phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-03 09:53:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(deps): update pypdf to fix DoS vulnerabilities (#4121)
Some checks failed
SqlStore Integration Tests / test-postgres (3.13) (push) Failing after 0s
Details
Integration Auth Tests / test-matrix (oauth2_token) (push) Failing after 1s
Details
Integration Tests (Replay) / generate-matrix (push) Successful in 5s
Details
Test Llama Stack Build / generate-matrix (push) Successful in 3s
Details
SqlStore Integration Tests / test-postgres (3.12) (push) Failing after 6s
Details
Test External Providers Installed via Module / test-external-providers-from-module (venv) (push) Has been skipped
Details
Test llama stack list-deps / generate-matrix (push) Successful in 3s
Details
API Conformance Tests / check-schema-compatibility (push) Successful in 13s
Details
Python Package Build Test / build (3.12) (push) Failing after 17s
Details
Python Package Build Test / build (3.13) (push) Failing after 17s
Details
Test llama stack list-deps / show-single-provider (push) Successful in 50s
Details
Test Llama Stack Build / build-single-provider (push) Successful in 53s
Details
UI Tests / ui-tests (22) (push) Successful in 53s
Details
Test Llama Stack Build / build (push) Successful in 52s
Details
Test llama stack list-deps / list-deps-from-config (push) Successful in 1m18s
Details
Test External API and Providers / test-external (venv) (push) Failing after 1m19s
Details
Test llama stack list-deps / list-deps (push) Failing after 1m1s
Details
Vector IO Integration Tests / test-matrix (push) Failing after 1m44s
Details
Unit Tests / unit-tests (3.13) (push) Failing after 1m53s
Details
Unit Tests / unit-tests (3.12) (push) Failing after 2m6s
Details
Test Llama Stack Build / build-ubi9-container-distribution (push) Failing after 3m7s
Details
Test Llama Stack Build / build-custom-container-distribution (push) Successful in 3m8s
Details
Integration Tests (Replay) / Integration Tests (, , , client=, ) (push) Failing after 3m30s
Details
Pre-commit / pre-commit (push) Successful in 4m1s
Details

Browse source 
Update pypdf dependency to address vulnerabilities causing potential
denial of service through infinite loops or excessive memory usage when
handling malicious PDFs. The update remains fully backward compatible,
with no changes to the PdfReader API.


# What does this PR do?
<!-- Provide a short summary of what this PR does and why. Link to
relevant issues if applicable. -->
Fixes #4120

<!-- If resolving an issue, uncomment and update the line below -->
<!-- Closes #[issue-number] -->

## Test Plan
<!-- Describe the tests you ran to verify your changes with result
summaries. *Provide clear instructions so the plan can be easily
re-executed.* -->

Co-authored-by: Francisco Arceo <arceofrancisco@gmail.com>
This commit is contained in:
Akshay Ghodake 2025-11-12 14:54:19 +05:30 committed by GitHub
parent 6ca2a67a9f
commit 539b9c08f3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pyproject.toml
View file

@ -112,7 +112,7 @@ unit = [
"aiosqlite",
"aiohttp",
"psycopg2-binary>=2.9.0",
"pypdf",
"pypdf>=6.1.3",
"mcp",
"chardet",
"sqlalchemy",
@ -135,7 +135,7 @@ test = [
"torchvision>=0.21.0",
"chardet",
"psycopg2-binary>=2.9.0",
"pypdf",
"pypdf>=6.1.3",
"mcp",
"datasets>=4.0.0",
"autoevals",

12
uv.lock generated
View file

@ -1,5 +1,5 @@
version = 1
revision = 3
revision = 2
requires-python = ">=3.12"
resolution-markers = [
"(python_full_version >= '3.13' and platform_machine != 'aarch64' and sys_platform == 'linux') or (python_full_version >= '3.13' and sys_platform != 'darwin' and sys_platform != 'linux')",
@ -2166,7 +2166,7 @@ test = [
{ name = "milvus-lite", specifier = ">=2.5.0" },
{ name = "psycopg2-binary", specifier = ">=2.9.0" },
{ name = "pymilvus", specifier = ">=2.6.1" },
{ name = "pypdf" },
{ name = "pypdf", specifier = ">=6.1.3" },
{ name = "qdrant-client" },
{ name = "requests" },
{ name = "sqlalchemy" },
@ -2219,7 +2219,7 @@ unit = [
{ name = "moto", extras = ["s3"], specifier = ">=5.1.10" },
{ name = "ollama" },
{ name = "psycopg2-binary", specifier = ">=2.9.0" },
{ name = "pypdf" },
{ name = "pypdf", specifier = ">=6.1.3" },
{ name = "sqlalchemy" },
{ name = "sqlalchemy", extras = ["asyncio"], specifier = ">=2.0.41" },
{ name = "sqlite-vec" },
@ -3973,11 +3973,11 @@ wheels = [
[[package]]
name = "pypdf"
version = "5.9.0"
version = "6.2.0"
source = { registry = "https://pypi.org/simple" }
sdist = { url = "https://files.pythonhosted.org/packages/89/3a/584b97a228950ed85aec97c811c68473d9b8d149e6a8c155668287cf1a28/pypdf-5.9.0.tar.gz", hash = "sha256:30f67a614d558e495e1fbb157ba58c1de91ffc1718f5e0dfeb82a029233890a1", size = 5035118, upload-time = "2025-07-27T14:04:52.364Z" }
sdist = { url = "https://files.pythonhosted.org/packages/4e/2b/8795ec0378384000b0a37a2b5e6d67fa3d84802945aa2c612a78a784d7d4/pypdf-6.2.0.tar.gz", hash = "sha256:46b4d8495d68ae9c818e7964853cd9984e6a04c19fe7112760195395992dce48", size = 5272001, upload-time = "2025-11-09T11:10:41.911Z" }
wheels = [
{ url = "https://files.pythonhosted.org/packages/48/d9/6cff57c80a6963e7dd183bf09e9f21604a77716644b1e580e97b259f7612/pypdf-5.9.0-py3-none-any.whl", hash = "sha256:be10a4c54202f46d9daceaa8788be07aa8cd5ea8c25c529c50dd509206382c35", size = 313193, upload-time = "2025-07-27T14:04:50.53Z" },
{ url = "https://files.pythonhosted.org/packages/de/ba/743ddcaf1a8fb439342399645921e2cf2c600464cba5531a11f1cc0822b6/pypdf-6.2.0-py3-none-any.whl", hash = "sha256:4c0f3e62677217a777ab79abe22bf1285442d70efabf552f61c7a03b6f5c569f", size = 326592, upload-time = "2025-11-09T11:10:39.941Z" },
]
[[package]]