Skip to content

chore: bump pypdf - CVE-2025-55197 #417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 26, 2025
Merged

chore: bump pypdf - CVE-2025-55197 #417

merged 1 commit into from
Aug 26, 2025

Conversation

andrezz-b
Copy link
Contributor

Description

Upgrade pypdf version to 6.0.0 to address CVE-2025-55197 (llama_index also updated because it's a dependency)

Type of Change

  • New feature
  • Bug fix
  • Breaking change
  • Documentation update
  • Project configuration change

Complexity

Complexity: Low

How Has This Been Tested?

  • Unit tests
  • E2E tests
  • Manual tests

Checklist

The following requirements should have been met (depending on the changes in the branch):

  • Documentation has been updated
  • Unit tests have been updated
  • E2E tests have been updated
  • Examples have been updated
  • New files have copyright header
  • CLA (https://neo4j.com/developer/cla/) has been signed
  • CHANGELOG.md updated if appropriate

@andrezz-b andrezz-b requested a review from a team as a code owner August 26, 2025 13:36
@stellasia stellasia self-assigned this Aug 26, 2025
stellasia
stellasia approved these changes Aug 26, 2025
View reviewed changes
Copy link
Contributor

@stellasia stellasia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the update, much appreciated!

@stellasia stellasia merged commit 83002a2 into neo4j:main Aug 26, 2025
8 of 9 checks passed
@andrezz-b
Copy link
Contributor Author

Hey @stellasia,
What are the plans for publishing a new release with this fix? We have an issue with Snyk flagging it, so if a full release isn’t ready yet, would it be possible to cut a small pre-release?

@stellasia
Copy link
Contributor

Hi Andrej, we're working on putting together a release for the end of this week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stellasia stellasia stellasia approved these changes

Assignees

@stellasia stellasia

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrezz-b @stellasia