CVE-2022-2309: A Bug in libxml2 2.9.1[0-4] could let namespace declarations
from a failed parser run leak into later parser runs. This bug was worked around
in lxml and resolved in libxml2 2.10.0.
https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
Other changes
LP#1981760: Element.attrib now registers as collections.abc.MutableMapping.
lxml now has a static build setup for macOS on ARM64 machines (not used for building wheels).
Patch by Quentin Leffray.
Commits
c17c1ca Use same naming for Python version matrix variable in wheel workflow as in CI...
fc2f7ea Use windows-2016 image instead of windows-2019 to fix the Py2.7 build.
98224b3 Install more recent library versions for the wheel build.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps lxml from 4.9.1 to 4.9.2.
Changelog
Sourced from lxml's changelog.
Commits
c17c1caUse same naming for Python version matrix variable in wheel workflow as in CI...fc2f7eaUse windows-2016 image instead of windows-2019 to fix the Py2.7 build.98224b3Install more recent library versions for the wheel build.ce4e5bcFix release date.cece238Add PyPy-3.8 CI target.2c2308eTry to add a Windows CI build for Py2.7.0b0b2b9Exclude missing Python versions from CI jobs.b848b82Try to fix CI "setup.py install" in Py3.11.487a194CI: exclude non-static Windows jobs.fc53d6fShow executed commands in CI runs.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)