2, 2026-03-23

Security (SEC)

• Avoid infinite loop in read_from_stream for broken files (#3693)

Robustness (ROB)

• Resolve UnboundLocalError for xobjs in _get_image (#3684)

Full Changelog

Commits

• da867f4 REL: 6.9.2
• 02b1345 SEC: Avoid infinite loop in read_from_stream for broken files (#3693)
• 3bef339 MAINT: Prefer bytearray over bytes in image_inline (#3692)
• 04b0a38 ROB: Resolve UnboundLocalError for xobjs in _get_image (#3684)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Agent Server images for this PR

• GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server

Variants & Base Images

Variant	Architectures	Base Image	Docs / Tags
java	amd64, arm64	eclipse-temurin:17-jdk	Link
python	amd64, arm64	nikolaik/python-nodejs:python3.13-nodejs22-slim	Link
golang	amd64, arm64	golang:1.21-bookworm	Link

Pull (multi-arch manifest)

# Each variant is a multi-arch manifest supporting both amd64 and arm64
docker pull ghcr.io/openhands/agent-server:ba408bf-python

Run

docker run -it --rm \
  -p 8000:8000 \
  --name agent-server-ba408bf-python \
  ghcr.io/openhands/agent-server:ba408bf-python

All tags pushed for this build

ghcr.io/openhands/agent-server:ba408bf-golang-amd64
ghcr.io/openhands/agent-server:ba408bf-golang_tag_1.21-bookworm-amd64
ghcr.io/openhands/agent-server:ba408bf-golang-arm64
ghcr.io/openhands/agent-server:ba408bf-golang_tag_1.21-bookworm-arm64
ghcr.io/openhands/agent-server:ba408bf-java-amd64
ghcr.io/openhands/agent-server:ba408bf-eclipse-temurin_tag_17-jdk-amd64
ghcr.io/openhands/agent-server:ba408bf-java-arm64
ghcr.io/openhands/agent-server:ba408bf-eclipse-temurin_tag_17-jdk-arm64
ghcr.io/openhands/agent-server:ba408bf-python-amd64
ghcr.io/openhands/agent-server:ba408bf-nikolaik_s_python-nodejs_tag_python3.13-nodejs22-slim-amd64
ghcr.io/openhands/agent-server:ba408bf-python-arm64
ghcr.io/openhands/agent-server:ba408bf-nikolaik_s_python-nodejs_tag_python3.13-nodejs22-slim-arm64
ghcr.io/openhands/agent-server:ba408bf-golang
ghcr.io/openhands/agent-server:ba408bf-java
ghcr.io/openhands/agent-server:ba408bf-python

About Multi-Architecture Support

• Each variant tag (e.g., ba408bf-python) is a multi-arch manifest supporting both amd64 and arm64
• Docker automatically pulls the correct architecture for your platform
• Individual architecture tags (e.g., ba408bf-python-amd64) are also available if needed

[github-actions]

Python API breakage checks — ✅ PASSED

Result: ✅ PASSED

Action log

[github-actions]

REST API breakage checks (OpenAPI) — ✅ PASSED

Result: ✅ PASSED

Action log

[all-hands-bot]

🟢 Good taste - Clean dependency bump with security and robustness fixes. LGTM.

[github-actions]

Coverage Report •

File	Stmts	Miss	Cover	Missing
TOTAL	23320	6015	74%

report-only-changed-files is enabled. No files were changed during this commit :)

[aivong-openhands]

@OpenHands In an inline comment in #2643 , enyst asked for a deep check of the package contents for anything suspicious, without running it. Find that comment, and apply what it says to this updated package. Basically, a security check. Respond directly on github.

[openhands-ai]

I'm on it! aivong-openhands can track my progress at all-hands.dev

[all-hands-bot]

🟢 Good taste - Clean security patch. Infinite loop fix + robustness improvement with zero complexity. Ship it.

[aivong-openhands]

Security Evaluation: pypdf 6.9.2

Following the security check process established in PR #2643, I've performed a deep static analysis of pypdf 6.9.2 without importing or running any of the package code.

✅ Package Verification

Check	Result
SHA-256 hash (wheel)	662cf29bcb419a36a1365232449624ab40b7c2d0cfc28e54f42eeecd1fd7e844 ✅ matches PyPI
SHA-256 hash (sdist)	7f850faf2b0d4ab936582c05da32c52214c2b089d61a316627b5bfb5b0dab46c ✅ matches PyPI
Upload time	2026-03-23T14:53:26Z
Days since upload	14 days ✅ (passes 7-day cooling-off)
Maintainer	stefan6419846 (consistent with repo)
Release commit	da867f4 by stefan6419846 ✅

✅ Static Analysis Results

Check	Result
Binary/compiled files	None found ✅ (pure Python wheel)
Entry points	None ✅
Build backend	flit_core ✅ (standard, no custom hooks)
File count (wheel vs sdist)	55 .py files each ✅
Unexpected data files	None found ✅

⚠️ Security-Sensitive Code Paths

The package contains expected subprocess usage for optional external binary support:

• filters.py: Uses subprocess.run() to call jbig2dec binary for JBIG2 image decoding
  • Mitigations: Fixed binary path (JBIG2DEC_BINARY), no user-controlled arguments, capture_output=True
  • This is pre-existing behavior (not new in 6.9.2)

✅ Changes in 6.9.2 (Security-Positive)

The diff from 6.9.1 to 6.9.2 contains only:

1. SEC: Infinite loop fix - Catches RecursionError and LimitReachedError in read_from_stream to prevent DoS via malformed PDFs
2. ROB: UnboundLocalError fix - Better error handling in _get_image for missing XObject resources
3. MAINT: bytes → bytearray - Performance optimization in inline image extraction

All changes are defensive/hardening improvements with no new security-sensitive surface area.

✅ Vulnerability Database Checks

Source	Result
OSV.dev	No known vulnerabilities for pypdf 6.9.2
GitHub Security Advisories	No advisories
Recent issues search	Only Dependabot bump PRs (expected)

Summary

APPROVED ✅ - This is a clean security/robustness patch release from the established pypdf maintainer. The package:

• Passes the 7-day cooling-off period
• Contains no suspicious code patterns
• Includes security fixes (infinite loop prevention)
• Has verified integrity (hashes match PyPI metadata)

This security review was generated by an AI assistant (OpenHands) on behalf of the user, following the evaluation criteria from PR #2643.

[openhands-ai]

Summary

I completed the security evaluation of pypdf 6.9.2 as requested, following the security check process established by enyst's comment in PR #2643.

Request Fulfillment Checklist

• ✅ Found enyst's comment in PR chore(deps): bump fastmcp from 3.1.0 to 3.2.0 #2643 asking for a deep security check without running the package
• ✅ Downloaded pypdf 6.9.2 artifacts (wheel and sdist) from PyPI
• ✅ Verified SHA-256 hashes match PyPI metadata
• ✅ Statically inspected package contents without importing/running any code
• ✅ Checked for binary files, entry points, suspicious imports (subprocess, exec, eval, etc.)
• ✅ Reviewed the upstream diff between 6.9.1 and 6.9.2
• ✅ Verified maintainer consistency with upstream repo
• ✅ Checked vulnerability databases (OSV.dev)
• ✅ Verified package passes the repo's 7-day cooling-off policy (14 days old)
• ✅ Posted detailed security evaluation as a comment on PR chore(deps): bump pypdf from 6.9.1 to 6.9.2 #2646

Key Findings

The package is APPROVED - it's a clean security/robustness patch from the established maintainer (stefan6419846) that:

• Fixes an infinite loop vulnerability (DoS prevention)
• Contains no suspicious code patterns
• Is pure Python with no binary files or custom build hooks
• Has verified integrity matching PyPI metadata

Changes Made

No code changes were made to the repository. I only posted a comment on the PR with my security evaluation at:
#2646 (comment)