Branch v2.3.0 #2
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ce thresholds (Stirling-Tools#5352) # Description of Changes ### What was changed - Refactored Gradle task configuration to use `tasks.named` and `configureEach` for better lazy configuration and compatibility. - Centralized JaCoCo report handling by introducing a single `jacocoReport` task reference. - Added a post-processing step to the JaCoCo XML report to: - Parse coverage metrics (LINE, INSTRUCTION, BRANCH). - Calculate coverage ratios. - Print a formatted coverage summary table directly to the build logs. - Enabled and aligned `jacocoTestCoverageVerification` rules with defined minimum coverage thresholds. - Ensured the `build` task depends on the JaCoCo report to always generate coverage output. ### Why the change was made - To improve visibility of test coverage results directly in CI and local builds without manually opening the HTML report. - To enforce consistent and explicit coverage thresholds for key metrics. - To modernize Gradle task configuration and avoid eager task realization. --- > Task :proprietary:jacocoTestReport ==== JaCoCo Coverage Summary ==== Metric | Coverage | Covered/Total | Status | Target ------------|----------|---------------|--------|---------- LINE | 9.01% | 759/8426 | FAIL | >= 16.00% INSTRUCTION | 8.41% | 2741/32590 | FAIL | >= 14.00% BRANCH | 6.04% | 248/4103 | FAIL | >= 9.00% --- > Task :common:jacocoTestReport ==== JaCoCo Coverage Summary ==== | Metric | Coverage | Covered/Total | Status | Target |------------|----------|---------------|--------|---------- LINE | 39.47% | 2996/7591 | PASS | >= 16.00% INSTRUCTION | 41.05% | 12868/31345 | PASS | >= 14.00% BRANCH | 33.43% | 1166/3488 | PASS | >= 9.00% --- > Task :stirling-pdf:jacocoTestReport ==== JaCoCo Coverage Summary ==== Metric | Coverage | Covered/Total | Status | Target ------------|----------|---------------|--------|---------- LINE | 13.63% | 2554/18741 | FAIL | >= 16.00% INSTRUCTION | 14.59% | 11459/78532 | PASS | >= 14.00% BRANCH | 10.68% | 868/8124 | PASS | >= 9.00% --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
…nd harden EML error handling (Stirling-Tools#5353) # Description of Changes This pull request introduces several improvements focused on security and reliability in both the Docker build process and the backend API. The most significant changes are the use of digest-pinned Docker base images to ensure reproducible builds, safer handling of user-provided filenames in error messages, and a switch to more reliable dependency installation in CI workflows. **Docker image security and reproducibility:** * All Dockerfiles now use digest-pinned base images (e.g., `node:20-alpine@sha256:...`, `gradle:8.14-jdk21@sha256:...`, `alpine:3.22.1@sha256:...`, `nginx:alpine@sha256:...`) to guarantee build consistency and protect against upstream image changes. [[1]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L5-R5) [[2]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L18-R18) [[3]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L38-R38) [[4]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L5-R5) [[5]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L18-R18) [[6]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L37-R37) [[7]](diffhunk://#diff-e9edf3a05475d0721a0e65be1ba0eeb162ae972891b0f6d7e1285687efab1de0L9-R9) [[8]](diffhunk://#diff-fa0700cfd7d90d832649eb1d0503904564bb3b28c48972be7d9f17e4ce32a3dcL9-R9) [[9]](diffhunk://#diff-2e766aaf0c87e7b8a62d2a2986f6999c38cc35f677479e31b77d1b427c7aeef7L5-R5) [[10]](diffhunk://#diff-1726db0cbef194c9be3cba9825c0794802b154e15e4c892c1544d0aace03e037L5-R5) [[11]](diffhunk://#diff-c1b6dd504a16fc68cd064baf9cf07d9dd31da56eb55de69601844ab03a5ae319L5-R5) [[12]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L5-R5) [[13]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L39-R39) [[14]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL2-R2) [[15]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL19-R19) **Backend API security:** * In `ConvertEmlToPDF.java`, error messages now escape user-provided filenames using `HtmlUtils.htmlEscape`, preventing potential XSS vulnerabilities when displaying error messages that include filenames. [[1]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR13) [[2]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR156-R170) **CI/CD reliability:** * All GitHub Actions workflows (`multiOSReleases.yml`, `releaseArtifacts.yml`, `tauri-build.yml`) now use `npm ci` instead of `npm install` for frontend dependency installation, ensuring clean, reproducible installs that match the lockfile. [[1]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL271-R271) [[2]](diffhunk://#diff-699ff98fe113446c403eb07daf16dd1966c2a047ab0b9f7e38fd695d079f7dddL177-R177) [[3]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aL177-R177) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
Auto-generated by [create-pull-request][1] with **stirlingbot** [1]: https://github.com/peter-evans/create-pull-request Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
…ols#5178) # Description of Changes Updated the Irish (ga-IE) translation by adding the 117 missing entries and reviewing the remaining untranslated keys. After translation, some 34 items were identified as not requiring translation and have been added to the ignore list (ignore_translation.toml).
…t current user (Stirling-Tools#5441) # Description of Changes This PR improves the People management UI by preventing users from modifying or deleting their own account and by visually highlighting the currently logged-in user. <img width="675" height="196" alt="image" src="https://github.com/user-attachments/assets/c45fb0b6-c766-412c-a53b-b72aed2925d2" /> ### What was changed - Integrated session-based authentication context to identify the currently logged-in user. - Added a helper to detect the current user in the user list. - Highlighted the current user's row with a subtle background color. - Disabled self-actions: - Editing own role - Enabling/disabling own account - Deleting own account - Kept password change available for the current user. ### Why the change was made - Prevents accidental self-lockout or privilege removal. - Aligns UI behavior with common security best practices. - Improves clarity by visually distinguishing the active user account. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
…eploy workflow (Stirling-Tools#5380) # Description of Changes This pull request makes a small update to the PR auto-deploy workflow. The change ensures that the pull request number is correctly retrieved from the workflow dispatch payload, improving reliability when the workflow is manually triggered. * Changed the PR number retrieval logic in `.github/workflows/PR-Auto-Deploy-V2.yml` to use `context.payload.inputs.pr` instead of `process.env.INPUT_PR` for workflow dispatch events. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
…ng-Tools#5449) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.5 to 4.31.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.31.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.7</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.6 - 01 Dec 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> <li>Update default CodeQL bundle version to 2.23.5. <a href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li> </ul> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/cdefb33c0f6224e58673d9004f47f7cb3e328b89"><code>cdefb33</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3394">#3394</a> from github/update-v4.31.10-0fa411efd</li> <li><a href="https://github.com/github/codeql-action/commit/cfa77c6b134886357b1c716fbe58a7708833bf31"><code>cfa77c6</code></a> Update changelog for v4.31.10</li> <li><a href="https://github.com/github/codeql-action/commit/0fa411efd0628aefdf9d03a0faa20a1e0edafc4a"><code>0fa411e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3393">#3393</a> from github/update-bundle/codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/c2843242125c2fb8dcd892f204eb2f8622886b78"><code>c284324</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/83e7d0046cd548fe4cb5d55f5b2ce30b0de62304"><code>83e7d00</code></a> Update default bundle to codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/f6a16bef8e5c39e398e4da16862d381f76824ac6"><code>f6a16be</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3391">#3391</a> from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...</li> <li><a href="https://github.com/github/codeql-action/commit/c1f5f1a8b57e6da99af540e7c2f23ed33152e270"><code>c1f5f1a</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/1805d8d0a48bdde6eb34e4427b3c00c431427f89"><code>1805d8d</code></a> Bump the npm-minor group with 2 updates</li> <li><a href="https://github.com/github/codeql-action/commit/b2951d2a1ed70de8ec57301118b487b35c13595a"><code>b2951d2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3353">#3353</a> from github/kaspersv/bump-min-cli-v-for-overlay</li> <li><a href="https://github.com/github/codeql-action/commit/41448d92b9e7bb3a481b3134031a56e52f85528f"><code>41448d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3287">#3287</a> from github/henrymercer/generate-mergeback-last</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...cdefb33c0f6224e58673d9004f47f7cb3e328b89">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rling-Tools#5422) Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.4.0 to 6.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>) by <a href="https://github.com/mainuddin-md"><code>@mainuddin-md</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>) by <a href="https://github.com/rassie"><code>@rassie</code></a></li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h2>What's new</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h2>What's new</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>) by <a href="https://github.com/jgillard"><code>@jgillard</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>)</li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>)</li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>)</li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>)</li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>)</li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow deleting non-existent annotations (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3559">#3559</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/py-pdf/pypdf/commit/10df9c72fa7fb9ab14101b9cb911d66e680282a8"><code>10df9c7</code></a> REL: 6.6.0</li> <li><a href="https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"><code>2941657</code></a> SEC: Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/712688005e49d2d0a4427db0b16abbae160fe106"><code>7126880</code></a> DEV: Update to urllib3 2.6.3 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3593">#3593</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/f189f0755eb111564ae8667a990738a9e7ab4ba9"><code>f189f07</code></a> DOC: Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a29e5326f543f93c4c317cf9f92df54aff68c584"><code>a29e532</code></a> BUG: Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/d9ce594772717fdcfcd505d0309843461579bbf7"><code>d9ce594</code></a> MAINT: Converge on one shared Font class for text extraction and appearance s...</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a65708c778467f1525662dfe5614a486adbd16b0"><code>a65708c</code></a> DEV: Check for JavaScript library updates on GitHub Pages (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3592">#3592</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/6951bb7c039afd02bd273dda412c3f36df76eba3"><code>6951bb7</code></a> MAINT: Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/97d47a001d574dfda54bf16c4dcee89ccbfabec8"><code>97d47a0</code></a> TST: Improve test coverage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3584">#3584</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/bda80a4846a8646419a04cc253d81b73773d3cec"><code>bda80a4</code></a> DEV: Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> <li>Additional commits viewable in <a href="https://github.com/py-pdf/pypdf/compare/6.4.0...6.6.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…Stirling-Tools#5358) Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.16.0 to 1.16.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.16.1</h2> <h2>:lady_beetle: Bug Fixes</h2> <ul> <li>Don't filter log events in LogbackMetricsBenchmark <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6891">#6891</a></li> <li>Return value nullability is incorrect on function wrapper methods <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6869">#6869</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> <ul> <li>Add link to the latest Micrometer Team talk <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6881">#6881</a></li> <li>Document JSpecify dependency <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6886">#6886</a></li> <li>Make cross-references more consistent in the docs <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6915">#6915</a></li> </ul> <h2>:hammer: Dependency Upgrades</h2> <ul> <li>Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6877">#6877</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6904">#6904</a></li> <li>Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6937">#6937</a></li> <li>Bump grpc from 1.76.0 to 1.76.1 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6902">#6902</a></li> <li>Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6876">#6876</a></li> <li>Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6868">#6868</a></li> <li>Bump spring6 from 6.2.12 to 6.2.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6890">#6890</a></li> </ul> <h2>:heart: Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/MiLabuda"><code>@MiLabuda</code></a>, <a href="https://github.com/izeye"><code>@izeye</code></a>, and <a href="https://github.com/ngocnhan-tran1996"><code>@ngocnhan-tran1996</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0550e769cb9b4f15cff86c1e503fce8ae03ef84f"><code>0550e76</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/e8dd176ffe60d6ea068c7f536e5662278499cd8f"><code>e8dd176</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d8a46b5a7080738e6f9afd623cfdfcf984f44185"><code>d8a46b5</code></a> Fixed flaky test for mongo client (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6924">#6924</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0bbe73b0f447ca5ca94e1d2b621eda83d7735477"><code>0bbe73b</code></a> Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6937">#6937</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d0b368dbbc1cd8511f693e7be97810978f67787d"><code>d0b368d</code></a> Polish <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6612">gh-6612</a> (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6932">#6932</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/aa9eac0d31acb389a03be50f266bc968c8ef207f"><code>aa9eac0</code></a> Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6930">#6930</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/57bd4ff8ebb64d941ece6d9fb04d2c921bd77ac1"><code>57bd4ff</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/11d8fb1f8081098ad91efc40ea8902b9113d03d3"><code>11d8fb1</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5779b09fcb1d5266c614b50ecefe1ad42264b3c2"><code>5779b09</code></a> Backport fixing typos in docs</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/8b88e43a98221f50f56d43cdd5b0eafb986e835b"><code>8b88e43</code></a> Merge branch '1.15.x' into 1.16.x</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.16.0...v1.16.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <Ludy87@users.noreply.github.com>
…ing-Tools#5326) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-qemu-action/commit/c7c53464625b32c7a7e944ae62b3e17d2b600130"><code>c7c5346</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/230">#230</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a517a1a6f815421d6c0f8ab069bd9cae3024828"><code>3a517a1</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/a5b45edf7e42dbe6d762ad8053bd35a7d336a850"><code>a5b45ed</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.67.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a64278e93930d340f1caabd280b2e78b36b5032"><code>3a64278</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/220">#220</a> from docker/dependabot/npm_and_yarn/brace-expansion-1...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/94906ba253608103ef32875025dd58d7f74e2716"><code>94906ba</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/4027abfd67ddf4bd8f75dbf3bb8bf3b69764ded6"><code>4027abf</code></a> build(deps): bump brace-expansion from 1.1.11 to 1.1.12</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/bee0aaad0f43394cdb4b8756cd994ae278b0667c"><code>bee0aaa</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/221">#221</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/0d7e25756e271776f152e7669522f64f54c5e3e2"><code>0d7e257</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/b86960130e28d1756dfa88e15e28ee5880e893de"><code>b869601</code></a> build(deps): bump tmp from 0.2.3 to 0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a043edff31c211e56ebb1e00a76ce49a831bd24"><code>3a043ed</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/219">#219</a> from docker/dependabot/npm_and_yarn/undici-5.29.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...c7c53464625b32c7a7e944ae62b3e17d2b600130">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tirling-Tools#5324) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.1 to 2.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.</li> <li>Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p> <h2>v2.13.3</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where process events were not uploaded in certain edge cases.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p> <h2>v2.13.2</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.</li> <li>Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2">https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2</a></p> <h2>v2.13.1</h2> <h2>What's Changed</h2> <ul> <li> <p>Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.</p> </li> <li> <p>Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.</p> </li> <li> <p>Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1">https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1</a></p> <h2>v2.13.0</h2> <h2>What's Changed</h2> <ul> <li>Improved job markdown summary</li> <li>Https monitoring for all domains (included with the enterprise tier)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.13.0">https://github.com/step-security/harden-runner/compare/v2...v2.13.0</a></p> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/20cf305ff2072d973412fa9b1e3a4f227bda3c76"><code>20cf305</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a> from step-security/feature/custom-property-skip</li> <li><a href="https://github.com/step-security/harden-runner/commit/c51e8eeb6c4fdcd08f65e43a051dacdbfaa69702"><code>c51e8ee</code></a> feat: skip agent install and post step on subsequent runs for GitHub-hosted r...</li> <li><a href="https://github.com/step-security/harden-runner/commit/e152b90204c3d85cefa1441b701a47a13ed28bd7"><code>e152b90</code></a> feat: skip harden-runner based on repository custom property</li> <li><a href="https://github.com/step-security/harden-runner/commit/ee1faec052d1000061fa79a13e030db11b3f86bd"><code>ee1faec</code></a> feat: replace skip-harden-runner with skip-on-custom-property input</li> <li><a href="https://github.com/step-security/harden-runner/commit/1dc7c1764659d537dab2a854b8e165a801103eb1"><code>1dc7c17</code></a> feat: add skip-harden-runner input to conditionally skip execution</li> <li><a href="https://github.com/step-security/harden-runner/commit/df199fb7be9f65074067a9eb93f12bb4c5547cf2"><code>df199fb</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a> from step-security/rc-29</li> <li><a href="https://github.com/step-security/harden-runner/commit/03d096a772368b1f0222005a6899d3e35a7f62df"><code>03d096a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/40901073af04afd40408833437092a7467798f33"><code>4090107</code></a> fix: update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/95d9a5deda9de15063e7595e9719c11c38c90ae2"><code>95d9a5d</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/606">#606</a> from step-security/rc-28</li> <li><a href="https://github.com/step-security/harden-runner/commit/87e429d3fb470bcc827f338e5cce1155ff99c6eb"><code>87e429d</code></a> Update limitations.md</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/v2.12.1...20cf305ff2072d973412fa9b1e3a4f227bda3c76">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… and add MSG support (Stirling-Tools#5427) # Description of Changes Note on Simple Java Mail: - SJM contains Angus/Jakarta Mail in it. - SJM is a very thin layer on Angus Mail; see here: https://github.com/bbottema/simple-java-mail - SJM gives high level methods to more reliably parse in email via Angus Mail, but also contains lots of other interesting features. - SJM is Apache 2 licensed This pull request updates the email processing utilities to add support for parsing and validating Outlook MSG files, refactors the `EmlProcessingUtils` utility class to use instance methods and improved resource management, and enhances the handling and styling of generated email HTML. The changes also introduce external CSS resource loading with a fallback mechanism, and update dependencies to support MSG file parsing. **MSG file support and validation:** - Added `simple-java-mail` and `outlook-module` dependencies to enable EML and MSG file parsing, and updated validation logic to recognize and accept MSG files by checking their magic bytes. (`app/common/build.gradle`, `EmlProcessingUtils.java`) **Refactoring and modernization of `EmlProcessingUtils`:** - Converted static methods and fields in `EmlProcessingUtils` to instance methods/fields, improving testability and future extensibility. (`EmlProcessingUtils.java`) **Enhanced HTML/CSS styling for email rendering:** - Updated HTML generation to use consistent formatting and improved style variable usage, and refactored CSS injection to load from an external resource (`email-pdf-styles.css`) with a synchronized cache and a minimal fallback if the resource is missing. (`EmlProcessingUtils.java`) **Attachment and content rendering improvements:** - Improved the formatting of meta-information (e.g., CC, BCC, Date) and attachment sections in generated email HTML, and ensured more robust handling of empty or missing content. (`EmlProcessingUtils.java`) **General code cleanup and logging:** - Added SLF4J logging for error handling when loading CSS resources, and cleaned up imports and method signatures for clarity and maintainability. (`EmlProcessingUtils.java`) <img width="367" height="991" alt="image" src="https://github.com/user-attachments/assets/0cfb959c-da92-4cff-9e52-ff4ab7fa806e" /> <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [X] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [X] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [X] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <bszucs1209@gmail.com>
…s to prevent Tauri client parse errors (Stirling-Tools#5437) # Description of Changes ```console index-DsORDqQQ.js:124 \n [TauriHttpClient] Network error: \n{url: 'http://localhost:8080/api/v1/admin/settings', method: 'PUT', errorType: 'ERR_NETWORK', originalMessage: `Failed to execute 'close' on 'ReadableStreamDefaul…cted token 'S', "Successful"... is not valid JSON`, stack: `SyntaxError: Unexpected token 'S', "Successful"...…lback (<anonymous>:284:7)\n at <anonymous>:1:28`}\nerrorType\n: \n"ERR_NETWORK"\nmethod\n: \n"PUT"\noriginalMessage\n: \n"Failed to execute 'close' on 'ReadableStreamDefaultController': Unexpected token 'S', \"Successful\"... is not valid JSON"\nstack\n: \n"SyntaxError: Unexpected token 'S', \"Successful\"... is not valid JSON\n at A.onmessage (http://tauri.localhost/assets/index-DsORDqQQ.js:124:22714)\n at http://tauri.localhost/assets/index-DsORDqQQ.js:124:20748\n at <anonymous>:272:26\n at Object.runCallback (<anonymous>:284:7)\n at <anonymous>:1:28"\nurl\n: \n"http://localhost:8080/api/v1/admin/settings" index-DXbk7lbS.js:124 \n [TauriHttpClient] Network error: \n{url: 'http://localhost:8080/api/v1/user/get-api-key', method: 'POST', errorType: 'ERR_NETWORK', originalMessage: `Failed to execute 'close' on 'ReadableStreamDefaul…cted token 'a', "a72f6b26-1"... is not valid JSON`, stack: `SyntaxError: Unexpected token 'a', "a72f6b26-1"...…lback (<anonymous>:284:7)\n at <anonymous>:1:28`}\nerrorType\n: \n"ERR_NETWORK"\nmethod\n: \n"POST"\noriginalMessage\n: \n"Failed to execute 'close' on 'ReadableStreamDefaultController': Unexpected token 'a', \"a72f6b26-1\"... is not valid JSON"\nstack\n: \n"SyntaxError: Unexpected token 'a', \"a72f6b26-1\"... is not valid JSON\n at A.onmessage (http://tauri.localhost/assets/index-DXbk7lbS.js:124:22714)\n at http://tauri.localhost/assets/index-DXbk7lbS.js:124:20748\n at <anonymous>:272:26\n at Object.runCallback (<anonymous>:284:7)\n at <anonymous>:1:28"\nurl\n: \n"http://localhost:8080/api/v1/user/get-api-key" ``` This pull request fixes a self-hosting issue where the Tauri HTTP client fails with `Unexpected token ... is not valid JSON` because certain API endpoints returned plain text responses. ## What was changed - Updated `AdminSettingsController`: - Changed `updateSettings` and `updateSettingsSection` to return structured JSON objects instead of raw strings. - Standardized success and error payloads using a `Map<String, Object>` with keys like `message` and `error`. - Updated `UserController`: - Changed `/api/v1/user/get-api-key` and `/api/v1/user/update-api-key` to return JSON objects (`{ "apiKey": "..." }`) and JSON error objects instead of plain text. ## Why the change was made - The Tauri client expects JSON responses and attempts to parse them. Returning plain strings like `"Successful..."` or an API key string causes JSON parsing to fail, resulting in network errors on self-hosted setups. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: James Brunton <jbrunton96@gmail.com>
Auto-generated by stirlingbot[bot] This PR updates the backend license report based on dependency changes. Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
Stirling-Tools#5311) Bumps node from 20-alpine to 25-alpine. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…nd (Stirling-Tools#5448) [//]: # (dependabot-start)⚠️ **Dependabot is rebasing this PR**⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps nginx from `8491795` to `c083c37`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…g-Tools#5413) Bumps [globals](https://github.com/sindresorhus/globals) from 16.5.0 to 17.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/globals/releases">globals's releases</a>.</em></p> <blockquote> <h2>v17.0.0</h2> <h3>Breaking</h3> <ul> <li>Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>) 7bc293e</li> </ul> <h3>Improvements</h3> <ul> <li>Update globals (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>) ebe1063</li> <li>Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>) 59ceff8</li> <li>Add <code>bunBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>denoBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>) 4b78f56</li> <li>Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>) 4a02a85</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/globals/commit/bb89b18916b00f6c4f089baa0d66cb7f0771ab1b"><code>bb89b18</code></a> 17.0.0</li> <li><a href="https://github.com/sindresorhus/globals/commit/ebe106340137419b4ac0150f746b7567fb78ce03"><code>ebe1063</code></a> Update globals (2026-01-01) (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e3d8da349da72d66fcadf94d926d4ff96da3319c"><code>e3d8da3</code></a> Revert "Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)" (<a href="https://redirect.github.com/sindresorhus/globals/issues/328">#328</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e7c0453f80840ebcef3a6bccaabc7a9dc0cb7a84"><code>e7c0453</code></a> Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/1bc6e3bc6658d4243a714bb7dd7401f206fd3bc5"><code>1bc6e3b</code></a> Add <code>bunBuiltin</code> and <code>denoBuiltin</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4b78f56c1c305e34161183e8fd5ac89e92c72e84"><code>4b78f56</code></a> Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/59ceff80cb22de31a78651acdda4db1a91eefb11"><code>59ceff8</code></a> Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4a02a852463c03ae722f14f06944c5aa7e0e06e0"><code>4a02a85</code></a> Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/7bc293ec2498be49293e3aec46186a98a76e5ecd"><code>7bc293e</code></a> Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/814075ffd71e6b0599f2611cd445b00906ad2181"><code>814075f</code></a> Fix browser launch (<a href="https://redirect.github.com/sindresorhus/globals/issues/319">#319</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
…5185) # Description of Changes This pull request introduces Telegram bot integration to the application, enabling users to send files via Telegram for processing through the pipeline. The main changes add configuration options, dependency management, and a new service for handling Telegram interactions. **Telegram bot integration:** * Added a new `TelegramPipelineBot` service (`TelegramPipelineBot.java`) that listens for incoming Telegram messages, downloads attached files or photos, places them in a pipeline inbox folder, waits for processing results, and sends the output files back to the user. The service includes error handling and status messaging. * Introduced a `TelegramBotConfig` configuration class to initialize and register the Telegram bot only when enabled via application properties. * Added a new `Telegram` configuration section to `ApplicationProperties` and the `settings.yml.template`, supporting options like enabling/disabling the bot, bot token/username, pipeline folder, processing timeout, and polling interval. [[1]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R63) [[2]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R580-R589) [[3]](diffhunk://#diff-12f23603ae35319a3ea08f91b6340d5d935216941fda2e69d2df1b6cd22a63f2R108-R115) **Dependency management:** * Added the `org.telegram:telegrambots` library to the project dependencies to support Telegram bot functionality. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Stirling-Tools#5434) # Description of Changes This pull request introduces support for converting PDF files to eBook formats (EPUB and AZW3) in the frontend. It adds new user interface options for PDF-to-eBook conversion, updates the conversion logic and parameters, and ensures the new formats are integrated into the conversion matrix and endpoints. The most important changes are grouped below: **PDF to eBook (EPUB/AZW3) Conversion Support** * Added a new `ConvertToEpubSettings` component that provides UI controls for PDF-to-eBook options, including chapter detection, target device selection, and output format. (`frontend/src/core/components/tools/convert/ConvertToEpubSettings.tsx`) * Updated `ConvertSettings` to render the new eBook options when converting from PDF to EPUB or AZW3, and set default values for these options. (`frontend/src/core/components/tools/convert/ConvertSettings.tsx`) * Extended the `ConvertParameters` interface and default parameters to include `epubOptions` for the new settings. (`frontend/src/core/hooks/tools/convert/useConvertParameters.ts`) **Conversion Logic and API Integration** * Updated the conversion endpoints, endpoint names, and conversion matrix to support PDF-to-EPUB/AZW3 conversions. (`frontend/src/core/constants/convertConstants.ts`) * Modified the conversion operation logic to handle `epubOptions` and ensure that PDF-to-eBook conversions process each file separately and send the correct options to the backend. (`frontend/src/core/hooks/tools/convert/useConvertOperation.ts`) **Localization and Tool Registry Updates** * Added localization strings for the new eBook conversion options. (`frontend/public/locales/en-GB/translation.toml`) * Registered the new PDF-to-eBook operation in the tool catalog and test helpers. (`frontend/src/core/data/useTranslatedToolRegistry.tsx`, `frontend/src/core/tests/helpers/conversionEndpointDiscovery.ts`) <img width="364" height="995" alt="image" src="https://github.com/user-attachments/assets/c54c50c0-1b86-4074-aef8-b038c6caeb49" /> <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [X] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [X] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [X] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. Signed-off-by: Balázs Szücs <bszucs1209@gmail.com> Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
…ssing (Stirling-Tools#5432) # Description of Changes ### What was changed - Updated the Gradle `npmInstall` task to detect a missing required devDependency (`@iconify-json/material-symbols`) even when `node_modules` exists. - If the package is missing, the task will no longer skip `npm install`; it will force a reinstall instead. ### Why the change was made - The frontend build (`npm run generate-icons`) can fail with `Cannot find module '@iconify-json/material-symbols'` when `node_modules` is present but incomplete/corrupted. - The current "node_modules exists => skip install" shortcut is not sufficient for this scenario, causing Gradle builds to fail during `npmBuild`. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
… strings across locales (Stirling-Tools#5309) # Description of Changes This pull request updates the Arabic translation file (`frontend/public/locales/ar-AR/translation.toml`) with a large number of new and improved strings, adding support for new features and enhancing clarity and coverage across the application. Additionally, it makes several improvements to the TOML language check script (`.github/scripts/check_language_toml.py`) and updates the corresponding GitHub Actions workflow to better track and validate translation changes. **Translation updates and enhancements:** * Added translations for new features and UI elements, including annotation tools, PDF/A-3b conversion, line art compression, background removal, split modes, onboarding tours, and more. [[1]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR343-R346) [[2]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR442-R460) [[3]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR514-R523) [[4]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR739-R743) [[5]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR1281-R1295) [[6]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR1412-R1416) [[7]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2362-R2365) [[8]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2411-R2415) [[9]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2990) [[10]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3408-R3420) [[11]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3782-R3794) [[12]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3812-R3815) [[13]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3828-R3832) [[14]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effL3974-R4157) [[15]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR4208-R4221) [[16]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5247) [[17]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5414-R5423) [[18]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5444-R5447) * Improved and expanded coverage for settings, security, onboarding, and help menus, including detailed descriptions and tooltips for new and existing features. [[1]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR442-R460) [[2]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5247) [[3]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5414-R5423) [[4]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5444-R5447) **TOML language check script improvements:** * Increased the maximum allowed TOML file size from 500 KB to 570 KB to accommodate larger translation files. * Improved file validation logic to more accurately skip or process files based on directory structure and file type, and added informative print statements for skipped files. * Enhanced reporting in the difference check: now, instead of raising exceptions for unsafe files or oversized files, the script logs warnings and continues processing, improving robustness and clarity in CI reports. * Adjusted the placement of file check report lines for clarity in the generated report. **Workflow and CI improvements:** * Updated the GitHub Actions workflow (`.github/workflows/check_toml.yml`) to trigger on changes to the translation script and workflow files, in addition to translation TOMLs, ensuring all relevant changes are validated. These changes collectively improve the translation quality and coverage for Arabic users, enhance the reliability and clarity of the translation validation process, and ensure smoother CI/CD workflows for localization updates. <img width="654" height="133" alt="image" src="https://github.com/user-attachments/assets/9f3e505d-927f-4dc0-9098-cee70bbe85ca" /> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
…mination (Stirling-Tools#5453) This pull request updates the Docker build caching strategy in the GitHub Actions workflow to improve cache isolation and efficiency. The main change is the introduction of a cache `scope` based on the `artifact-suffix` matrix value. **Build caching improvements:** * [`.github/workflows/build.yml`](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L329-R330): Updated `cache-from` and `cache-to` in the Docker build step to use a scoped cache (`scope=${{ matrix.artifact-suffix }}`), enabling better cache isolation across different build variants.
… the pip group across 1 directory (Stirling-Tools#5456) Bumps the pip group with 1 update in the /testing/cucumber directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 2.5.0 to 2.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[Stirling-Tools#3743](urllib3/urllib3#3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[Stirling-Tools#3752](urllib3/urllib3#3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[Stirling-Tools#3734](urllib3/urllib3#3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[Stirling-Tools#3731](urllib3/urllib3#3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move "v2.0 Migration Guide" to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…irling-Tools#5316) Bumps alpine from 3.22.2 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tirling-Tools#5319) Bumps alpine from 3.22.1 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ded (Stirling-Tools#5357) Bumps debian from `1c25564` to `449673e`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tirling-Tools#5463) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.12.0</h2> <ul> <li>Deprecate <code>install</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/455">docker/setup-buildx-action#455</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/434">docker/setup-buildx-action#434</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/436">docker/setup-buildx-action#436</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/432">docker/setup-buildx-action#432</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/435">docker/setup-buildx-action#435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0">https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"><code>8d2750c</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/455">#455</a> from crazy-max/install-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e81846bcc4416a0bf18b8389e4f6fce279619ddc"><code>e81846b</code></a> deprecate install input</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/65d18f8f8a05aab1b2d761032bec9cd5578caadb"><code>65d18f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/454">#454</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/000d75d273dec231f74115df50b6ee04c9b25e55"><code>000d75d</code></a> build(deps): bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/1583c0f09d26c58c59d25b0eef29792b7ce99d9a"><code>1583c0f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/443">#443</a> from nicolasleger/patch-1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/ed158e796328af702db08c75bebb92f2fb10be88"><code>ed158e7</code></a> doc: bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4cc794f83e4b7488282e879f4469e86246e52ddd"><code>4cc794f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/441">#441</a> from docker/dependabot/github_actions/actions/checkout-5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4dfc3d6c5d9e9534040f8d8b55bd4a98459b62b7"><code>4dfc3d6</code></a> build(deps): bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/af1b253b8dc984466d22633f04ef341c1520ed2f"><code>af1b253</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/440">#440</a> from crazy-max/k3s-build</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/3c6ab92b04d9f3e63233e0e0168ba114c6b448bc"><code>3c6ab92</code></a> ci: k3s test with latest buildx</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ools#5464) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/5e57cd118135c172c3672efd75eb46360885c0ef"><code>5e57cd1</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/890">#890</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/97e31439e8b415da4e1322633630e1563c42c0f2"><code>97e3143</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/3a0796b57f440ff1af59165907392527fa832e0c"><code>3a0796b</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/5b7b28b1cc417bbd34cd8c225a957c9ce9adf7f2"><code>5b7b28b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/882">#882</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/abc9fb3154ad354cf35d6c78a862bee018dd4cb8"><code>abc9fb3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/d46868881477a1d16bdcc80a5b2c05208b1befe4"><code>d468688</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/a99b2f88fc4efabea32b8ba09581cf535c1577e9"><code>a99b2f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/883">#883</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/0d7fae8057d840a981e4132ce97862f6c8f48b42"><code>0d7fae8</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/9832253cb7b14f93bd4134396bd26e855e8e4bd2"><code>9832253</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0</li> <li><a href="https://github.com/docker/login-action/commit/09e05bbdf68bd9ce9eedefa6d2ebe03008c32b08"><code>09e05bb</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/881">#881</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/v3.4.0...5e57cd118135c172c3672efd75eb46360885c0ef">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Auto-generated by [create-pull-request][1] with **stirlingbot** [1]: https://github.com/peter-evans/create-pull-request Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
Auto-generated by stirlingbot[bot] This PR updates the backend license report based on dependency changes. Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com> Co-authored-by: Ludy <Ludy87@users.noreply.github.com>
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
### Description of Changes This Pull Request was automatically generated to synchronize updates to translation files and documentation. Below are the details of the changes made: #### **1. Synchronization of Translation Files** - Updated translation files (`frontend/public/locales/*/translation.toml`) to reflect changes in the reference file `en-GB/translation.toml`. - Ensured consistency and synchronization across all supported language files. - Highlighted any missing or incomplete translations. - **Format**: TOML #### **2. Update README.md** - Generated the translation progress table in `README.md` using `counter_translation_v3.py`. - Added a summary of the current translation status for all supported languages. - Included up-to-date statistics on translation coverage. #### **Why these changes are necessary** - Keeps translation files aligned with the latest reference updates. - Ensures the documentation reflects the current translation progress. --- Auto-generated by [create-pull-request][1]. [1]: https://github.com/peter-evans/create-pull-request --------- Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
…reController (Stirling-Tools#5477) # Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. Signed-off-by: Balázs Szücs <bszucs1209@gmail.com>
…tirling-Tools#5471) ## Description Fixed broken documentation link in the air-gapped setup guide that was pointing to a non-existent `/Pro/#activation` page (returning 404). Updated to the correct `/Paid-Offerings/#activating-your-license` URL which returns 200 OK. ## Changes Made - Updated link in `frontend/src/core/data/useTranslatedToolRegistry.tsx` (line 838) - Changed from `https://docs.stirlingpdf.com/Pro/#activation` to `https://docs.stirlingpdf.com/Paid-Offerings/#activating-your-license` ## Testing - Verified old link returns 404 - Verified new link returns 200 and has activation section - Link now correctly points to the "Activating Your License" section of the Paid Offerings documentation ## Related Issue Resolves Stirling-Tools#5088 ## Checklist - [x] Code follows project style guidelines - [x] Changes are limited to fixing the broken link only (atomic commit) - [x] Link has been manually tested and verified working
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| ProcessBuilder processBuilder = new ProcessBuilder(command); | ||
| validateCommand(commandToRun); | ||
| log.info("Running command: {}", String.join(" ", commandToRun)); | ||
| ProcessBuilder processBuilder = new ProcessBuilder(commandToRun); |
Check failure
Code scanning / Seqra
Command line depends on a user provided value Error
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of Changes
Checklist
General
Documentation
Translations (if applicable)
scripts/counter_translation.pyUI Changes (if applicable)
Testing (if applicable)