Bump itextpdf from 5.5.6 to 5.5.13.2

[dependabot-preview]

Bumps itextpdf from 5.5.6 to 5.5.13.2.

Release notes

Sourced from itextpdf's releases.

iText 5.5.13.2

core

• security update of bouncy castle dependency

iText 5.5.13.1

core

• security fix for clearer signatures validation
• security improvement around decompression bombs

iText 5.5.13

iText 5.5.13 is a maintenance release that rolls up 4 bugfixes for iText 5 Core from the past 5 months:

• As of this release XFA Worker is no longer supported on .NET 2.0 - instead you need to use .NET 4.0.
• Support has been added for License Key Library 3.0.1. Users on License Key Library 1.0.x should migrate to 3.0.1.
• 3 bugfixes for iText 5 Core 5.5.13.
• 1 bugfix for XFA Worker 5.5.13 (commercial add-on, not on GitHub). Please be informed that at the same time we release pdfXFA 1.0.3, an add-on for iText 7. All bugfixes for XFA Worker 5.5.13 were ported to pdfXFA 1.0.3.

No new functionality has been added since 5.5.11.

The full list of changes can be found in the changelogs and the release in our download hub for Java and .NET.

If you use Maven, then you can download iText from the Central Repository by adding one or more of the following XML snippets to your pom.xml:

<dependency>
  <groupId>com.itextpdf</groupId>
  <artifactId>itextpdf</artifactId>
  <version>${itext.version}</version>
</dependency>
<dependency>
<groupId>com.itextpdf</groupId>
<artifactId>itext-pdfa</artifactId>
<version>${itext.version}</version>
</dependency>
<dependency>
<groupId>com.itextpdf</groupId>
<artifactId>itext-xtra</artifactId>
<version>${itext.version}</version>
</dependency>
<dependency>
<groupId>com.itextpdf.tool</groupId>
<artifactId>xmlworker</artifactId>
<version>${itext.version}</version>
</dependency>

Commits

• f9350ff [RELEASE] iText 5 - 5.5.13.2
• 96e49f6 [RELEASE] 5.5.14-SNAPSHOT -> 5.5.13.2
• fbd8b2d Update copyright year
• 643b5a7 Update bouncy castle to the latest version
• 9d5e4d6 Update optional org.apache.santuario.xmlsec dependency to 1.5.6 version
• cd2c9b7 Update bouncy castle to the latest version
• f48033b XMP parsing XXE vulnerability fix
• dce7a23 Improve contribution guidelines
• 2bc1483 Minir test fix: make sure output dir is created before running tests
• 2822873 barcodeDataMatrix.pdf deleted online with Bitbucket
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)