Skip to content

chore(deps): bump weasyprint from 68.0 to 69.0 in /apps/backend in the backend-pip-security group across 1 directory#480

Merged
haksungjang merged 1 commit into
mainfrom
dependabot/pip/apps/backend/backend-pip-security-49269e6d53
Jul 8, 2026
Merged

chore(deps): bump weasyprint from 68.0 to 69.0 in /apps/backend in the backend-pip-security group across 1 directory#480
haksungjang merged 1 commit into
mainfrom
dependabot/pip/apps/backend/backend-pip-security-49269e6d53

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the backend-pip-security group with 1 update in the /apps/backend directory: weasyprint.

Updates weasyprint from 68.0 to 69.0

Release notes

Sourced from weasyprint's releases.

v69.0

This is a security update (CVE-2026-49452).

We strongly recommend to upgrade WeasyPrint to the latest version if you use the --presentational-hints option and render untrusted HTML with restricted CSS properties.

Read about this release on our blog.

Security

  • Avoid CSS injection with HTML presentational hints.

Command-line API

  • The --srgb option has been replaced by --output-intent=srgb. Other values are possible: device-cmyk for CMYK documents with no ICC profile, or the CSS identifier of a @color-profile rule.

Python API

  • The output_intent string entry replaces the srgb boolean in default options.

Features

Bug fixes

  • #2697, #2691: Avoid endless loops in grids
  • #2709: Be less strict for gradient rasterization in tests
  • #2683: Fix rendering of emojis in SVG
  • #2688: Always describe font using absolute sizes
  • #2676: Fix inheritance for svg/symbol tags referenced by use tags
  • #2681: Add dc:description field to PDF/A metadata
  • #2680: Force first grid row rendering on empty pages
  • #2690: Compute units in gradients used in border background
  • #2689: Cut flex elements with fixed height and overflowing children
  • #2651, #2696: Fix tests on Debian
  • #2698, #2699: Fix alignment of right-to-left elements with auto width and set min/max-width
  • #2556: Apply presentational hints to svg tags
  • #2706: Handle infinite border radii
  • #2707, #2708, #2710: Get mimetypes from Python code instead of various third-party files
  • #2717, #2580, #2740: Fix table break retry after padding overflow
  • #2769: Add year in PDF/UA-2 metadata
  • #2768: Allow SVG lists of numbers to be split on + character
  • #2770: Add namespace to Document tag in PDF 2
  • #2771: Never try to render SVG use tags with external sources
  • #2774: Fix calc in logical

... (truncated)

Changelog

Sourced from weasyprint's changelog.

Version 69.0

Released on 2026-06-02.

This is a security update (CVE-2026-49452).

We strongly recommend to upgrade WeasyPrint to the latest version if you use the --presentational-hints option and render untrusted HTML with restricted CSS properties.

Security:

  • Avoid CSS injection with HTML presentational hints.

Command-line API:

  • The --srgb option has been replaced by --output-intent=srgb. Other values are possible: device-cmyk for CMYK documents with no ICC profile, or the CSS identifier of a @color-profile rule.

Python API:

  • The output_intent string entry replaces the srgb boolean in default options.

Features:

  • [#2357](https://github.com/Kozea/WeasyPrint/issues/2357) <https://github.com/Kozea/WeasyPrint/issues/2357>, [#2700](https://github.com/Kozea/WeasyPrint/issues/2700) <https://github.com/Kozea/WeasyPrint/pull/2700>: Support logical properties
  • [#1194](https://github.com/Kozea/WeasyPrint/issues/1194) <https://github.com/Kozea/WeasyPrint/issues/1194>, [#2702](https://github.com/Kozea/WeasyPrint/issues/2702) <https://github.com/Kozea/WeasyPrint/pull/2702>: Support viewport units
  • [#2686](https://github.com/Kozea/WeasyPrint/issues/2686) <https://github.com/Kozea/WeasyPrint/issues/2686>_: Detect redirection loops early in URL fetcher
  • [#2735](https://github.com/Kozea/WeasyPrint/issues/2735) <https://github.com/Kozea/WeasyPrint/issues/2735>, [#2737](https://github.com/Kozea/WeasyPrint/issues/2737) <https://github.com/Kozea/WeasyPrint/pull/2737>: Support SVG transform angle units
  • [#2636](https://github.com/Kozea/WeasyPrint/issues/2636) <https://github.com/Kozea/WeasyPrint/issues/2636>, [#2720](https://github.com/Kozea/WeasyPrint/issues/2720) <https://github.com/Kozea/WeasyPrint/pull/2720>, [#2773](https://github.com/Kozea/WeasyPrint/issues/2773) <https://github.com/Kozea/WeasyPrint/pull/2773>_: Use HTML parsers for presentational hints
  • [#2631](https://github.com/Kozea/WeasyPrint/issues/2631) <https://github.com/Kozea/WeasyPrint/issues/2631>, [#2778](https://github.com/Kozea/WeasyPrint/issues/2778) <https://github.com/Kozea/WeasyPrint/pull/2778>, [#2785](https://github.com/Kozea/WeasyPrint/issues/2785) <https://github.com/Kozea/WeasyPrint/issues/2785>, [#2788](https://github.com/Kozea/WeasyPrint/issues/2788) <https://github.com/Kozea/WeasyPrint/pull/2788>: Allow users to set PDF output intent

Bug fixes:

... (truncated)

Commits
  • 3287311 Version 69.0
  • 6f58a9a Add security message in Changelog
  • 2d13d3d Update test comment to indicate related issue
  • 227f5f7 Merge pull request #2791 from Kozea/improve-var
  • ff72115 Improve management of variables
  • b419c7f Merge pull request #2788 from Kozea/fix-hints
  • 1729ce4 Fix minor errors in presentational hints
  • 9898e84 Merge pull request #2787 from danfitz36/fix-namespace-type-typo
  • 15eea9f Add lang attribute to PDF/UA-2 namespace test
  • cb5f66c Fix /Namepace typo in PDF 2 structure-tree namespace
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the backend-pip-security group with 1 update in the /apps/backend directory: [weasyprint](https://github.com/Kozea/WeasyPrint).


Updates `weasyprint` from 68.0 to 69.0
- [Release notes](https://github.com/Kozea/WeasyPrint/releases)
- [Changelog](https://github.com/Kozea/WeasyPrint/blob/main/docs/changelog.rst)
- [Commits](Kozea/WeasyPrint@v68.0...v69.0)

---
updated-dependencies:
- dependency-name: weasyprint
  dependency-version: '69.0'
  dependency-type: direct:production
  dependency-group: backend-pip-security
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 8, 2026
@haksungjang haksungjang merged commit f620e3b into main Jul 8, 2026
18 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/apps/backend/backend-pip-security-49269e6d53 branch July 8, 2026 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant