Skip to content

Bump weasyprint from 68.1 to 69.0#2132

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/weasyprint-69.0
Open

Bump weasyprint from 68.1 to 69.0#2132
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/weasyprint-69.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Bumps weasyprint from 68.1 to 69.0.

Release notes

Sourced from weasyprint's releases.

v69.0

This is a security update (CVE-2026-49452).

We strongly recommend to upgrade WeasyPrint to the latest version if you use the --presentational-hints option and render untrusted HTML with restricted CSS properties.

Read about this release on our blog.

Security

  • Avoid CSS injection with HTML presentational hints.

Command-line API

  • The --srgb option has been replaced by --output-intent=srgb. Other values are possible: device-cmyk for CMYK documents with no ICC profile, or the CSS identifier of a @color-profile rule.

Python API

  • The output_intent string entry replaces the srgb boolean in default options.

Features

Bug fixes

  • #2697, #2691: Avoid endless loops in grids
  • #2709: Be less strict for gradient rasterization in tests
  • #2683: Fix rendering of emojis in SVG
  • #2688: Always describe font using absolute sizes
  • #2676: Fix inheritance for svg/symbol tags referenced by use tags
  • #2681: Add dc:description field to PDF/A metadata
  • #2680: Force first grid row rendering on empty pages
  • #2690: Compute units in gradients used in border background
  • #2689: Cut flex elements with fixed height and overflowing children
  • #2651, #2696: Fix tests on Debian
  • #2698, #2699: Fix alignment of right-to-left elements with auto width and set min/max-width
  • #2556: Apply presentational hints to svg tags
  • #2706: Handle infinite border radii
  • #2707, #2708, #2710: Get mimetypes from Python code instead of various third-party files
  • #2717, #2580, #2740: Fix table break retry after padding overflow
  • #2769: Add year in PDF/UA-2 metadata
  • #2768: Allow SVG lists of numbers to be split on + character
  • #2770: Add namespace to Document tag in PDF 2
  • #2771: Never try to render SVG use tags with external sources
  • #2774: Fix calc in logical

... (truncated)

Changelog

Sourced from weasyprint's changelog.

Version 69.0

Released on 2026-06-02.

This is a security update (CVE-2026-49452).

We strongly recommend to upgrade WeasyPrint to the latest version if you use the --presentational-hints option and render untrusted HTML with restricted CSS properties.

Security:

  • Avoid CSS injection with HTML presentational hints.

Command-line API:

  • The --srgb option has been replaced by --output-intent=srgb. Other values are possible: device-cmyk for CMYK documents with no ICC profile, or the CSS identifier of a @color-profile rule.

Python API:

  • The output_intent string entry replaces the srgb boolean in default options.

Features:

  • [#2357](https://github.com/Kozea/WeasyPrint/issues/2357) <https://github.com/Kozea/WeasyPrint/issues/2357>, [#2700](https://github.com/Kozea/WeasyPrint/issues/2700) <https://github.com/Kozea/WeasyPrint/pull/2700>: Support logical properties
  • [#1194](https://github.com/Kozea/WeasyPrint/issues/1194) <https://github.com/Kozea/WeasyPrint/issues/1194>, [#2702](https://github.com/Kozea/WeasyPrint/issues/2702) <https://github.com/Kozea/WeasyPrint/pull/2702>: Support viewport units
  • [#2686](https://github.com/Kozea/WeasyPrint/issues/2686) <https://github.com/Kozea/WeasyPrint/issues/2686>_: Detect redirection loops early in URL fetcher
  • [#2735](https://github.com/Kozea/WeasyPrint/issues/2735) <https://github.com/Kozea/WeasyPrint/issues/2735>, [#2737](https://github.com/Kozea/WeasyPrint/issues/2737) <https://github.com/Kozea/WeasyPrint/pull/2737>: Support SVG transform angle units
  • [#2636](https://github.com/Kozea/WeasyPrint/issues/2636) <https://github.com/Kozea/WeasyPrint/issues/2636>, [#2720](https://github.com/Kozea/WeasyPrint/issues/2720) <https://github.com/Kozea/WeasyPrint/pull/2720>, [#2773](https://github.com/Kozea/WeasyPrint/issues/2773) <https://github.com/Kozea/WeasyPrint/pull/2773>_: Use HTML parsers for presentational hints
  • [#2631](https://github.com/Kozea/WeasyPrint/issues/2631) <https://github.com/Kozea/WeasyPrint/issues/2631>, [#2778](https://github.com/Kozea/WeasyPrint/issues/2778) <https://github.com/Kozea/WeasyPrint/pull/2778>, [#2785](https://github.com/Kozea/WeasyPrint/issues/2785) <https://github.com/Kozea/WeasyPrint/issues/2785>, [#2788](https://github.com/Kozea/WeasyPrint/issues/2788) <https://github.com/Kozea/WeasyPrint/pull/2788>: Allow users to set PDF output intent

Bug fixes:

... (truncated)

Commits
  • 3287311 Version 69.0
  • 6f58a9a Add security message in Changelog
  • 2d13d3d Update test comment to indicate related issue
  • 227f5f7 Merge pull request #2791 from Kozea/improve-var
  • ff72115 Improve management of variables
  • b419c7f Merge pull request #2788 from Kozea/fix-hints
  • 1729ce4 Fix minor errors in presentational hints
  • 9898e84 Merge pull request #2787 from danfitz36/fix-namespace-type-typo
  • 15eea9f Add lang attribute to PDF/UA-2 namespace test
  • cb5f66c Fix /Namepace typo in PDF 2 structure-tree namespace
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump weasyprint from 68.1 to 69.0
a1477dc 
Bumps [weasyprint](https://github.com/Kozea/WeasyPrint) from 68.1 to 69.0.
- [Release notes](https://github.com/Kozea/WeasyPrint/releases)
- [Changelog](https://github.com/Kozea/WeasyPrint/blob/main/docs/changelog.rst)
- [Commits](Kozea/WeasyPrint@v68.1...v69.0)

---
updated-dependencies:
- dependency-name: weasyprint
  dependency-version: '69.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants