chore(deps): bump pypdf from 6.11.0 to 6.12.1

[dependabot]

Bumps pypdf from 6.11.0 to 6.12.1.

Release notes

Sourced from pypdf's releases.

Version 6.12.1, 2026-05-22

What's new

Security (SEC)

• Limit input size and element count for XMP metadata (#3796) by @​stefan6419846

Robustness (ROB)

• Prevent cyclic parent hierarchies for inherited dictionaries (#3795) by @​stefan6419846
• Deal with invalid first code in LZW decoder (#3794) by @​stefan6419846

Full Changelog

Version 6.12.0, 2026-05-21

What's new

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791) by @​stefan6419846
• Avoid excessive whitespace in layout mode text extraction (#3790) by @​stefan6419846

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780) by @​adityamoolya
• CID font resource from font file to encode more characters (#3652) by @​PJBrs

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442) by @​larsga

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786) by @​Abzaek

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781) by @​PJBrs

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.12.1, 2026-05-22

Security (SEC)

• Limit input size and element count for XMP metadata (#3796)

Robustness (ROB)

• Prevent cyclic parent hierarchies for inherited dictionaries (#3795)
• Deal with invalid first code in LZW decoder (#3794)

Full Changelog

Version 6.12.0, 2026-05-21

Security (SEC)

• Disallow cross-reference streams with zero-only width values (#3791)
• Avoid excessive whitespace in layout mode text extraction (#3790)

New Features (ENH)

• Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780)
• CID font resource from font file to encode more characters (#3652)

Performance Improvements (PI)

• Optimize retrieval of named destinatinos in reader (#3442)

Bug Fixes (BUG)

• Fix TreeObject.insert_child KeyError on fresh children (#3786)

Robustness (ROB)

• AppearanceStream: Also honor user-set font name when not flattening annotations (#3781)

Documentation (DOC)

• Block encrypting writer in incremental mode (#3789)

Full Changelog

Commits

• 228780a REL: 6.12.1
• 62191d5 SEC: Limit input size and element count for XMP metadata (#3796)
• e852631 ROB: Prevent cyclic parent hierarchies for inherited dictionaries (#3795)
• 6b4bbcc ROB: Deal with invalid first code in LZW decoder (#3794)
• 20c16d3 TST: Update tests for Python 3.15 support (#3793)
• 08eb143 REL: 6.12.0
• 507d7c9 SEC: Disallow cross-reference streams with zero-only width values (#3791)
• 9d27470 SEC: Avoid excessive whitespace in layout mode text extraction (#3790)
• 0a8e699 DOC: Block encrypting writer in incremental mode (#3789)
• 541ebd4 DEV: Update idna from version 3.10 to 3.15
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)