Bump the minor-and-patch group across 1 directory with 3 updates

[dependabot]

Bumps the minor-and-patch group with 3 updates in the /backend directory: flask-cors, numpy and pypdf.

Updates flask-cors from 6.0.2 to 6.0.5

Release notes

Sourced from flask-cors's releases.

6.0.5

Supersedes 6.0.4

What's Changed

• Add MyPy Typing and modernize options parsing by @​corydolphin in corydolphin/flask-cors#409 (this broke strict type checking when using Blueprints)
• Restore Blueprint support in CORS type signatures (#410) by @​corydolphin in corydolphin/flask-cors#411

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.5

6.0.4

What's Changed

• Add MyPy Typing by @​corydolphin in corydolphin/flask-cors#409

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.4

6.0.3

What's Changed

• Derive package version from git tag via setuptools-scm by @​corydolphin in corydolphin/flask-cors#405
• Improve CI/CD security with least privilege and build separation by @​corydolphin in corydolphin/flask-cors#406

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

6.0.3-pre

What's Changed

• Derive package version from git tag via setuptools-scm by @​corydolphin in corydolphin/flask-cors#405
• Improve CI/CD security with least privilege and build separation by @​corydolphin in corydolphin/flask-cors#406

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

Commits

• 91ebc49 Typing Hotfix: support blueprints in the type system
• d601665 Add strict MyPy Typing
• c8e8871 Harden release publishing workflow (#406)
• e1d4034 Derive package version from git tag via setuptools-scm (#405)
• See full diff in compare view

Updates numpy from 2.4.4 to 2.4.6

Release notes

Sourced from numpy's releases.

v2.4.6 (May 18, 2026)

NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release.

This release supports Python versions 3.11-3.14

Contributors

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• !EarlMilktea
• Charles Harris
• Sebastian Berg
• Warren Weckesser

Pull requests merged

A total of 4 pull requests were merged for this release.

• #31444: MAINT: Prepare 2.4.x for further development
• #31453: BUG: Fix regression in arr.conj()
• #31459: BUG: np.linalg.svd(..., hermitian=True) returns non-unitary...
• #31460: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Aleksei Nikiforov
• Anarion Zuo +
• Ankit Ahlawat
• Breno Favaretto +
• Charles Harris
• Igor Krivenko +
• Ijtihed Kilani +
• Joren Hammudoglu
• Maarten Baert +

... (truncated)

Commits

• b832a09 Merge pull request #31462 from charris/prepare-2.4.6
• 57cc147 REL: Prepare for the NumPy 2.4.6 release
• 0c72b0b Merge pull request #31459 from charris/backport-31347
• 9778d26 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• e0e3876 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• d1bffeb BUG: np.linalg.svd(..., hermitian=True) returns non-unitary vh (#31347)
• 8d8d7e5 Merge pull request #31453 from seberg/issue-31452
• bddaab7 BUG: Fix regression in arr.conj()
• 37a1ecc Merge pull request #31444 from charris/begin-2.4.6
• 3c0e043 MAINT: Prepare 2.4.x for further development
• Additional commits viewable in compare view

Updates pypdf from 6.10.0 to 6.13.2

Release notes

Sourced from pypdf's releases.

Version 6.13.2, 2026-06-10

What's new

Security (SEC)

• Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847) by @​fredericoschardong

Robustness (ROB)

• Fix UnboundLocalError in _read_standard_xref_table on a malformed entry (#3841) by @​joszamama
• Raise PdfStreamError on non-hexadecimal bytes in hex readers (#3832) by @​metsw24-max

Full Changelog

Version 6.13.1, 2026-06-08

What's new

Security (SEC)

• Prevent infinite loops when processing threads/articles (#3839) by @​stefan6419846

Full Changelog

Version 6.13.0, 2026-06-05

What's new

Security (SEC)

• Avoid infinite loops for outlines and text extraction (#3830) by @​stefan6419846

New Features (ENH)

• Add Japanese predefined CMaps (#3800) by @​yasuhiroiwaki
• Font: Collect all character widths, not only those that can be unicode mapped (#3798) by @​PJBrs

Robustness (ROB)

• Recover a corrupt trailing startxref pointer (closes #3238) (#3826) by @​gaoflow
• Handle /Pages node without /Kids during flattening (#3825) by @​gaoflow
• Accept inline image EI marker at the end of a content stream (#3827) by @​gaoflow

Maintenance (MAINT)

• Type the always-raising deprecation helpers as NoReturn (#3819) by @​estelledc

Full Changelog

Version 6.12.2, 2026-05-26

What's new

Security (SEC)

• Optimize _decode_png_prediction regarding memory and speed (#3806) by @​stefan6419846
• Improve loop control in text extraction (#3805) by @​stefan6419846

Full Changelog

Version 6.12.1, 2026-05-22

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.13.2, 2026-06-10

Security (SEC)

• Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847)

Robustness (ROB)

• Fix UnboundLocalError in _read_standard_xref_table on a malformed entry (#3841)
• Raise PdfStreamError on non-hexadecimal bytes in hex readers (#3832)

Full Changelog

Version 6.13.1, 2026-06-08

Security (SEC)

• Prevent infinite loops when processing threads/articles (#3839)

Full Changelog

Version 6.13.0, 2026-06-05

Security (SEC)

• Avoid infinite loops for outlines and text extraction (#3830)

New Features (ENH)

• Add Japanese predefined CMaps (#3800)
• Font: Collect all character widths, not only those that can be unicode mapped (#3798)

Robustness (ROB)

• Recover a corrupt trailing startxref pointer (closes #3238) (#3826)
• Handle /Pages node without /Kids during flattening (#3825)
• Accept inline image EI marker at the end of a content stream (#3827)

Maintenance (MAINT)

• Type the always-raising deprecation helpers as NoReturn (#3819)

Full Changelog

Version 6.12.2, 2026-05-26

Security (SEC)

• Optimize _decode_png_prediction regarding memory and speed (#3806)
• Improve loop control in text extraction (#3805)

Full Changelog

Version 6.12.1, 2026-05-22

Security (SEC)

• Limit input size and element count for XMP metadata (#3796)

... (truncated)

Commits

• 6490dff REL: 6.13.2
• d209c2c SEC: Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847)
• 06d4106 ROB: Fix UnboundLocalError in _read_standard_xref_table on a malformed entry ...
• c64016a ROB: Raise PdfStreamError on non-hexadecimal bytes in hex readers (#3832)
• 6207d77 ROB: Guard truncated Type1 font program in _type1_alternative (#3835)
• e31de26 DEV: Bump actions/checkout from 6.0.2 to 6.0.3 (#3843)
• 7a3a870 REL: 6.13.1
• 5efe472 SEC: Prevent infinite loops when processing threads/articles (#3839)
• 80509e3 ROB: Avoid recursion errors for _doc_common (#3838)
• d74d95d MAINT: Remove unreachable return in read_until_regex (#3833)
• Additional commits viewable in compare view