chore(deps): update dependency lxml to v4.7.1 #3

Merged
Xefir merged 1 commits from renovate/lxml-4.x into fix/py3 4 months ago
Xefir commented 4 months ago
Owner

This PR contains the following updates:

Package Update Change
lxml (source, changelog) minor ==4.5.1 -> ==4.7.1

Release Notes

lxml/lxml

v4.7.1

Compare Source

==================

Features added

  • Chunked Unicode string parsing via parser.feed() now encodes the input data
    to the native UTF-8 encoding directly, instead of going through Py_UNICODE /
    wchar_t encoding first, which previously required duplicate recoding in most cases.

Bugs fixed

  • The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3.
    See https://mail.python.org/archives/list/[email protected]/thread/6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/

  • lxml.objectify previously accepted non-XML numbers with underscores (like "1_000")
    as integers or float values in Python 3.6 and later. It now adheres to the number
    format of the XML spec again.

  • LP#​1939031: Static wheels of lxml now contain the header files of zlib and libiconv
    (in addition to the already provided headers of libxml2/libxslt/libexslt).

Other changes

  • Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).

v4.7.0

Compare Source

==================

  • Release retracted due to missing files in lxml/includes/.

v4.6.5

Compare Source

==================

Bugs fixed

  • A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
    content through SVG images (CVE-2021-43818).

  • A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
    content through CSS imports and other crafted constructs (CVE-2021-43818).

v4.6.4

Compare Source

==================

Features added

  • GH#​317: A new property system_url was added to DTD entities.
    Patch by Thirdegree.

  • GH#​314: The STATIC_* variables in setup.py can now be passed via env vars.
    Patch by Isaac Jurado.

v4.6.3

Compare Source

==================

Bugs fixed

  • A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung,
    which allowed JavaScript to pass through. The cleaner now removes the HTML5
    formaction attribute.

v4.6.2

Compare Source

==================

Bugs fixed

  • A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry,
    which allowed JavaScript to pass through. The cleaner now removes more sneaky
    "style" content.

v4.6.1

Compare Source

==================

Bugs fixed

  • A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed
    JavaScript to pass through. The cleaner now removes more sneaky "style" content.

v4.6.0

Compare Source

==================

Features added

  • GH#​310: lxml.html.InputGetter supports __len__() to count the number of input fields.
    Patch by Aidan Woolley.

  • lxml.html.InputGetter has a new .items() method to ease processing all input fields.

  • lxml.html.InputGetter.keys() now returns the field names in document order.

  • GH-309: The API documentation is now generated using sphinx-apidoc.
    Patch by Chris Mayo.

Bugs fixed

  • LP#​1869455: C14N 2.0 serialisation failed for unprefixed attributes
    when a default namespace was defined.

  • TreeBuilder.close() raised AssertionError in some error cases where it
    should have raised XMLSyntaxError. It now raises a combined exception to
    keep up backwards compatibility, while switching to XMLSyntaxError as an
    interface.

v4.5.2

Compare Source

==================

Bugs fixed

  • Cleaner() now validates that only known configuration options can be set.

  • LP#​1882606: Cleaner.clean_html() discarded comments and PIs regardless of the
    corresponding configuration option, if remove_unknown_tags was set.

  • LP#​1880251: Instead of globally overwriting the document loader in libxml2, lxml now
    sets it per parser run, which improves the interoperability with other users of libxml2
    such as libxmlsec.

  • LP#​1881960: Fix build in CPython 3.10 by using Cython 0.29.21.

  • The setup options "--with-xml2-config" and "--with-xslt-config" were accidentally renamed
    to "--xml2-config" and "--xslt-config" in 4.5.1 and are now available again.


Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [lxml](https://lxml.de/) ([source](https://github.com/lxml/lxml), [changelog](https://git.launchpad.net/lxml/plain/CHANGES.txt)) | minor | `==4.5.1` -> `==4.7.1` | --- ### Release Notes <details> <summary>lxml/lxml</summary> ### [`v4.7.1`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;471-2021-12-13) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.7.0...lxml-4.7.1) \================== ## Features added - Chunked Unicode string parsing via `parser.feed()` now encodes the input data to the native UTF-8 encoding directly, instead of going through `Py_UNICODE` / `wchar_t` encoding first, which previously required duplicate recoding in most cases. ## Bugs fixed - The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3. See https://mail.python.org/archives/list/[email protected]/thread/6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/ - `lxml.objectify` previously accepted non-XML numbers with underscores (like "1\_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again. - [LP#&#8203;1939031](https://github.com/LP/lxml/issues/1939031): Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt). ## Other changes - Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows). ### [`v4.7.0`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;470-2021-12-13) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.6.5...lxml-4.7.0) \================== - Release retracted due to missing files in lxml/includes/. ### [`v4.6.5`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;465-2021-12-12) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.6.4...lxml-4.6.5) \================== ## Bugs fixed - A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818). - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818). ### [`v4.6.4`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;464-2021-11-01) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.6.3...lxml-4.6.4) \================== ## Features added - [GH#&#8203;317](https://github.com/GH/lxml/issues/317): A new property `system_url` was added to DTD entities. Patch by Thirdegree. - [GH#&#8203;314](https://github.com/GH/lxml/issues/314): The `STATIC_*` variables in `setup.py` can now be passed via env vars. Patch by Isaac Jurado. ### [`v4.6.3`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;463-2021-03-21) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.6.2...lxml-4.6.3) \================== ## Bugs fixed - A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 `formaction` attribute. ### [`v4.6.2`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;462-2020-11-26) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.6.1...lxml-4.6.2) \================== ## Bugs fixed - A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. ### [`v4.6.1`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;461-2020-10-18) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.6.0...lxml-4.6.1) \================== ## Bugs fixed - A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. ### [`v4.6.0`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;460-2020-10-17) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.5.2...lxml-4.6.0) \================== ## Features added - [GH#&#8203;310](https://github.com/GH/lxml/issues/310): `lxml.html.InputGetter` supports `__len__()` to count the number of input fields. Patch by Aidan Woolley. - `lxml.html.InputGetter` has a new `.items()` method to ease processing all input fields. - `lxml.html.InputGetter.keys()` now returns the field names in document order. - [GH-309](https://github.com/lxml/lxml/issues/309): The API documentation is now generated using `sphinx-apidoc`. Patch by Chris Mayo. ## Bugs fixed - [LP#&#8203;1869455](https://github.com/LP/lxml/issues/1869455): C14N 2.0 serialisation failed for unprefixed attributes when a default namespace was defined. - `TreeBuilder.close()` raised `AssertionError` in some error cases where it should have raised `XMLSyntaxError`. It now raises a combined exception to keep up backwards compatibility, while switching to `XMLSyntaxError` as an interface. ### [`v4.5.2`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#&#8203;452-2020-07-09) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.5.1...lxml-4.5.2) \================== ## Bugs fixed - `Cleaner()` now validates that only known configuration options can be set. - [LP#&#8203;1882606](https://github.com/LP/lxml/issues/1882606): `Cleaner.clean_html()` discarded comments and PIs regardless of the corresponding configuration option, if `remove_unknown_tags` was set. - [LP#&#8203;1880251](https://github.com/LP/lxml/issues/1880251): Instead of globally overwriting the document loader in libxml2, lxml now sets it per parser run, which improves the interoperability with other users of libxml2 such as libxmlsec. - [LP#&#8203;1881960](https://github.com/LP/lxml/issues/1881960): Fix build in CPython 3.10 by using Cython 0.29.21. - The setup options "--with-xml2-config" and "--with-xslt-config" were accidentally renamed to "--xml2-config" and "--xslt-config" in 4.5.1 and are now available again. </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
Xefir force-pushed renovate/lxml-4.x from db776cc68f to 3234448a8a 4 months ago
Xefir force-pushed renovate/lxml-4.x from 3234448a8a to eeb57c5393 4 months ago
Xefir force-pushed renovate/lxml-4.x from eeb57c5393 to a5baebc82e 4 months ago
Xefir merged commit fafbe7913c into fix/py3 4 months ago
Xefir deleted branch renovate/lxml-4.x 4 months ago
The pull request has been merged as fafbe7913c.
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.