From 7b52f92aea1de2d529868f5e0e08e1c9cc5d539f Mon Sep 17 00:00:00 2001 From: myhloli Date: Tue, 6 Jan 2026 14:41:47 +0800 Subject: [PATCH 1/3] fix: update pdfminer.six dependency to resolve CVE-2025-64512 and improve EXIF handling --- README.md | 6 ++++++ README_zh-CN.md | 5 +++++ pyproject.toml | 6 +++--- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6b35f93b..816e19b5 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,12 @@ # Changelog +- 2026/01/06 2.7.1 Release + - fix bug: #4300 + - Updated pdfminer.six dependency version to resolve [CVE-2025-64512](https://github.com/advisories/GHSA-wf5f-4jwr-ppcp) + - Support automatic correction of input image exif orientation to improve OCR recognition accuracy #4283 + + - 2025/12/30 2.7.0 Release - Simplified installation process. No need to separately install `vlm` acceleration engine dependencies. Using `uv pip install mineru[all]` during installation will install all optional backend dependencies. - Added new `hybrid` backend, which combines the advantages of `pipeline` and `vlm` backends. Built on vlm, it integrates some capabilities of pipeline, adding extra extensibility on top of high accuracy: diff --git a/README_zh-CN.md b/README_zh-CN.md index 8305cb37..a12262e3 100644 --- a/README_zh-CN.md +++ b/README_zh-CN.md @@ -45,6 +45,11 @@ # 更新记录 +- 2026/01/06 2.7.1 发布 + - fix bug: #4300 + - 更新pdfminer.six的依赖版本以解决 [CVE-2025-64512](https://github.com/advisories/GHSA-wf5f-4jwr-ppcp) + - 支持输入图像的exif方向自动校正,提升OCR识别效果 #4283 + - 2025/12/30 2.7.0 发布 - 简化安装流程,现在不再需要单独安装`vlm`加速引擎依赖包,安装时使用`uv pip install mineru[all]`即可安装所有可选后端的依赖包。 - 增加全新后端`hybrid`,该后端结合了`pipeline`和`vlm`后端的优势,在vlm的基础上,融入了pipeline的部分能力,在高精度的基础上增加了额外的扩展性: diff --git a/pyproject.toml b/pyproject.toml index 11a25f92..154b9efa 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -21,7 +21,7 @@ dependencies = [ "click>=8.1.7", "loguru>=0.7.2", "numpy>=1.21.6", - "pdfminer.six==20251230", + "pdfminer.six>=20251230", "tqdm>=4.67.1", "requests", "httpx", @@ -40,7 +40,6 @@ dependencies = [ "beautifulsoup4>=4.13.5,<5", "magika>=0.6.2,<1.1.0", "mineru-vl-utils>=0.1.19.1,<1", - "qwen-vl-utils>=0.0.14,<1", ] [project.optional-dependencies] @@ -61,6 +60,7 @@ vllm = [ ] lmdeploy = [ "lmdeploy>=0.10.2,<0.12", + "qwen-vl-utils>=0.0.14,<1", ] mlx = [ "mlx-vlm>=0.3.3,<0.4", @@ -94,10 +94,10 @@ core = [ "mineru[pipeline]", "mineru[api]", "mineru[gradio]", - "mineru[mlx] ; sys_platform == 'darwin'", ] all = [ "mineru[core]", + "mineru[mlx] ; sys_platform == 'darwin'", "mineru[vllm] ; sys_platform == 'linux'", "mineru[lmdeploy] ; sys_platform == 'windows'", ] From 815280dd2357157539d9bd0b70f071304e761d52 Mon Sep 17 00:00:00 2001 From: myhloli Date: Tue, 6 Jan 2026 14:42:48 +0800 Subject: [PATCH 2/3] fix: update pdfminer.six dependency to resolve CVE-2025-64512 and improve EXIF handling --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 816e19b5..00070043 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ - Updated pdfminer.six dependency version to resolve [CVE-2025-64512](https://github.com/advisories/GHSA-wf5f-4jwr-ppcp) - Support automatic correction of input image exif orientation to improve OCR recognition accuracy #4283 - - 2025/12/30 2.7.0 Release - Simplified installation process. No need to separately install `vlm` acceleration engine dependencies. Using `uv pip install mineru[all]` during installation will install all optional backend dependencies. - Added new `hybrid` backend, which combines the advantages of `pipeline` and `vlm` backends. Built on vlm, it integrates some capabilities of pipeline, adding extra extensibility on top of high accuracy: From 8d8daf68519c2057bbd26439238bcdfe782c15e2 Mon Sep 17 00:00:00 2001 From: myhloli Date: Tue, 6 Jan 2026 14:44:53 +0800 Subject: [PATCH 3/3] fix: add qwen-vl-utils dependency to pyproject.toml --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 154b9efa..405f512b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -40,6 +40,7 @@ dependencies = [ "beautifulsoup4>=4.13.5,<5", "magika>=0.6.2,<1.1.0", "mineru-vl-utils>=0.1.19.1,<1", + "qwen-vl-utils>=0.0.14,<1", ] [project.optional-dependencies] @@ -60,7 +61,6 @@ vllm = [ ] lmdeploy = [ "lmdeploy>=0.10.2,<0.12", - "qwen-vl-utils>=0.0.14,<1", ] mlx = [ "mlx-vlm>=0.3.3,<0.4",