guptas6est 32d31284cc Fix: upgrade pypdf to 6.7.5 and migrate from deprecated pypdf2 to fix CVE-2026-28804 and CVE-2023-36464 (#13454) ...

### What problem does this PR solve?

This PR addresses security vulnerabilities in PDF processing
dependencies identified by Trivy security scan:

1. CVE-2026-28804 (MEDIUM): pypdf 6.7.4 vulnerable to inefficient
decoding of ASCIIHexDecode streams
2. CVE-2023-36464 (MEDIUM): pypdf2 3.0.1 susceptible to infinite loop
when parsing malformed comments

Since pypdf2 is deprecated with no available fixes, this PR migrates all
pypdf2 usage to the actively maintained pypdf library (version 6.7.5),
which resolves
both vulnerabilities.


### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)

2026-03-09 12:06:00 +08:00

..

advanced_rag

Refa: async retrieval process. (#12629)

2026-01-15 12:28:49 +08:00

app

Fix: upgrade pypdf to 6.7.5 and migrate from deprecated pypdf2 to fix CVE-2026-28804 and CVE-2023-36464 (#13454)

2026-03-09 12:06:00 +08:00

flow

Feat/tenant model (#13072)

2026-03-05 17:27:17 +08:00

graphrag

Feat/tenant model (#13072)

2026-03-05 17:27:17 +08:00

llm

feat: add Ragcon provider (#13425)

2026-03-06 09:37:27 +08:00

nlp

Fix: add soft limit for graph rag size (#13252)

2026-03-02 14:02:36 +08:00

prompts

Feat/tenant model (#13072)

2026-03-05 17:27:17 +08:00

res

Feat: Bitbucket connector (#12332)

2025-12-31 17:18:30 +08:00

svr

Feat: add DingTalk AI Table connector and integration for data synch… (#13413)

2026-03-06 21:13:23 +08:00

utils

Fix: upgrade pypdf to 6.7.5 and migrate from deprecated pypdf2 to fix CVE-2026-28804 and CVE-2023-36464 (#13454)

2026-03-09 12:06:00 +08:00

__init__.py

Fix: incorrect async chat streamly output (#11679)

2025-12-03 11:15:45 +08:00

benchmark.py

Feat/tenant model (#13072)

2026-03-05 17:27:17 +08:00

raptor.py

Refa: Clean the folders. (#12890)

2026-01-29 14:23:26 +08:00

settings.py

Move api.settings to common.settings (#11036)

2025-11-06 09:36:38 +08:00