build: bringing lxml latest version.

SAML-Toolkits / python3-saml

MIT License

704 stars 309 forks source link

build: bringing lxml latest version. #309

Closed awais786 closed 1 year ago

awais786 commented 2 years ago

Latest version of python3-saml downgrading lxml version.

nijel commented 2 years ago

The restriction is there for a reason, see https://github.com/onelogin/python3-saml/issues/292

On the other side, rebuilding from source seems to fix lxml behavior, so it's questionable whether this should be addressed by the dependency restrictions.

Anyway, there is now lxml 4.9.1 with security fixes (see https://github.com/advisories/GHSA-wrxv-2j5q-m38w).

tahayk commented 2 years ago

any idea when this will be merged ? we need the lxml security fix. thanks.

nosnilmot commented 2 years ago

Alternative in #323 that attempts to address the original reason for pinning lxml version with an alternative workaround

pitbulk commented 1 year ago

Closing due https://github.com/SAML-Toolkits/python3-saml/pull/323