chore(deps): bump pypdf from 6.9.2 to 6.10.1

[dependabot]

Bumps pypdf from 6.9.2 to 6.10.1.

Release notes

Sourced from pypdf's releases.

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

• Limit the allowed size of xref and object streams (#3733) by @​stefan6419846

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731) by @​stefan6419846

Documentation (DOC)

• Use new parameter names for compress_identical_objects by @​stefan6419846

Full Changelog

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724) by @​stefan6419846

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310) by @​j-t-1
• Fix PdfReadError when xref table contains comments before trailer (#3710) by @​rassie
• Correctly verify AES padding during decryption (#3699) by @​stefan6419846
• Fix stale object cache from non-authoritative object streams (#3698) by @​astahlman
• Fix extract_links pairing when annotations include non-links (#3687) by @​ReinerBRO

Documentation (DOC)

• Add AI policy (#3717) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.1, 2026-04-14

Security (SEC)

• Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

• Use new parameter names for compress_identical_objects

Full Changelog

Version 6.10.0, 2026-04-10

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310)
• Fix PdfReadError when xref table contains comments before trailer (#3710)
• Correctly verify AES padding during decryption (#3699)
• Fix stale object cache from non-authoritative object streams (#3698)
• Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

• Add AI policy (#3717)

Full Changelog

Commits

• b49e7eb REL: 6.10.1
• 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
• 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
• b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
• 717446b ROB: Consider strict mode setting for decryption errors (#3731)
• 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
• 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
• 1c56302 DOC: Use new parameter names for compress_identical_objects
• fd0aeca REL: 6.10.0
• b15a374 SEC: Disallow custom XML entity declarations for XMP metadata (#3724)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Test Results

109 tests  ±0   109 ✅ ±0   4m 51s ⏱️ -12s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit c413b86. ± Comparison against base commit 2c20475.