pastebin-scraper icon indicating copy to clipboard operation
pastebin-scraper copied to clipboard

Published 20 hours ago verified publisher icon dmuhs

Update dependency lxml to v4.9.0

Open renovate[bot] opened this issue 3 years ago • 0 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
lxml (source, changelog) ==4.6.2 -> ==4.9.0 age adoption passing confidence

Release Notes

lxml/lxml

v4.9.0

Compare Source

==================

Bugs fixed

  • GH#​341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

  • Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

  • Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

  • GH#​343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

v4.8.0

Compare Source

==================

Features added

  • GH#​337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen.

  • The ElementMaker now supports QName values as tags, which always override the default namespace of the factory.

Bugs fixed

  • GH#​338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively. Patch by Tobias Deiminger.

Other changes

  • Built with Cython 0.29.28.

v4.7.1

Compare Source

==================

Features added

  • Chunked Unicode string parsing via parser.feed() now encodes the input data to the native UTF-8 encoding directly, instead of going through Py_UNICODE / wchar_t encoding first, which previously required duplicate recoding in most cases.

Bugs fixed

  • The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3. See https://mail.python.org/archives/list/[email protected]/thread/6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/

  • lxml.objectify previously accepted non-XML numbers with underscores (like "1_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again.

  • LP#​1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt).

Other changes

  • Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).

v4.7.0

Compare Source

==================

  • Release retracted due to missing files in lxml/includes/.

v4.6.5

Compare Source

==================

Bugs fixed

  • A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818).

  • A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818).

v4.6.4

Compare Source

==================

Features added

  • GH#​317: A new property system_url was added to DTD entities. Patch by Thirdegree.

  • GH#​314: The STATIC_* variables in setup.py can now be passed via env vars. Patch by Isaac Jurado.

v4.6.3

Compare Source

==================

Bugs fixed

  • A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 formaction attribute.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Mar 21 '21 19:03 renovate[bot]