Skip to content

deps: bump pdf_oxide from 0.3.67 to 0.3.69#108

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pdf_oxide-0.3.69
Open

deps: bump pdf_oxide from 0.3.67 to 0.3.69#108
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pdf_oxide-0.3.69

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown

Bumps pdf_oxide from 0.3.67 to 0.3.69.

Changelog

Sourced from pdf_oxide's changelog.

[0.3.69] - 2026-06-27

Language-bindings release — idiomatic bindings for C++, Swift, Kotlin, Dart, R, Julia, Zig, Scala, Clojure, Objective-C, and Elixir, each over the stable C ABI, with per-language CI, package-registry publishing, cross-language regression examples, and single-source version management.

Added

  • Eleven new language bindings, each with an idiomatic wrapper, an api-coverage test (one assertion per public method), runnable CI-asserted examples, a README with install coordinates, and a dedicated CI workflow (Linux+macOS) running the same verification set:
    • C++ (cpp/) — header-only C++17 RAII wrapper; CMake with install/export targets and a Conan recipe.
    • Swift (swift/) — SwiftPM package + C module map.
    • Kotlin (kotlin/) — thin facade over the Java JNI binding.
    • Dart/Flutter (dart/) — dart:ffi.
    • R (r/) — .Call C shim, external-pointer handles.
    • Julia (julia/) — ccall.
    • Zig (zig/) — @cImport.
    • Scala (scala/) — thin facade over the Java JNI binding (Scala 3).
    • Clojure (clojure/) — direct Java interop over the JNI binding.
    • Objective-C (objc/) — NSObject wrappers over the C ABI.
    • Elixir (elixir/) — dirty-scheduler NIF (CPU-bound work never blocks the BEAM).
  • Package-registry publishing wired into the release pipeline for the new bindings: Maven Central (Kotlin, Scala), Clojars (Clojure), Hex.pm (Elixir), and pub.dev (Dart, via GitHub OIDC). Objective-C ships as a Trunk-free CocoaPods binary pod — an xcframework + podspec uploaded as release assets and installed via a :podspec URL — since CocoaPods Trunk goes read-only on 2026-12-02. C++ (vcpkg/Conan), R (CRAN), Julia (General registry), and Swift/Zig (git tag) are documented in docs/RELEASING-bindings.md.
  • Cross-language regression examples — alongside each binding's basic example, three shared-scenario examples (HTML extraction, word geometry, table extraction) run with output assertions in every binding's CI workflow.
  • Single-source version managementscripts/sync_version.py propagates the canonical Cargo.toml version into every binding manifest and version/parity assert (--check verifies, --set X.Y.Z bumps everything). A Version Consistency CI workflow fails if any binding drifts.

Fixed

  • Non-Identity-ordered Type0 fonts no longer emit a wrong character for CIDs missing from /ToUnicode (#773, #775) — for an embedded Type0 font whose /ToUnicode CMap omits some drawn CIDs (e.g. a ligature glyph with no single Unicode codepoint), the decode path fell back to a numeric guess — the GID via the standard glyph-name table → AGL, or the CID itself as a code point (char::from_u32) — emitting a plausible-but-wrong, content-like character that varied per subset (e.g. a ti ligature → : / D, so notificacaono:ficacao). The glyph has no Unicode anywhere in the file (no /ToUnicode entry, no post name, no GSUB), so the letters are unrecoverable, but substituting a wrong character is silent corruption. When a usable /ToUnicode is present, the GID→AGL guess is now suppressed for all Type0 fonts, and the CID-as-Unicode guess is suppressed for fonts whose CIDSystemInfo ordering is not Identity, so an uncovered CID there decodes to U+FFFD instead. For Identity-ordered (Adobe-Identity-0) fonts the CID-as-Unicode guess is restricted to whitespace (U+0020 → space, which producers routinely omit and is reliably CID == codepoint); any other uncovered CID likewise decodes to U+FFFD. A font with no /ToUnicode still uses the CID-as-Unicode heuristic exactly as before, and the authoritative embedded-cmap/post lookups are unchanged. This also resolves the opt-in-flag request (#775) by making the detectable-gap behaviour the default rather than a configuration flag. Thanks @​schelip for reporting both issues and contributing the fix.

[0.3.68] - 2026-06-24

Extraction fidelity release — symbolic TrueType character mis-decoding corrected via the (3,0)/(1,0) cmap, same-row span ordering preserved in plain-text output, JPEG 2000 (JPXDecode) image XObjects decoded via OpenJPEG, and RTL Farsi body text recovered from tagged Type0/CID PDFs.

Added

  • JPEG 2000 (JPXDecode) image XObjects decoded via OpenJPEGrender_page previously skipped image XObjects whose stream was compressed with /JPXDecode, silently dropping page content. The OpenJPEG library (via jpeg2k) now decodes them at render time; multi-component images are colour-managed and alpha-composited exactly as other image types. Thanks @​potatochipcoconut for the report.

Fixed

  • RTL Farsi body text recovered from tagged Type0/CID PDFs (#758) — Type0/CID composite fonts with a valid /ToUnicode CMap had ~92% of their body text silently dropped in v0.3.66 on RTL (Farsi) documents. The tagged-structure traversal now correctly assembles CID-encoded spans before the RTL reconstruction pass, recovering the full body. Thanks @​Goldziher for the report.
  • Symbolic TrueType fonts no longer mis-decode characters (#760) — a simple symbolic TrueType font (FontDescriptor Flags bit 3, no /Encoding, no /ToUnicode) decoded its content bytes by treating each byte directly as a glyph ID, producing wrong-but-plausible characters (e.g. ÇÊ, SOLUÇÃOSOLUÊÃO). The fix parses the embedded font's (3,0) symbol (or (1,0) Macintosh) cmap subtable into a byte→GID map so the correct byte→GID→Unicode hop is applied; fonts without such a subtable still use the byte as the GID. Thanks @​schelip for the report and fix.
  • Same-row spans no longer reordered or split in plain-text output (#752) — when one logical line was emitted as spans at the same Y in different reading-order groups whose boxes overlapped by a fraction of a point, to_plain_text interleaved the overlapping group as a vertical column (hoisting a fragment to the front) and forced a space between the overlapping fragments (splitting a word). A group whose spans share a Y row is now excluded from columnar detection, and the cross-group same-Y space rule is replaced by the standard has_horizontal_gap threshold used by the other converters. Thanks @​schelip for the report and fix.

Documentation

  • macOS/Rust OCR setup guide correctedORT_LIB_LOCATION is inert with the load-dynamic ONNX Runtime feature; the guide now documents ORT_DYLIB_PATH, the variable actually read at runtime.

Dependencies

  • pyo3 0.28 → 0.29 — fixes two security vulnerabilities: a missing Sync bound on PyCFunction::new_closure closures, and a possible out-of-bounds read in BoundTupleIterator::nth_back / BoundListIterator::nth_back.
  • phf 0.13 → 0.14, bytes 1.11 → 1.12, log 0.4.32 → 0.4.33, p12-keystore 0.3.0 → 0.3.1.
  • GitHub Actions: actions/checkout v7.0.0, actions/setup-java v5.3.0, softprops/action-gh-release v3.0.1, ruby/setup-ruby v1.314.0, taiki-e/install-action v2.82.2.
  • Patch/minor updates for rustls, time, zerocopy, zeroize, wasm-bindgen, wide, and ~35 other transitive crates.
Commits
  • 911270a Release v0.3.69 — language bindings, registry publishing, regression examples...
  • e88bafb fix(fonts): emit U+FFFD for uncovered Identity-ordered Type0 CIDs, keep white...
  • 96f3e78 chore(ci): bump taiki-e/install-action from 2.82.2 to 2.82.3 (#764)
  • c3ee58f fix(fonts): emit U+FFFD for Type0 CIDs missing from /ToUnicode instead of gue...
  • baa8fb9 ci(release-fips): pin MACOSX_DEPLOYMENT_TARGET for macOS wheels
  • 8150a2a Release v0.3.68
  • 020d87f Merge pull request #761 from schelip/fix/symbolic-truetype-cmap-byte-to-gid
  • 4a256ca fix(fonts): resolve symbolic-TrueType content bytes through the (3,0)/(1,0) cmap
  • e23429c Merge pull request #759 from schelip/fix/plain-text-same-row-span-order
  • 10c1898 fix(text): preserve same-row span order when grouping splits a line
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pdf_oxide](https://github.com/yfedoseev/pdf_oxide) from 0.3.67 to 0.3.69.
- [Release notes](https://github.com/yfedoseev/pdf_oxide/releases)
- [Changelog](https://github.com/yfedoseev/pdf_oxide/blob/main/CHANGELOG.md)
- [Commits](yfedoseev/pdf_oxide@v0.3.67...v0.3.69)

---
updated-dependencies:
- dependency-name: pdf_oxide
  dependency-version: 0.3.69
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants