Skip to content

feat: Update pypdf to latest version #20285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 21, 2025
Merged

feat: Update pypdf to latest version #20285

merged 1 commit into from
Nov 21, 2025

Conversation

@selvamanigovindaraj
Copy link
Contributor

@selvamanigovindaraj selvamanigovindaraj commented Nov 19, 2025

Description

Updated pypdf to the latest version to fix CVE-2025-62707 vulnerability

Fixes #20249

New Package?

Did I fill in the tool.llamahub section in the pyproject.toml and provide a detailed README.md for my new integration or package?

  • Yes
  • No

Version Bump?

Did I bump the version in the pyproject.toml file of the package I am updating? (Except for the llama-index-core package)

  • Yes
  • No

Type of Change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Your pull-request will likely not be merged unless it is covered by some form of impactful unit testing.

  • I added new unit tests to cover this change
  • I believe this change is already covered by existing unit tests

Suggested Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added Google Colab support for the newly added notebooks.
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I ran uv run make format; uv run make lint to appease the lint gods

Copilot AI review requested due to automatic review settings November 19, 2025 11:20
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Nov 19, 2025
Copilot finished reviewing on behalf of selvamanigovindaraj November 19, 2025 11:22
Copilot AI reviewed Nov 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the pypdf dependency to address CVE-2025-62707 by constraining the version to >=6.1.3,<7 (from unpinned or >=5.1.0,<7). The change affects two packages that depend on pypdf for PDF processing capabilities.

  • Updates pypdf version constraint to >=6.1.3,<7 across affected packages
  • Bumps package versions to reflect the dependency update
  • Updates lock files to resolve pypdf 6.3.0 and related dependencies

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File Description
llama-index-packs/llama-index-packs-resume-screener/pyproject.toml Updates pypdf constraint from unpinned to >=6.1.3,<7 and bumps package version to 0.9.3
llama-index-packs/llama-index-packs-resume-screener/uv.lock Locks pypdf at 6.3.0 and updates transitive dependencies
llama-index-integrations/readers/llama-index-readers-file/pyproject.toml Updates pypdf constraint from >=5.1.0,<7 to >=6.1.3,<7 and bumps package version to 0.5.5
llama-index-integrations/readers/llama-index-readers-file/uv.lock Locks pypdf at 6.3.0 and adds new greenlet wheels for musllinux_1_2 platforms

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Nov 21, 2025
@logan-markewich logan-markewich merged commit 6337029 into run-llama:main Nov 21, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@logan-markewich logan-markewich logan-markewich approved these changes

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Upgrade pypdf to at least version 6.1.3 (latest is 6.2.0) to fix CVE-2025-62707

2 participants

@selvamanigovindaraj @logan-markewich