Merge pull request #159 from ansible/omaciel/CVE-2026-27628

omaciel · web-flow · commit 11ea4de15477 · 2026-03-09T17:44:06.000-04:00
fix: update pypdf for CVE-2026-27628.
diff --git a/pdm.lock b/pdm.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -115,7 +115,7 @@ dependencies = [
     "msgpack==1.1.0",
     "llama-index-vector-stores-postgres>=0.4.0",
     "h11>=0.16.0",
-    "pypdf==6.1.3",
+    "pypdf==6.7.2",
     # need to pin to avoid deadlock
     "requests==2.32.2",
     "python-multipart==0.0.22", # CVE-2026-24486
diff --git a/requirements.txt b/requirements.txt
@@ -607,9 +607,9 @@ pygments==2.19.2 \
 pyjwt[crypto]==2.10.1 \
     --hash=sha256:3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953 \
     --hash=sha256:dcdd193e30abefd5debf142f9adfcdd2b58004e644f25406ffaebd50bd98dacb
-pypdf==6.1.3 \
-    --hash=sha256:8d420d1e79dc1743f31a57707cabb6dcd5b17e8b9a302af64b30202c5700ab9d \
-    --hash=sha256:eb049195e46f014fc155f566fa20e09d70d4646a9891164ac25fa0cbcfcdbcb5
+pypdf==6.7.2 \
+    --hash=sha256:331b63cd66f63138f152a700565b3e0cebdf4ec8bec3b7594b2522418782f1f3 \
+    --hash=sha256:82a1a48de500ceea59a52a7d979f5095927ef802e4e4fac25ab862a73468acbb
 pyproject-hooks==1.2.0 \
     --hash=sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8 \
     --hash=sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913
