documentation icon indicating copy to clipboard operation
documentation copied to clipboard
verified publisher icon raspberrypi

Bump lxml from 4.9.3 to 5.1.0

Open dependabot[bot] opened this issue 2 years ago • 1 comments

Bumps lxml from 4.9.3 to 5.1.0.

Changelog

Sourced from lxml's changelog.

5.1.0 (2024-01-05)

Features added

  • Parsing ASCII strings is slightly faster.

Bugs fixed

  • GH#349: The HTML Cleaner() interpreted an accidentally provided string parameter for the host_whitelist as list of characters and silently failed to reject any hosts. Passing a non-collection is now rejected.

Other changes

  • Support for Python 2.7 and Python versions < 3.6 was removed.

  • The wheel build was migrated to use cibuildwheel. Patch by Primož Godec.

5.0.1 (2024-01-05)

Bugs fixed

  • LP#2046208: Parsing non-BMP Python Unicode strings could fail on macOS.

  • LP#2044225: When incrementally parsing broken HTML, reporting start events on missing structural tags failed and could lead to subsequent exceptions.

  • LP#2045435: Some (not all) issues with stricter C compilers were resolved.

  • The binary wheels in the 5.0.0 release did not validate cleanly (but installed ok).

.. _latest_release:

5.0.0 (2023-12-29)

Features added

  • Character escaping in C14N2 serialisation now uses a single pass over the text instead of searching for each unescaped character separately.

... (truncated)

Commits
  • 82a4260 Prepare release of 5.1.0.
  • 3eafa61 Merge branch 'lxml-5.0'
  • eb5cd98 Prepare release of 5.0.1.
  • f4b8be5 docs: Shorten the list of old versions on the main website.
  • 9496a79 Update changelog.
  • c13c5af Remove some dead Py2 code.
  • 5bba8c4 Remove some dead Py2 code.
  • 5fa0cd5 Cleaner: Validate that host_whitelist is not a string (GH-349)
  • ff88377 Remove accidentally duplicated code.
  • 7244b43 Merge branch 'lxml-5.0'
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jan 08 '24 23:01 dependabot[bot]

@aallan No! lxml version 5 introduced a big breaking change and I need to change some code functionality before we can upgrade.

nelliemckesson avatar Jan 09 '24 05:01 nelliemckesson

Moved to draft so I don't accidentally merge this!

aallan avatar Mar 01 '24 15:03 aallan

Superseded by #3574.

dependabot[bot] avatar Apr 01 '24 23:04 dependabot[bot]