Bump the minor-and-patch group with 2 updates

[dependabot]

Bumps the minor-and-patch group with 2 updates: pypdf and ty.

Updates pypdf from 6.7.0 to 6.7.2

Release notes

Sourced from pypdf's releases.

Version 6.7.2, 2026-02-22

What's new

Security (SEC)

• Prevent infinite loop from circular xref /Prev references (#3655) by @​rampageservices

Bug Fixes (BUG)

• Fix wrong LUT size error (#3651) by @​stefan6419846
• Fix handling of page boxes defined on /Pages (#3650) by @​stefan6419846

Full Changelog

Version 6.7.1, 2026-02-17

What's new

Security (SEC)

• Detect cyclic references when accessing TreeObject.children (#3645) by @​stefan6419846
• Limit size of /ToUnicode entries (#3646) by @​stefan6419846
• Limit FlateDecode recovery attempts (#3644) by @​stefan6419846

Bug Fixes (BUG)

• Avoid own object replacement logic in PageObject.replace_contents (#3638) by @​stefan6419846
• Fix UnboundLocalError when update_page_form_field_values with /Sig (#3634) by @​John-Sharp

Robustness (ROB)

• Avoid divison by zero when decoding FlateDecode PNG prediction (#3641) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.7.2, 2026-02-22

Security (SEC)

• Prevent infinite loop from circular xref /Prev references (#3655)

Bug Fixes (BUG)

• Fix wrong LUT size error (#3651)
• Fix handling of page boxes defined on /Pages (#3650)

Full Changelog

Version 6.7.1, 2026-02-17

Security (SEC)

• Detect cyclic references when accessing TreeObject.children (#3645)
• Limit size of /ToUnicode entries (#3646)
• Limit FlateDecode recovery attempts (#3644)

Bug Fixes (BUG)

• Avoid own object replacement logic in PageObject.replace_contents (#3638)
• Fix UnboundLocalError when update_page_form_field_values with /Sig (#3634)

Robustness (ROB)

• Avoid divison by zero when decoding FlateDecode PNG prediction (#3641)

Full Changelog

Commits

• 4f1260f REL: 6.7.2
• 6ef86cb DOC: Sync release process with current status
• f0a462d SEC: Prevent infinite loop from circular xref /Prev references (#3655)
• c707d3c DOC: Encourage contributors to not use our CI for debugging
• 4670513 BUG: Fix wrong LUT size error (#3651)
• 801353a MAINT: Spelling corrections (#3647)
• 4d57836 BUG: Fix handling of page boxes defined on /Pages (#3650)
• ad2a45d REL: 6.7.1
• bd2f6d0 SEC: Detect cyclic references when accessing TreeObject.children (#3645)
• 77d7b8d SEC: Limit size of /ToUnicode entries (#3646)
• Additional commits viewable in compare view

Updates ty from 0.0.17 to 0.0.18

Release notes

Sourced from ty's releases.

0.0.18

Release Notes

Released on 2026-02-20.

Bug fixes

• Support classes dynamically created via type(...) with cyclic bases (#22792)
• Fix incorrect types inferred when unpacking mixed tuples (#23437)
• Fix stack overflow for self-referential TypeOf in annotations (#23407)
• Fix several server panics that could occur when computing semantic tokens for the current file (#23403), #23398, #23401)

LSP server

• Add code folding support (#23393)
• Add warning message when running ty server interactively (#23416)
• Exclude test-related symbols from non-first-party packages in auto-import completions (#23252)
• Fix bug where diagnostics could disappear after opening an external file (#23447)
• Remove spurious destination for Go-To Definition on variables defined in a loop (#23391)
• Use the fully qualified name when "baking" an inlay hint into the source code if the scope already contains a variable with the same name as the unqualified name (#23265)
• Resolve TypeVars in call_signature_details parameter types (#23149)

CLI

• Add --output-format to ty version (#23387)

Configuration

• Add replace-imports-with-any option (#23122)
• Support shellexpand for configuration paths (#23274)

Type checking

• Add a new diagnostic to detect invalid class patterns in match statements (#22939)
• Allow Self in ClassVar type annotations (#23362)
• Consider synthesized methods and ClassVar-qualified declarations when determining whether an abstract method has been overridden in a subclass (#23381)
• Add a diagnostic when combining Final and ClassVar (#23365)
• Fix return type of assert_never (#23389)
• Fix assert_type diagnostic messages (#23342)
• Ban PEP-613 type alias values from containing type-qualifier special forms (#23444)
• Infer LiteralString for f"{literal_str_a} {literal_str_b}" (#23346)
• Infer precise types for bit-shift operations on integer literals (#23301)
• Make [abstract-method-in-final-class] diagnostics less verbose for classes with many abstract methods (#23379)
• Improve diagnostics for abstract @final classes (#23376)
• Only perform literal promotion for implicitly inferred literals (#23107)
• Parenthesize callable types when they appear in the return annotation of other callable types (#23327)
• Consider a call to a generic function returning Never to terminate control flow (#23419)
• Support calls to intersection types (#22469)
• Validate annotated assignments to attributes on self (#23388)
• Treat a bytes-literal type as a subtype of Sequence[<constituent integers in the bytestring>] (#23329)

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.18

Released on 2026-02-20.

Bug fixes

• Support classes dynamically created via type(...) with cyclic bases (#22792)
• Fix incorrect types inferred when unpacking mixed tuples (#23437)
• Fix stack overflow for self-referential TypeOf in annotations (#23407)
• Fix several server panics that could occur when computing semantic tokens for the current file (#23403), #23398, #23401)

LSP server

• Add code folding support (#23393)
• Add warning message when running ty server interactively (#23416)
• Exclude test-related symbols from non-first-party packages in auto-import completions (#23252)
• Fix bug where diagnostics could disappear after opening an external file (#23447)
• Remove spurious destination for Go-To Definition on variables defined in a loop (#23391)
• Use the fully qualified name when "baking" an inlay hint into the source code if the scope already contains a variable with the same name as the unqualified name (#23265)
• Resolve TypeVars in call_signature_details parameter types (#23149)

CLI

• Add --output-format to ty version (#23387)

Configuration

• Add replace-imports-with-any option (#23122)
• Support shellexpand for configuration paths (#23274)

Type checking

• Add a new diagnostic to detect invalid class patterns in match statements (#22939)
• Allow Self in ClassVar type annotations (#23362)
• Consider synthesized methods and ClassVar-qualified declarations when determining whether an abstract method has been overridden in a subclass (#23381)
• Add a diagnostic when combining Final and ClassVar (#23365)
• Fix return type of assert_never (#23389)
• Fix assert_type diagnostic messages (#23342)
• Ban PEP-613 type alias values from containing type-qualifier special forms (#23444)
• Infer LiteralString for f"{literal_str_a} {literal_str_b}" (#23346)
• Infer precise types for bit-shift operations on integer literals (#23301)
• Make [abstract-method-in-final-class] diagnostics less verbose for classes with many abstract methods (#23379)
• Improve diagnostics for abstract @final classes (#23376)
• Only perform literal promotion for implicitly inferred literals (#23107)
• Parenthesize callable types when they appear in the return annotation of other callable types (#23327)
• Consider a call to a generic function returning Never to terminate control flow (#23419)
• Support calls to intersection types (#22469)
• Validate annotated assignments to attributes on self (#23388)
• Treat a bytes-literal type as a subtype of Sequence[<constituent integers in the bytestring>] (#23329)
• Allow a string-literal argument to match against an Iterable parameter in type variable inference. (#23326)

... (truncated)

Commits

• 7516727 Bump version to 0.0.18 (#2869)
• 8e86a56 Mention code folding on language server feature page
• ca49bf9 Add shellcheck to pre-commit configuration (#2845)
• 532e761 Update PyO3/maturin-action action to v1.50.0 (#2823)
• 0211006 Update prek dependencies (#2822)
• 60ebbfe docs: Add beta status notice to README (#2556)
• 31b126a docs: add link for the call hierarchy tracking issue (#2816)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions