mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-11-01 01:21:18 +01:00
7f7d6fd1c9
11 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
b0f77b500e
|
build(deps): bump pypdf from 6.1.1 to 6.1.3 in /testing/cucumber in the pip group across 1 directory (#4725)
Bumps the pip group with 1 update in the /testing/cucumber directory: [pypdf](https://github.com/py-pdf/pypdf). Updates `pypdf` from 6.1.1 to 6.1.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.1.3, 2025-10-22</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Allow limiting size of LZWDecode streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3502">#3502</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>Avoid infinite loop when reading broken DCT-based inline images (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3501">#3501</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>PageObject.scale() scales media box incorrectly (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3489">#3489</a>) by <a href="https://github.com/Nid01"><code>@Nid01</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Fail with explicit exception when image mode is an empty array (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3500">#3500</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.1.2...6.1.3">Full Changelog</a></p> <h2>Version 6.1.2, 2025-10-19</h2> <h2>What's new</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix handling of zero-length StreamObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3485">#3485</a>) by <a href="https://github.com/Likend"><code>@Likend</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Deal with wrong size for incremental PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3495">#3495</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>Improve handling for malformed cross-reference tables (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3483">#3483</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Use released Python 3.14 by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>Use Mapping instead of dict in type hint of update_page_form_field_values (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3490">#3490</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.1.1...6.1.2">Full Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.1.3, 2025-10-22</h2> <h3>Security (SEC)</h3> <ul> <li>Allow limiting size of LZWDecode streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3502">#3502</a>)</li> <li>Avoid infinite loop when reading broken DCT-based inline images (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3501">#3501</a>)</li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>PageObject.scale() scales media box incorrectly (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3489">#3489</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Fail with explicit exception when image mode is an empty array (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3500">#3500</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.1.2...6.1.3">Full Changelog</a></p> <h2>Version 6.1.2, 2025-10-19</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix handling of zero-length StreamObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3485">#3485</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Deal with wrong size for incremental PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3495">#3495</a>)</li> <li>Improve handling for malformed cross-reference tables (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3483">#3483</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Use released Python 3.14</li> <li>Use Mapping instead of dict in type hint of update_page_form_field_values (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3490">#3490</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.1.1...6.1.2">Full Changelog</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Ludy
|
9ed0283f15
|
fix(ci): 🛡️mitigate CVE-2025-8869 by pinning pip to patched commit and upgrading dev dependency pins (#4630)
# Description of Changes **Summary** - Enforce wheels-only installs for CI/dev workflows where feasible and pin `pip` to a specific, patched VCS commit as an interim mitigation. - Replace the explicit `pip==25.2` entry with a VCS-pinned `pip` reference in `.github/scripts/requirements_dev.in` and the regenerated `.github/scripts/requirements_dev.txt`. - Refresh and re-hash multiple development dependency pins in the locked `requirements_dev.txt` to ensure reproducible installs and reduce exposure to vulnerable transitive packages. - Add notes and guidance for maintainers on reverting the VCS pin once an official pip release contains the fix. **Why the change was made** - CVE-2025-8869 allows malicious sdists to include links that escape the intended extraction directory, enabling arbitrary file overwrite during `pip install`. CI and developer automation that installs dev dependencies are at risk if they process attacker-controlled sdists. - This PR reduces immediate attack surface by preferring wheel installations where possible and pinning pip to a known patched commit until an official fixed pip release is available. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
Ludy
|
655471ef29
|
fix(ci): 🛡️ mitigate CVE-2025-8869 by enforcing wheels-only pip installs and upgrading pinned dependencies (#4598)
# Description of Changes This PR mitigates **CVE-2025-8869** (GHSA-4xh5-x5gv-qwph), a high-severity vulnerability in `pip` ≤ 25.2 that allows arbitrary file overwrite via unsafe tar extraction in sdist fallback handling. **What was changed:** - Added environment variables to all GitHub Actions (`pre_commit.yml`, `sync_files.yml`) to **enforce binary-only installs**: - `PIP_ONLY_BINARY=":all:"` - `PIP_DISABLE_PIP_VERSION_CHECK="1"` - Updated multiple `.github/scripts/*.txt` requirements to use Python 3.12 as the generation base. - Upgraded pinned dependencies to latest secure versions: - `filelock 3.19.1`, `identify 2.6.15`, `platformdirs 4.4.0`, `pyyaml 6.0.3`, `behave 1.3.3`, `pypdf 6.1.1`, `reportlab 4.4.4`, `requests 2.32.5` - Adjusted file path formatting (`\` → `/`) for consistent cross-platform compatibility. **Why the change was made:** To prevent exploitation of the tar extraction vulnerability in vulnerable pip versions when installing from source distributions during CI runs. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
Ludy
|
409cada93a
|
chore(ci): include testing/** in file change detection for docker-compose-tests workflow (#4206)
# Description of Changes - Added `testing/**` to `.github/config/.files.yaml` so that changes in the `testing` directory will trigger the `docker-compose-tests` workflow in `build.yml`. - Updated Python dependencies in `.github/scripts/requirements_pre_commit.txt` and `testing/cucumber/requirements.txt` to newer versions, including `behave`, `pypdf`, `reportlab`, and others. - Introduced new dependencies like `colorama`, `cucumber-expressions`, `cucumber-tag-expressions`, and `tomli` in the testing requirements to support enhanced test execution. - Ensured hash integrity for all dependency updates. This change was made to ensure that modifications in the testing suite automatically trigger relevant CI jobs and that testing dependencies remain up-to-date for compatibility and stability. --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
Ludy
|
03f184ab2b
|
chore(cucumber): add create_pdf_with_black_boxes and convert-pdf-to-image outline; remove duplicate split-pdf-by-sections (#3937)
# Description of Changes - **What was changed** - Introduced `create_pdf_with_black_boxes` helper function in `environment.py` for generating test PDFs with occluded content. - Added **Scenario Outline: Convert PDF to image** to `conversion.feature` to validate PDF→image conversion workflows. - Removed the duplicate **Scenario Outline: split-pdf-by-sections with different parameters** from `general.feature`. - **Why the change was made** - To enable testing of blacked-out content scenarios and ensure our suite covers image conversion. - To eliminate redundant tests and keep the feature files DRY and maintainable. --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [x] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
Ludy
|
b4f8b896d1
|
deps: update Python requirements and add --strip-extras flag (#3887)
# Description of Changes
- **What was changed**
- Added the `--strip-extras` option to the `pip-compile` commands in
`.github/scripts/requirements_pre_commit.txt` and
`.github/scripts/requirements_sync_readme.txt`.
- Bumped versions of CI and development dependencies:
- In `.github/scripts`: `filelock`, `identify`, `platformdirs`,
`pre-commit`, `tomlkit`
- In `testing/cucumber/requirements.txt`: `certifi`,
`charset-normalizer`, `pillow`, `pycryptodome`, `pypdf`, `reportlab`,
`typing-extensions`, and others
- Regenerated hashes for all updated packages.
- Added new batch script `scripts/generate_requirements.bat` to automate
requirement regeneration
- **Why the change was made**
- Keep dependencies up-to-date with latest patch releases to address
security fixes and compatibility improvements.
- Reduce lockfile size and remove unneeded extras by stripping optional
markers.
- Ensure CI and test environments use the most current, secure versions
of tooling.
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.
|
||
|
dependabot[bot]
|
7dd6d50ef3
|
Bump urllib3 from 2.3.0 to 2.5.0 in /testing/cucumber in the pip group across 1 directory (#3769)
Bumps the pip group with 1 update in the /testing/cucumber directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 2.3.0 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](https://github.com/urllib3/urllib3/issues/3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](https://github.com/urllib3/urllib3/issues/3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](https://github.com/urllib3/urllib3/issues/3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](https://github.com/urllib3/urllib3/issues/3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](https://github.com/urllib3/urllib3/issues/3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](https://github.com/urllib3/urllib3/issues/3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c66bf56260
|
Bump requests from 2.32.3 to 2.32.4 in /testing/cucumber in the pip group across 1 directory (#3674)
Bumps the pip group with 1 update in the /testing/cucumber directory: [requests](https://github.com/psf/requests). Updates `requests` from 2.32.3 to 2.32.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Ludy
|
52f09f1840
|
Improve Type Safety and OpenAPI Schema for PDF API Controllers and Models (#3470)
# Description of Changes - **What was changed** - Updated controller methods to use strongly‐typed primitives (`int`, `long`, `boolean`) instead of `String` for numeric and boolean parameters, eliminating calls to `Integer.parseInt`/`Long.parseLong` and improving null‐safety (`Boolean.TRUE.equals(...)`). - Enhanced all API request model classes with richer Swagger/OpenAPI annotations: added `requiredMode`, `defaultValue`, `allowableValues`, `format`, `pattern`, and tightened schema descriptions for all fields. - Refactored HTML form templates for “Remove Blank Pages” to include `min`, `max`, and `step` attributes on numeric inputs, matching the updated validation rules. - **Why the change was made** - **Type safety & robustness**: Shifting from `String` to native types prevents runtime parsing errors, simplifies controller logic, and makes default values explicit. - **Better API documentation & validation**: Enriching the Swagger annotations ensures generated docs accurately reflect required fields, default values, and permitted ranges, which improves client code generation and developer experience. - **Consistency across codebase**: Aligning all request models and controllers enforces a uniform coding style and reduces bugs. #3406 --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. |
||
Anthony Stirling
|
d34c44ed7b
|
[Test PR] Desktop fix and unoconv to unoserver (#2971)
# Description of Changes This pull request includes several updates to the Docker configuration and Java application UI scaling. The changes enhance environment variable management, dependency installation, and UI responsiveness to different screen sizes. ### Docker Configuration Updates: * Added new environment variables `STIRLING_PDF_DESKTOP_UI`, `PYTHONPATH`, `UNO_PATH`, and `URE_BOOTSTRAP` to `Dockerfile` and `Dockerfile.fat` to improve the configuration and integration of the LibreOffice environment. [[1]](diffhunk://#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557L38-R46) [[2]](diffhunk://#diff-571631582b988e88c52c86960cc083b0b8fa63cf88f056f26e9e684195221c27L40-R49) * Updated the `CMD` instruction in `Dockerfile` and `Dockerfile.fat` to run both the Java application and `unoserver` simultaneously. [[1]](diffhunk://#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557L87-R96) [[2]](diffhunk://#diff-571631582b988e88c52c86960cc083b0b8fa63cf88f056f26e9e684195221c27L87-R100) * Modified the `RUN` instruction to include additional Python dependencies and setup a virtual environment. [[1]](diffhunk://#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557L68-R81) [[2]](diffhunk://#diff-571631582b988e88c52c86960cc083b0b8fa63cf88f056f26e9e684195221c27R72-R86) ### Workflow Enhancements: * Added `STIRLING_PDF_DESKTOP_UI` environment variable to the GitHub Actions workflows (`PR-Demo-Comment.yml` and `push-docker.yml`) to ensure consistent environment settings. [[1]](diffhunk://#diff-145fe5c0ed8c24e4673c9ad39800dd171a2d0a2e8050497cff980fc7e3a3df0dR106) [[2]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fR41) ### Java Application UI Scaling: * Introduced `UIScaling` utility to dynamically adjust the size of UI components based on screen resolution in `DesktopBrowser` and `LoadingWindow` classes. [[1]](diffhunk://#diff-dff83b0fe53cba8ee80dc8cee96b9c2bfec612ec1f2c636ebdf22dedb36671e8L218-R219) [[2]](diffhunk://#diff-dff83b0fe53cba8ee80dc8cee96b9c2bfec612ec1f2c636ebdf22dedb36671e8L267-R270) [[3]](diffhunk://#diff-3e287daf297213b698b3c94d6e6ed4aae139d570ba6b115da459d72b5c36c42fL44-R64) [[4]](diffhunk://#diff-3e287daf297213b698b3c94d6e6ed4aae139d570ba6b115da459d72b5c36c42fL86-R102) * Improved the loading of icons by using the `UIScaling` utility for better visual quality. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: a <a> |
||
|
Anthony Stirling
|
dab6613f1b
|
Test cleanup, JVM GC and api (#2787)
# Description of Changes Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: a <a> |