python-docs-samples
python-docs-samples copied to clipboard
GoogleCloudPlatform
chore(deps): update dependency xmltodict to v1
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| xmltodict | ==0.13.0 -> ==1.0.0 |
Release Notes
martinblech/xmltodict (xmltodict)
v1.0.0
⚠ BREAKING CHANGES
- modernize for Python 3.9+; drop legacy compat paths
Features
-
unparse: add limited XML comment round-trip; unify
_emitbehavior (e43537e) -
unparse: add selective
force_cdatasupport (bool/tuple/callable) (a497fed), closes #375
Bug Fixes
-
namespaces: attach
[@xmlns](https://redirect.github.com/xmlns)to declaring element when process_namespaces=True (f0322e5), closes #163 - streaming: avoid parent accumulation at item_depth; add regression tests (220240c)
-
unparse: handle non-string
#textwith attributes; unify value conversion (927a025), closes #366 - unparse: skip empty lists to keep pretty/compact outputs consistent (ab4c86f)
Reverts
- remove initial Release Drafter config (c0b74ed)
Documentation
- readme: add API reference for parse()/unparse() kwargs (e5039ad)
- readme: mention types-xmltodict stub package (58ec03e)
Code Refactoring
- modernize for Python 3.9+; drop legacy compat paths (7364427)
v0.15.1
- Security: Further harden XML injection prevention during unparse (follow-up to
v0.15.0). In addition to '<'/'>' rejection, now also reject element and
attribute names (including
@xmlnsprefixes) that:- start with '?' or '!'
- contain '/' or any whitespace
- contain quotes (' or ") or '='
- are non-strings (names must be
str; no coercion)
v0.15.0
- Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
element and attribute names (including
@xmlnsprefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAXXMLGenerator. Advisory: https://fluidattacks.com/advisories/mono
v0.14.2
- Revert "Ensure significant whitespace is not trimmed"
- This changed was backwards incompatible and caused downstream issues.
v0.14.1
- Drop support for Python older than 3.6
- Additional ruff/Pyflakes/codespell fixes.
- Thanks @DimitriPapadopoulos!
v0.14.0
- Drop old Python 2 support leftover code and apply several RUFF code health fixes.
- Thanks, @DimitriPapadopoulos!
- Add Python 3.11, 3.12 and 3.13 support and tests.
- Thanks, @angvp!
- Tests in gh-action.
- Thanks, @almaz.kun!
- Remove defusedexpat import.
- Thanks, @hanno!
- Replace deprecated BadZipfile with BadZipFile.
- Thanks, @hugovk!
- Support indent using integer format, enable
python -m unittest tests/*.py.- Thanks, @hiiwave!
- Ensure significant whitespace is not trimmed
- Thanks, @trey.franklin!
- added conda installation command
- Thanks, @sugatoray!
- fix attributes not appearing in streaming mode
- Thanks, @timnguyen001!
- Fix Travis CI status badge URL
- Update push_release.sh to use twine.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
