Bump the uv group across 11 directories with 4 updates

[dependabot]

Bumps the uv group with 2 updates in the / directory: django and pyarrow.
Bumps the uv group with 3 updates in the /backend directory: django, pyarrow and pypdf.
Bumps the uv group with 1 update in the /platform-service directory: pypdf.
Bumps the uv group with 1 update in the /prompt-service directory: pypdf.
Bumps the uv group with 1 update in the /tool-sidecar directory: protobuf.
Bumps the uv group with 2 updates in the /unstract/connectors directory: pyarrow and pypdf.
Bumps the uv group with 1 update in the /unstract/filesystem directory: pypdf.
Bumps the uv group with 2 updates in the /unstract/sdk1 directory: protobuf and pypdf.
Bumps the uv group with 1 update in the /unstract/tool-registry directory: pypdf.
Bumps the uv group with 1 update in the /unstract/workflow-execution directory: pypdf.
Bumps the uv group with 2 updates in the /workers directory: pyarrow and pypdf.

Updates django from 4.2.1 to 4.2.30

Commits

• 3396992 [4.2.x] Bumped version for 4.2.30 release.
• ed4dfda [4.2.x] Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body ...
• f13c20f [4.2.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser.
• abfe1a1 [4.2.x] Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.li...
• 051f390 [4.2.x] Fixed CVE-2026-4277 -- Checked add permissions in GenericInlineModelA...
• 4412731 [4.2.x] Fixed CVE-2026-3902 -- Ignored headers with underscores in ASGIRequest.
• 8d2a05c [4.2.x] Added stub release notes and release date for 4.2.30.
• b1d9ea4 [4.2.x] Combined scripts confirm_release.sh and test_new_version.sh into veri...
• 385678e [4.2.x] Added CVE-2026-25673 and CVE-2026-25674 to security archive.
• 69de846 [4.2.x] Post-release version bump.
• Additional commits viewable in compare view

Updates pyarrow from 18.1.0 to 23.0.1

Release notes

Sourced from pyarrow's releases.

Apache Arrow 23.0.1

Release Notes URL: https://arrow.apache.org/release/23.0.1.html

Apache Arrow 23.0.1 RC0

Release Notes: Release Candidate: 23.0.1 RC0

Apache Arrow 23.0.0

Release Notes URL: https://arrow.apache.org/release/23.0.0.html

Apache Arrow 23.0.0 RC2

Release Notes: Release Candidate: 23.0.0 RC2

Apache Arrow 22.0.0

Release Notes URL: https://arrow.apache.org/release/22.0.0.html

Apache Arrow 22.0.0 RC1

Release Notes: Release Candidate: 22.0.0 RC1

Apache Arrow 22.0.0 RC0

Release Notes: Release Candidate: 22.0.0 RC0

Apache Arrow 21.0.0

Release Notes URL: https://arrow.apache.org/release/21.0.0.html

Apache Arrow 21.0.0 RC6

Release Notes: Release Candidate: 21.0.0 RC6

Apache Arrow 21.0.0 RC5

Release Notes: Release Candidate: 21.0.0 RC5

Apache Arrow 21.0.0 RC4

Release Notes: Release Candidate: 21.0.0 RC4

Apache Arrow 21.0.0 RC3

Release Notes: Release Candidate: 21.0.0 RC3

Apache Arrow 21.0.0 RC2

Release Notes: Release Candidate: 21.0.0 RC2

Apache Arrow 20.0.0

Release Notes URL: https://arrow.apache.org/release/20.0.0.html

Apache Arrow 20.0.0 RC2

Release Notes: Release Candidate: 20.0.0 RC2

Apache Arrow 20.0.0 RC1

Release Notes: Release Candidate: 20.0.0 RC1

Apache Arrow 20.0.0 RC0

Release Notes: Release Candidate: 20.0.0 RC0

... (truncated)

Commits

• 82a374e MINOR: [Release] Update versions for 23.0.1
• c1ae37c MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1
• 8f6e557 MINOR: [Release] Update CHANGELOG.md for 23.0.1
• 4e16a1a GH-49159: [C++][Gandiva] Detect overflow in repeat() (#49160)
• 985621d GH-48817 [R][C++] Bump C++20 in R build infrastructure (#48819)
• 1bea06a GH-49024: [CI] Update Debian version in .env (#49032)
• 147bcd6 GH-49156: [Python] Require GIL for string comparison (#49161)
• e4f922b GH-49138: [Packaging][Python] Remove nightly cython install from manylinux wh...
• f9376e4 GH-49003: [C++] Don't consider out_of_range an error in float parsing (#49095)
• ab2c0ad GH-49044: [CI][Python] Fix test_download_tzdata_on_windows by adding required...
• Additional commits viewable in compare view

Updates django from 4.2.1 to 4.2.30

Commits

• 3396992 [4.2.x] Bumped version for 4.2.30 release.
• ed4dfda [4.2.x] Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body ...
• f13c20f [4.2.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser.
• abfe1a1 [4.2.x] Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.li...
• 051f390 [4.2.x] Fixed CVE-2026-4277 -- Checked add permissions in GenericInlineModelA...
• 4412731 [4.2.x] Fixed CVE-2026-3902 -- Ignored headers with underscores in ASGIRequest.
• 8d2a05c [4.2.x] Added stub release notes and release date for 4.2.30.
• b1d9ea4 [4.2.x] Combined scripts confirm_release.sh and test_new_version.sh into veri...
• 385678e [4.2.x] Added CVE-2026-25673 and CVE-2026-25674 to security archive.
• 69de846 [4.2.x] Post-release version bump.
• Additional commits viewable in compare view

Updates pyarrow from 18.1.0 to 23.0.1

Release notes

Sourced from pyarrow's releases.

Apache Arrow 23.0.1

Release Notes URL: https://arrow.apache.org/release/23.0.1.html

Apache Arrow 23.0.1 RC0

Release Notes: Release Candidate: 23.0.1 RC0

Apache Arrow 23.0.0

Release Notes URL: https://arrow.apache.org/release/23.0.0.html

Apache Arrow 23.0.0 RC2

Release Notes: Release Candidate: 23.0.0 RC2

Apache Arrow 22.0.0

Release Notes URL: https://arrow.apache.org/release/22.0.0.html

Apache Arrow 22.0.0 RC1

Release Notes: Release Candidate: 22.0.0 RC1

Apache Arrow 22.0.0 RC0

Release Notes: Release Candidate: 22.0.0 RC0

Apache Arrow 21.0.0

Release Notes URL: https://arrow.apache.org/release/21.0.0.html

Apache Arrow 21.0.0 RC6

Release Notes: Release Candidate: 21.0.0 RC6

Apache Arrow 21.0.0 RC5

Release Notes: Release Candidate: 21.0.0 RC5

Apache Arrow 21.0.0 RC4

Release Notes: Release Candidate: 21.0.0 RC4

Apache Arrow 21.0.0 RC3

Release Notes: Release Candidate: 21.0.0 RC3

Apache Arrow 21.0.0 RC2

Release Notes: Release Candidate: 21.0.0 RC2

Apache Arrow 20.0.0

Release Notes URL: https://arrow.apache.org/release/20.0.0.html

Apache Arrow 20.0.0 RC2

Release Notes: Release Candidate: 20.0.0 RC2

Apache Arrow 20.0.0 RC1

Release Notes: Release Candidate: 20.0.0 RC1

Apache Arrow 20.0.0 RC0

Release Notes: Release Candidate: 20.0.0 RC0

... (truncated)

Commits

• 82a374e MINOR: [Release] Update versions for 23.0.1
• c1ae37c MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1
• 8f6e557 MINOR: [Release] Update CHANGELOG.md for 23.0.1
• 4e16a1a GH-49159: [C++][Gandiva] Detect overflow in repeat() (#49160)
• 985621d GH-48817 [R][C++] Bump C++20 in R build infrastructure (#48819)
• 1bea06a GH-49024: [CI] Update Debian version in .env (#49032)
• 147bcd6 GH-49156: [Python] Require GIL for string comparison (#49161)
• e4f922b GH-49138: [Packaging][Python] Remove nightly cython install from manylinux wh...
• f9376e4 GH-49003: [C++] Don't consider out_of_range an error in float parsing (#49095)
• ab2c0ad GH-49044: [CI][Python] Fix test_download_tzdata_on_windows by adding required...
• Additional commits viewable in compare view

Updates pypdf from 6.10.2 to 6.12.0

Release notes

Sourced from pypdf's releases.

Version 6.12.0, 2026-05-21

What's new

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791) by @​stefan6419846
• Avoid excessive whitespace in layout mode text extraction (#3790) by @​stefan6419846

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780) by @​adityamoolya
• CID font resource from font file to encode more characters (#3652) by @​PJBrs

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442) by @​larsga

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786) by @​Abzaek

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781) by @​PJBrs

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789) by @​stefan6419846

Full Changelog

Version 6.11.0, 2026-05-09

What's new

New Features (ENH)

• Initialise a Font from an embedded font file (#3704) by @​PJBrs

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742) by @​stefan6419846

Developer Experience (DEV)

• Enable PyPy testing again (#3752) by @​stefan6419846
• Align mypy Makefile target with strict mode (#3690) by @​costajohnt

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.12.0, 2026-05-21

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791)
• Avoid excessive whitespace in layout mode text extraction (#3790)

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• CID font resource from font file to encode more characters (#3652)

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442)

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786)

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781)

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789)

Full Changelog

Version 6.11.0, 2026-05-09

New Features (ENH)

• Initialise a Font from an embedded font file (#3704)

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742)

Developer Experience (DEV)

• Enable PyPy testing again (#3752)
• Align mypy Makefile target with strict mode (#3690)

Full Changelog

Commits

• 08eb143 REL: 6.12.0
• 507d7c9 SEC: Disallow cross-reference streams with zero-only width values (#3791)
• 9d27470 SEC: Avoid excessive whitespace in layout mode text extraction (#3790)
• 0a8e699 DOC: Block encrypting writer in incremental mode (#3789)
• 541ebd4 DEV: Update idna from version 3.10 to 3.15
• de405a8 DEV: Update idna from version 3.10 to 3.15
• a2b90f9 ROB: AppearanceStream: Also honor user-set font name when not flattening anno...
• 22bd60f MAINT: Tiny change of comments (#3787)
• 2995392 ENH: Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• e044789 TST: Disable PyPy update checks after image update
• Additional commits viewable in compare view

Updates pypdf from 6.10.2 to 6.12.0

Release notes

Sourced from pypdf's releases.

Version 6.12.0, 2026-05-21

What's new

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791) by @​stefan6419846
• Avoid excessive whitespace in layout mode text extraction (#3790) by @​stefan6419846

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780) by @​adityamoolya
• CID font resource from font file to encode more characters (#3652) by @​PJBrs

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442) by @​larsga

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786) by @​Abzaek

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781) by @​PJBrs

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789) by @​stefan6419846

Full Changelog

Version 6.11.0, 2026-05-09

What's new

New Features (ENH)

• Initialise a Font from an embedded font file (#3704) by @​PJBrs

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742) by @​stefan6419846

Developer Experience (DEV)

• Enable PyPy testing again (#3752) by @​stefan6419846
• Align mypy Makefile target with strict mode (#3690) by @​costajohnt

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.12.0, 2026-05-21

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791)
• Avoid excessive whitespace in layout mode text extraction (#3790)

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• CID font resource from font file to encode more characters (#3652)

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442)

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786)

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781)

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789)

Full Changelog

Version 6.11.0, 2026-05-09

New Features (ENH)

• Initialise a Font from an embedded font file (#3704)

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742)

Developer Experience (DEV)

• Enable PyPy testing again (#3752)
• Align mypy Makefile target with strict mode (#3690)

Full Changelog

Commits

• 08eb143 REL: 6.12.0
• 507d7c9 SEC: Disallow cross-reference streams with zero-only width values (#3791)
• 9d27470 SEC: Avoid excessive whitespace in layout mode text extraction (#3790)
• 0a8e699 DOC: Block encrypting writer in incremental mode (#3789)
• 541ebd4 DEV: Update idna from version 3.10 to 3.15
• de405a8 DEV: Update idna from version 3.10 to 3.15
• a2b90f9 ROB: AppearanceStream: Also honor user-set font name when not flattening anno...
• 22bd60f MAINT: Tiny change of comments (#3787)
• 2995392 ENH: Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• e044789 TST: Disable PyPy update checks after image update
• Additional commits viewable in compare view

Updates pypdf from 6.10.2 to 6.12.0

Release notes

Sourced from pypdf's releases.

Version 6.12.0, 2026-05-21

What's new

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791) by @​stefan6419846
• Avoid excessive whitespace in layout mode text extraction (#3790) by @​stefan6419846

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780) by @​adityamoolya
• CID font resource from font file to encode more characters (#3652) by @​PJBrs

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442) by @​larsga

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786) by @​Abzaek

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781) by @​PJBrs

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789) by @​stefan6419846

Full Changelog

Version 6.11.0, 2026-05-09

What's new

New Features (ENH)

• Initialise a Font from an embedded font file (#3704) by @​PJBrs

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742) by @​stefan6419846

Developer Experience (DEV)

• Enable PyPy testing again (#3752) by @​stefan6419846
• Align mypy Makefile target with strict mode (#3690) by @​costajohnt

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.12.0, 2026-05-21

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791)
• Avoid excessive whitespace in layout mode text extraction (#3790)

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• CID font resource from font file to encode more characters (#3652)

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442)

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786)

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781)

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789)

Full Changelog

Version 6.11.0, 2026-05-09

New Features (ENH)

• Initialise a Font from an embedded font file (#3704)

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742)

Developer Experience (DEV)

• Enable PyPy testing again (#3752)
• Align mypy Makefile target with strict mode (#3690)

Full Changelog

Commits

• 08eb143 REL: 6.12.0
• 507d7c9 SEC: Disallow cross-reference streams with zero-only width values (#3791)
• 9d27470 SEC: Avoid excessive whitespace in layout mode text extraction (#3790)
• 0a8e699 DOC: Block encrypting writer in incremental mode (#3789)
• 541ebd4 DEV: Update idna from version 3.10 to 3.15
• de405a8 DEV: Update idna from version 3.10 to 3.15
• a2b90f9 ROB: AppearanceStream: Also honor user-set font name when not flattening anno...
• 22bd60f MAINT: Tiny change of comments (#3787)
• 2995392 ENH: Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• e044789 TST: Disable PyPy update checks after image update
• Additional commits viewable in compare view

Updates protobuf from 5.29.4 to 5.29.6

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

• This version includes breaking changes to: C++, Objective-C, PHP, Python.
• [Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• [C++] Make generator headers private (protocolbuffers/protobuf@3a2af35)
• [C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (protocolbuffers/protobuf@7a75898)
• [C++] Add [[nodiscard]] to many APIs. (protocolbuffers/protobuf@a70115f)
• [C++] Make the arena-enabled constructors of RepeatedField, RepeatedPtrField, and Map private. (protocolbuffers/protobuf@ef890c3)
• [C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (protocolbuffers/protobuf@b115358)
• [C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (protocolbuffers/protobuf@68346ec)
• [C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (protocolbuffers/protobuf@837a2cd)
• [C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (protocolbuffers/protobuf@9dbc5d4)
• [C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• [C++] All entity names have length limit (2afb0dc)
• [ObjC] Remove generate_minimal_imports generation option warning (protocolbuffers/protobuf@45b1297)
• [ObjC] Fix nullability annotations on some GPB*Dictionary types. (protocolbuffers/protobuf@ea67d6d)
• [ObjC] Remove -[GPBFieldDescriptor optional] (protocolbuffers/protobuf@3414dc1)
• [Other] Remove deprecated flag for enabling MSVC support (protocolbuffers/protobuf@97c979b)
• [PHP] Remove deprecated PHP APIs (protocolbuffers/protobuf@9c45014)
• [PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (protocolbuffers/protobuf@4208121, protocolbuffers/protobuf@cd76e67, protocolbuffers/protobuf@4208121)
• [PHP] Add PHP typehints for setters and remove redundant GPBUtil checks (protocolbuffers/protobuf#25296) (protocolbuffers/protobuf@aee03b7)
• [PHP] support default values for editions/proto2 (protocolbuffers/protobuf#25161) (protocolbuffers/protobuf@b01099d)
• [Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (protocolbuffers/protobuf@5b116fe)
• [Python] Remove float_format/double_format from python proto text_format (protocolbuffers/protobuf@e4854a1)
• [Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (protocolbuffers/protobuf@00aaca1)
• [Python] Remove float_precision from python proto json_format (protocolbuffers/protobuf@f027f1f)
• [Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [Python] Remove deprecated FieldDescriptor.label (protocolbuffers/protobuf@0a8ff55)
• [Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• Protobuf News may include additional announcements or pre-announcements for upcoming changes.
• Migration Guide may include additional guidance for breaking changes.

Bazel

• Fix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (#25168) (protocolbuffers/protobuf@8c857c3)
• Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• Feat(bazel): wire up prebuilt protoc toolchain (#24115) (protocolbuffers/protobuf@cc23698)
• Migrate proto_descriptor_set (#23369) (protocolbuffers/protobuf@8d4dfdd)

Compiler

• Ruby codegen: support generation of rbs files (#15633) (protocolbuffers/protobuf@6ebdf85)
• Avoid collision name problems between a message named Xyz and a direct sibling enum named XyzView (protocolbuffers/protobuf@eba53e8)
• Generalizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (protocolbuffers/protobuf@ed3c571)
• Fix a bug with custom features outside of the pb package. (protocolbuffers/protobuf@872d3ce)
• Fix import option handling when include_imports isn't set. (protocolbuffers/protobuf@9ef9e80)
• Fix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (protocolbuffers/protobuf@1229d4a)
• Prevent accidental stripping of debug_redact options via import option. (protocolbuffers/protobuf@f58b098)

C++

• Add EnumerateEnumValues function. (protocolbuffers/protobuf@397d5d9)

... (truncated)

Commits

• See full diff in compare view

Updates pyarrow from 18.1.0 to 23.0.1

Release notes

Sourced from pyarrow's releases.

Apache Arrow 23.0.1

Release Notes URL: https://arrow.apache.org/release/23.0.1.html

Apache Arrow 23.0.1 RC0

Release Notes: Release Candidate: 23.0.1 RC0

Apache Arrow 23.0.0

Release Notes URL: https://arrow.apache.org/release/23.0.0.html

Apache Arrow 23.0.0 RC2

Release Notes: Release Candidate: 23.0.0 RC2

Apache Arrow 22.0.0

Release Notes URL: https://arrow.apache.org/release/22.0.0.html

Apache Arrow 22.0.0 RC1

Release Notes: Release Candidate: 22.0.0 RC1

Apache Arrow 22.0.0 RC0

Release Notes: Release Candidate: 22.0.0 RC0

Apache Arrow 21.0.0

Release Notes URL: https://arrow.apache.org/release/21.0.0.html

Apache Arrow 21.0.0 RC6

Release Notes: Release Candidate: 21.0.0 RC6

Apache Arrow 21.0.0 RC5

Release Notes: Release Candidate: 21.0.0 RC5

Apache Arrow 21.0.0 RC4

Release Notes: Release Candidate: 21.0.0 RC4

Apache Arrow 21.0.0 RC3

Release Notes: Release Candidate: 21.0.0 RC3

Apache Arrow 21.0.0 RC2

Release Notes: Release Candidate: 21.0.0 RC2

Apache Arrow 20.0.0

Release Notes URL: https://arrow.apache.org/release/20.0.0.html

Apache Arrow 20.0.0 RC2

Release Notes: Release Candidate: 20.0.0 RC2

Apache Arrow 20.0.0 RC1

Release Notes: Release Candidate: 20.0.0 RC1

Apache Arrow 20.0.0 RC0

Release Notes: Release Candidate: 20.0.0 RC0

... (truncated)

Commits

• 82a374e MINOR: [Release] Update versions for 23.0.1
• c1ae37c MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1
• 8f6e557 MINOR: [Release] Update CHANGELOG.md for 23.0.1
• 4e16a1a GH-49159: [C++][Gandiva] Detect overflow in repeat() (#49160)
• 985621d GH-48817 [R][C++] Bump C++20 in R build infrastructure (#48819)
• 1bea06a GH-49024: [CI] Update Debian version in .env (#49032)
• 147bcd6 GH-49156: [Python] Require GIL for string comparison (#49161)
• e4f922b GH-49138: [Packaging][Python] Remove nightly cython install from manylinux wh...
• f9376e4 GH-49003: [C++] Don't consider out_of_range an error in float parsing (#49095)
• ab2c0ad GH-49044: [CI][Python] Fix test_download_tzdata_on_windows by adding required...
• Additional commits viewable in compare view

Updates pypdf from 6.10.2 to 6.12.0

Release notes

Sourced from pypdf's releases.

Version 6.12.0, 2026-05-21

What's new

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791) by @​stefan6419846
• Avoid excessive whitespace in layout mode text extraction (#3790) by @​stefan6419846

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780) by @​adityamoolya
• CID font resource from font file to encode more characters (#3652) by @​PJBrs

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442) by @​larsga

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786) by @​Abzaek

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781) by @​PJBrs

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789) by @​stefan6419846

Full Changelog

Version 6.11.0, 2026-05-09

What's new

New Features (ENH)

• Initialise a Font from an embedded font file (#3704) by @​PJBrs

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742) by @​stefan6419846

Developer Experience (DEV)

• Enable PyPy testing again (#3752) by @​stefan6419846
• Align mypy Makefile target with strict mode (#3690) by @​costajohnt

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.12.0, 2026-05-21

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791)
• Avoid excessive whitespace in layout mode text extraction (#3790)

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• CID font resource from font file to encode more characters (#3652)

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442)

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786)

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781)

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789)

Full Changelog

Version 6.11.0, 2026-05-09

New Features (ENH)

• Initialise a Font from an embedded font file (#3704)

Robustness (ROB)

• Allow to fix AES padding length in non-strict mode (#3742)

Developer Experience (DEV)

• Enable PyPy testing again (#3752)
• Align mypy Makefile target with strict mode (#3690)

Full Changelog

Commits

• 08eb143 REL: 6.12.0
• 507d7c9 SEC: Disallow cross-reference streams with zero-only width values (#3791)
• 9d27470 SEC: Avoid excessive whitespace in layout mode text extraction (#3790)
• 0a8e699 DOC: Block encrypting writer in incremental mode (#3789)
• 541ebd4 DEV: Update idna from version 3.10 to 3.15

[greptile-apps]

PR author is in the excluded authors list.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud