Bump pypdf from 6.1.1 to 6.1.3 in /public_dropin_environments/python311_genai_agents

[dependabot]

Bumps pypdf from 6.1.1 to 6.1.3.

Release notes

Sourced from pypdf's releases.

Version 6.1.3, 2025-10-22

What's new

Security (SEC)

• Allow limiting size of LZWDecode streams (#3502) by @​stefan6419846
• Avoid infinite loop when reading broken DCT-based inline images (#3501) by @​stefan6419846

Bug Fixes (BUG)

• PageObject.scale() scales media box incorrectly (#3489) by @​Nid01

Robustness (ROB)

• Fail with explicit exception when image mode is an empty array (#3500) by @​stefan6419846

Full Changelog

Version 6.1.2, 2025-10-19

What's new

Bug Fixes (BUG)

• Fix handling of zero-length StreamObject (#3485) by @​Likend

Robustness (ROB)

• Deal with wrong size for incremental PDF files (#3495) by @​stefan6419846
• Improve handling for malformed cross-reference tables (#3483) by @​stefan6419846

Developer Experience (DEV)

• Use released Python 3.14 by @​stefan6419846
• Use Mapping instead of dict in type hint of update_page_form_field_values (#3490) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.1.3, 2025-10-22

Security (SEC)

• Allow limiting size of LZWDecode streams (#3502)
• Avoid infinite loop when reading broken DCT-based inline images (#3501)

Bug Fixes (BUG)

• PageObject.scale() scales media box incorrectly (#3489)

Robustness (ROB)

• Fail with explicit exception when image mode is an empty array (#3500)

Full Changelog

Version 6.1.2, 2025-10-19

Bug Fixes (BUG)

• Fix handling of zero-length StreamObject (#3485)

Robustness (ROB)

• Deal with wrong size for incremental PDF files (#3495)
• Improve handling for malformed cross-reference tables (#3483)

Developer Experience (DEV)

• Use released Python 3.14
• Use Mapping instead of dict in type hint of update_page_form_field_values (#3490)

Full Changelog

Commits

• 4a613f3 REL: 6.1.3
• e51d078 SEC: Allow limiting size of LZWDecode streams (#3502)
• f2864d6 SEC: Avoid infinite loop when reading broken DCT-based inline images (#3501)
• b751ca2 ROB: Fail with explicit exception when image mode is an empty array (#3500)
• e13a1e0 BUG: PageObject.scale() scales media box incorrectly (#3489)
• 0859b35 REL: 6.1.2
• 623a700 BUG: Fix handling of zero-length StreamObject (#3485)
• 16c4c44 ROB: Deal with wrong size for incremental PDF files (#3495)
• 54c0dd7 DEV: Use released Python 3.14
• 9fad9ff DEV: Use Mapping instead of dict in type hint of update_page_form_field_value...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[engprod-2]

The Needs Review labels were added based on the following file changes.

Team @datarobot/buzok (#genai) was assigned because of changes in files:

public_dropin_environments/python311_genai_agents/requirements.txt

If you think that there are some issues with ownership, please discuss with C&A domain at #sdtk slack channel and create PR to update DRCODEOWNERS\CODEOWNERS file.

[akshoop]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[akshoop]

@dependabot recreate

[devexp-slackbot]

Auto Merge when Ready was removed because @dependabot[bot] is a bot account and this PR has no human assignees to take responsibility for the merge.

Please assign at least one human user with merge permissions to this PR to enable auto-merge.

[akshoop]

@nullspoon FYI seems like r-lang env issue again for DRUM dependabot PR, failure repeats itself even when doing rebase/recreate for the bot. can you help take a look?

[nullspoon]

🤔 This looks like it might actually be an issue with some of the r-lang packages inside the image. Otherwise it looks like it pulls the image fine.

Edit: I checked the git log for that image. Looks like nothing changed there when this version ID was set. It was just a version bump, which rebuilt the image. We might try just bumping the version again to see if there's a bug that gets fixed.

Edit 2: Extra interesting. The image is reporting that there is no package called devtools. The Dockerfile has an install for it though. Curious. I wonder if there was a failure during installation that didn't trigger an actual error, allowing the image build to proceed.

[nullspoon]

Whooooa. I'm testing installation of the devtools package on this image, and Rscript fails with code 0. Encouraging. It seems to be unhappy about the lack of the cat command?

Edit: My bad, this was on the prod image, which lacks a bunch of utilities. Looks like the installation during build of this image just failed. I'll run a bump and that should hopefully fix the issue. I guess we'll just blame this on the recent AWS outage. ;)

[nullspoon]

The bump PR

[nullspoon]

Looks like devtools is silently failing to install. I'm investigating. Looks like it's probably just another package ahead of it that's causing the process to exit early. Difficult to troubleshoot since Rscript says everything is good. 😢

[nullspoon]

Found it. It's tidyverse, which installs xml2 as a dependency. The xml2 installation fails because for some reason it can't find the system xml2, which is definitely being installed. Since xml2 fails install, tidyverse fails, which causes the install process to stop before devtools gets installed.

Edit: I wrote a simple c program to test linking to xml2. Seems that something is wrong with alpine's install of it.

# cc -lxml2 test.c
/usr/lib/gcc/x86_64-pc-linux-gnu/15/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find -lxml2: No such file or directory
collect2: error: ld returned 1 exit status

Edit again: Found it! For some reason installing alpine libxml2-dev creates a symlink to a library so that doesn't exist.

Deleting the bad symlink and relinking correctly resolves the xml2 issues and fixes the tidyverse installation problem.

[akshoop]

@dependabot recreate

[akshoop]

@dependabot recreate