search

abkfenris / sugarloaf

Mapping the changes in Sugarloaf Snow through the season
http://sugarloaf.alexkerney.com
MIT License
0 stars 0 forks source link

Update lxml to 4.4.0 #282

Open pyup-bot opened 5 years ago

pyup-bot commented 5 years ago

This PR updates lxml from 3.7.2 to 4.4.0.

Changelog ### 4.4.0 ``` ================== Features added -------------- * ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to clear everything but the tail text. This is helpful in some document-style use cases. * When creating attributes or namespaces from a dict in Python 3.6+, lxml now preserves the original insertion order of that dict, instead of always sorting the items by name. A similar change was made for ElementTree in CPython 3.8. See https://bugs.python.org/issue34160 * Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method. * GH269: Read-only elements in XSLT were missing the ``nsmap`` property. Original patch by Jan Pazdziora. * ElementInclude can now restrict the maximum inclusion depth via a ``max_depth`` argument to prevent content explosion. It is limited to 6 by default. * The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()`` callback methods to listen to namespace declarations. * The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to pass factories for creating comments and processing instructions, as well as flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the tree when set to false. * A `C14N 2.0 <https://www.w3.org/TR/xml-c14n2/>`_ implementation was added as ``etree.canonicalize()``, a corresponding ``C14NWriterTarget`` class, and a ``c14n2`` serialisation method. Bugs fixed ---------- * When writing to file paths that contain the URL escape character '%', the file path could wrongly be mangled by URL unescaping and thus write to a different file or directory. Code that writes to file paths that are provided by untrusted sources, but that must work with previous versions of lxml, should best either reject paths that contain '%' characters, or otherwise make sure that the path does not contain maliciously injected '%XX' URL hex escapes for paths like '../'. * Assigning to Element child slices with negative step could insert the slice at the wrong position, starting too far on the left. * Assigning to Element child slices with overly large step size could take very long, regardless of the length of the actual slice. * Assigning to Element child slices of the wrong size could sometimes fail to raise a ValueError (like a list assignment would) and instead assign outside of the original slice bounds or leave parts of it unreplaced. * The ``comment`` and ``pi`` events in ``iterwalk()`` were never triggered, and instead, comments and processing instructions in the tree were reported as ``start`` elements. Also, when walking an ElementTree (as opposed to its root element), comments and PIs outside of the root element are now reported. * LP1827833: The RelaxNG compact syntax support was broken with recent versions of ``rnc2rng``. * LP1758553: The HTML elements ``source`` and ``track`` were added to the list of empty tags in ``lxml.html.defs``. * Registering a prefix other than "xml" for the XML namespace is now rejected. * Failing to write XSLT output to a file could raise a misleading exception. It now raises ``IOError``. Other changes ------------- * Support for Python 3.4 was removed. * When using ``Element.find*()`` with prefix-namespace mappings, the empty string is now accepted to define a default namespace, in addition to the previously supported ``None`` prefix. Empty strings are more convenient since they keep all prefix keys in a namespace dict strings, which simplifies sorting etc. * The ``ElementTree.write_c14n()`` method has been deprecated in favour of the long preferred ``ElementTree.write(f, method="c14n")``. It will be removed in a future release. ``` ### 4.3.5 ``` ================== * Rebuilt with Cython 0.29.13 to support Python 3.8. ``` ### 4.3.4 ``` ================== * Rebuilt with Cython 0.29.10 to support Python 3.8. ``` ### 4.3.3 ``` ================== Bugs fixed ---------- * Fix leak of output buffer and unclosed files in ``_XSLTResultTree.write_output()``. ``` ### 4.3.2 ``` ================== Bugs fixed ---------- * Crash in 4.3.1 when appending a child subtree with certain text nodes. Other changes ------------- * Built with Cython 0.29.6. ``` ### 4.3.1 ``` ================== Bugs fixed ---------- * LP1814522: Crash when appending a child subtree that contains unsubstituted entity references. Other changes ------------- * Built with Cython 0.29.5. ``` ### 4.3.0 ``` ================== Features added -------------- * The module ``lxml.sax`` is compiled using Cython in order to speed it up. * GH267: ``lxml.sax.ElementTreeProducer`` now preserves the namespace prefixes. If two prefixes point to the same URI, the first prefix in alphabetical order is used. Patch by Lennart Regebro. * Updated ISO-Schematron implementation to 2013 version (now MIT licensed) and the corresponding schema to the 2016 version (with optional "properties"). Other changes ------------- * GH270, GH271: Support for Python 2.6 and 3.3 was removed. Patch by hugovk. * The minimum dependency versions were raised to libxml2 2.9.2 and libxslt 1.1.27, which were released in 2014 and 2012 respectively. * Built with Cython 0.29.2. ``` ### 4.2.6 ``` ================== Bugs fixed ---------- * LP1799755: Fix a DeprecationWarning in Py3.7+. * Import warnings in Python 3.6+ were resolved. ``` ### 4.2.5 ``` ================== Bugs fixed ---------- * Javascript URLs that used URL escaping were not removed by the HTML cleaner. Security problem found by Omar Eissa. (CVE-2018-19787) ``` ### 4.2.4 ``` ================== Features added -------------- * GH259: Allow using ``pkg-config`` for build configuration. Patch by Patrick Griffis. Bugs fixed ---------- * LP1773749, GH268: Crash when moving an element to another document with ``Element.insert()``. Patch by Alexander Weggerle. ``` ### 4.2.3 ``` ================== Bugs fixed ---------- * Reverted GH265: lxml links against zlib as a shared library again. ``` ### 4.2.2 ``` ================== Bugs fixed ---------- * GH266: Fix sporadic crash during GC when parse-time schema validation is used and the parser participates in a reference cycle. Original patch by Julien Greard. * GH265: lxml no longer links against zlib as a shared library, only on static builds. Patch by Nehal J Wani. ``` ### 4.2.1 ``` ================== Bugs fixed ---------- * LP1755825: ``iterwalk()`` failed to return the 'start' event for the initial element if a tag selector is used. * LP1756314: Failure to import 4.2.0 into PyPy due to a missing library symbol. * LP1727864, GH258: Add "-isysroot" linker option on MacOS as needed by XCode 9. ``` ### 4.2.0 ``` ================== Features added -------------- * GH255: ``SelectElement.value`` returns more standard-compliant and browser-like defaults for non-multi-selects. If no option is selected, the value of the first option is returned (instead of None). If multiple options are selected, the value of the last one is returned (instead of that of the first one). If no options are present (not standard-compliant) ``SelectElement.value`` still returns ``None``. * GH261: The ``HTMLParser()`` now supports the ``huge_tree`` option. Patch by stranac. Bugs fixed ---------- * LP1551797: Some XSLT messages were not captured by the transform error log. * LP1737825: Crash at shutdown after an interrupted iterparse run with XMLSchema validation. Other changes ------------- ``` ### 4.1.1 ``` ================== * Rebuild with Cython 0.27.3 to improve support for Py3.7. ``` ### 4.1.0 ``` ================== Features added -------------- * ElementPath supports text predicates for current node, like "[.='text']". * ElementPath allows spaces in predicates. * Custom Element classes and XPath functions can now be registered with a decorator rather than explicit dict assignments. * Static Linux wheels are now built with link time optimisation (LTO) enabled. This should have a beneficial impact on the overall performance by providing a tighter compiler integration between lxml and libxml2/libxslt. Bugs fixed ---------- * LP1722776: Requesting non-Element objects like comments from a document with ``PythonElementClassLookup`` could fail with a TypeError. ``` ### 4.0.0 ``` ================== Features added -------------- * The ElementPath implementation is now compiled using Cython, which speeds up the ``.find*()`` methods quite significantly. * The modules ``lxml.builder``, ``lxml.html.diff`` and ``lxml.html.clean`` are also compiled using Cython in order to speed them up. * ``xmlfile()`` supports async coroutines using ``async with`` and ``await``. * ``iterwalk()`` has a new method ``skip_subtree()`` that prevents walking into the descendants of the current element. * ``RelaxNG.from_rnc_string()`` accepts a ``base_url`` argument to allow relative resource lookups. * The XSLT result object has a new method ``.write_output(file)`` that serialises output data into a file according to the ``<xsl:output>`` configuration. Bugs fixed ---------- * GH251: HTML comments were handled incorrectly by the soupparser. Patch by mozbugbox. * LP1654544: The html5parser no longer passes the ``useChardet`` option if the input is a Unicode string, unless explicitly requested. When parsing files, the default is to enable it when a URL or file path is passed (because the file is then opened in binary mode), and to disable it when reading from a file(-like) object. Note: This is a backwards incompatible change of the default configuration. If your code parses byte strings/streams and depends on character detection, please pass the option ``guess_charset=True`` explicitly, which already worked in older lxml versions. * LP1703810: ``etree.fromstring()`` failed to parse UTF-32 data with BOM. * LP1526522: Some RelaxNG errors were not reported in the error log. * LP1567526: Empty and plain text input raised a TypeError in soupparser. * LP1710429: Uninitialised variable usage in HTML diff. * LP1415643: The closing tags context manager in ``xmlfile()`` could continue to output end tags even after writing failed with an exception. * LP1465357: ``xmlfile.write()`` now accepts and ignores None as input argument. * Compilation under Py3.7-pre failed due to a modified function signature. Other changes ------------- * The main module source files were renamed from ``lxml.*.pyx`` to plain ``*.pyx`` (e.g. ``etree.pyx``) to simplify their handling in the build process. Care was taken to keep the old header files as fallbacks for code that compiles against the public C-API of lxml, but it might still be worth validating that third-party code does not notice this change. ``` ### 3.8.0 ``` ================== Features added -------------- * ``ElementTree.write()`` has a new option ``doctype`` that writes out a doctype string before the serialisation, in the same way as ``tostring()``. * GH220: ``xmlfile`` allows switching output methods at an element level. Patch by Burak Arslan. * LP1595781, GH240: added a PyCapsule Python API and C-level API for passing externally generated libxml2 documents into lxml. * GH244: error log entries have a new property ``path`` with an XPath expression (if known, None otherwise) that points to the tree element responsible for the error. Patch by Bob Kline. * The namespace prefix mapping that can be used in ElementPath now injects a default namespace when passing a None prefix. Bugs fixed ---------- * GH238: Character escapes were not hex-encoded in the ``xmlfile`` serialiser. Patch by matejcik. * GH229: fix for externally created XML documents. Patch by Theodore Dubois. * LP1665241, GH228: Form data handling in lxml.html no longer strips the option values specified in form attributes but only the text values. Patch by Ashish Kulkarni. * LP1551797: revert previous fix for XSLT error logging as it breaks multi-threaded XSLT processing. * LP1673355, GH233: ``fromstring()`` html5parser failed to parse byte strings. Other changes ------------- * The previously undocumented ``docstring`` option in ``ElementTree.write()`` produces a deprecation warning and will eventually be removed. ``` ### 3.7.4 ``` ================== Bugs fixed ---------- * LP1551797: revert previous fix for XSLT error logging as it breaks multi-threaded XSLT processing. * LP1673355, GH233: ``fromstring()`` html5parser failed to parse byte strings. ``` ### 3.7.3 ``` ================== Bugs fixed ---------- * GH218 was ineffective in Python 3. * GH222: ``lxml.html.submit_form()`` failed in Python 3. Patch by Jakub Wilk. ```
Links - PyPI: https://pypi.org/project/lxml - Changelog: https://pyup.io/changelogs/lxml/ - Homepage: http://lxml.de/
ghost commented 5 years ago

DeepCode Report (#140ddb)

DeepCode analyzed this pull request. There are no new issues.

scrutinizer-notifier commented 5 years ago

The inspection completed: ****