⬆️(dependencies) update pypdf to v6.9.1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pypdf (changelog)	==6.8.0 → ==6.9.1

GitHub Vulnerability Alerts

CVE-2026-33123

Impact

An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries.

Patches

This has been fixed in pypdf==6.9.1.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #​3686.

---

Release Notes

py-pdf/pypdf (pypdf)

v6.9.1

Compare Source

Security (SEC)

• Improve performance and limit length of array-based content streams (#​3686)

Full Changelog

v6.9.0

Compare Source

Security (SEC)

• Improve performance and limit length of array-based content streams (#​3686)

Full Changelog

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[providenz]

cf. #338

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (==6.9.1). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.