Changelog
*Sourced from [lxml's changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt).*
> 4.4.0 (2019-07-27)
> ==================
>
> Features added
> --------------
>
> * ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to
> clear everything but the tail text. This is helpful in some document-style
> use cases.
>
> * When creating attributes or namespaces from a dict in Python 3.6+, lxml now
> preserves the original insertion order of that dict, instead of always sorting
> the items by name. A similar change was made for ElementTree in CPython 3.8.
> See https://bugs.python.org/issue34160
>
> * Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method.
>
> * GH#269: Read-only elements in XSLT were missing the ``nsmap`` property.
> Original patch by Jan Pazdziora.
>
> * ElementInclude can now restrict the maximum inclusion depth via a ``max_depth``
> argument to prevent content explosion. It is limited to 6 by default.
>
> * The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()``
> callback methods to listen to namespace declarations.
>
> * The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to
> pass factories for creating comments and processing instructions, as well as
> flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the
> tree when set to false.
>
> * A `C14N 2.0 `_ implementation was added as
> ``etree.canonicalize()``, a corresponding ``C14NWriterTarget`` class, and
> a ``c14n2`` serialisation method.
>
> Bugs fixed
> ----------
>
> * When writing to file paths that contain the URL escape character '%', the file
> path could wrongly be mangled by URL unescaping and thus write to a different
> file or directory. Code that writes to file paths that are provided by untrusted
> sources, but that must work with previous versions of lxml, should best either
> reject paths that contain '%' characters, or otherwise make sure that the path
> does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.
>
> * Assigning to Element child slices with negative step could insert the slice at
> the wrong position, starting too far on the left.
>
> * Assigning to Element child slices with overly large step size could take very
> long, regardless of the length of the actual slice.
> ... (truncated)
Commits
- [`ca90c24`](https://github.com/lxml/lxml/commit/ca90c24282fd0aadeda15fd853468229b46c1b9e) Prepare release of lxml 4.4.0.
- [`2287911`](https://github.com/lxml/lxml/commit/2287911a38f5074b764746ea61e60b64150dfc48) Update TreeBuilder tests from CPython's test suite.
- [`5666bda`](https://github.com/lxml/lxml/commit/5666bdaf6a0bade43f06b47f451e788a8d34e925) Make 'data' argument optional for TreeBuilder.pi(), as in ElementTree.
- [`0f41502`](https://github.com/lxml/lxml/commit/0f41502ca1ade33885ea90f817521f6ae4ba6160) Merge branch lxml-4.3 into master.
- [`1848047`](https://github.com/lxml/lxml/commit/1848047e2724a01a16d54029e013316617285491) Prepare release of lxml 4.3.5.
- [`15c52ac`](https://github.com/lxml/lxml/commit/15c52acbbce776d8f7191bd1de1570b0cb7883d6) Remove "sudo" tag from travis config ([GH-281](https://github-redirect.dependabot.com/lxml/lxml/issues/281))
- [`6beef45`](https://github.com/lxml/lxml/commit/6beef451a6690796d13fc3d2a19321434b880d16) Fix typos ([GH-282](https://github-redirect.dependabot.com/lxml/lxml/issues/282))
- [`886b76b`](https://github.com/lxml/lxml/commit/886b76b9139cee128e78ea2e5add5b76a9da2a23) Merge branch lxml-4.3.
- [`c0df0bc`](https://github.com/lxml/lxml/commit/c0df0bc7803814c39c0ea156713e1a57e07ffa25) Prevent the default namespace from being picked up when searching for unprefi...
- [`bb2a4fd`](https://github.com/lxml/lxml/commit/bb2a4fd588d1cdf5ecd9badd618505d578ea2942) LP#1827833: Fix .rnc parsing support with recent versions of rnc2rng.
- Additional commits viewable in [compare view](https://github.com/lxml/lxml/compare/lxml-4.3.4...lxml-4.4.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps lxml from 4.3.4 to 4.4.0.
Changelog
*Sourced from [lxml's changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt).* > 4.4.0 (2019-07-27) > ================== > > Features added > -------------- > > * ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to > clear everything but the tail text. This is helpful in some document-style > use cases. > > * When creating attributes or namespaces from a dict in Python 3.6+, lxml now > preserves the original insertion order of that dict, instead of always sorting > the items by name. A similar change was made for ElementTree in CPython 3.8. > See https://bugs.python.org/issue34160 > > * Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method. > > * GH#269: Read-only elements in XSLT were missing the ``nsmap`` property. > Original patch by Jan Pazdziora. > > * ElementInclude can now restrict the maximum inclusion depth via a ``max_depth`` > argument to prevent content explosion. It is limited to 6 by default. > > * The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()`` > callback methods to listen to namespace declarations. > > * The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to > pass factories for creating comments and processing instructions, as well as > flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the > tree when set to false. > > * A `C14N 2.0Commits
- [`ca90c24`](https://github.com/lxml/lxml/commit/ca90c24282fd0aadeda15fd853468229b46c1b9e) Prepare release of lxml 4.4.0. - [`2287911`](https://github.com/lxml/lxml/commit/2287911a38f5074b764746ea61e60b64150dfc48) Update TreeBuilder tests from CPython's test suite. - [`5666bda`](https://github.com/lxml/lxml/commit/5666bdaf6a0bade43f06b47f451e788a8d34e925) Make 'data' argument optional for TreeBuilder.pi(), as in ElementTree. - [`0f41502`](https://github.com/lxml/lxml/commit/0f41502ca1ade33885ea90f817521f6ae4ba6160) Merge branch lxml-4.3 into master. - [`1848047`](https://github.com/lxml/lxml/commit/1848047e2724a01a16d54029e013316617285491) Prepare release of lxml 4.3.5. - [`15c52ac`](https://github.com/lxml/lxml/commit/15c52acbbce776d8f7191bd1de1570b0cb7883d6) Remove "sudo" tag from travis config ([GH-281](https://github-redirect.dependabot.com/lxml/lxml/issues/281)) - [`6beef45`](https://github.com/lxml/lxml/commit/6beef451a6690796d13fc3d2a19321434b880d16) Fix typos ([GH-282](https://github-redirect.dependabot.com/lxml/lxml/issues/282)) - [`886b76b`](https://github.com/lxml/lxml/commit/886b76b9139cee128e78ea2e5add5b76a9da2a23) Merge branch lxml-4.3. - [`c0df0bc`](https://github.com/lxml/lxml/commit/c0df0bc7803814c39c0ea156713e1a57e07ffa25) Prevent the default namespace from being picked up when searching for unprefi... - [`bb2a4fd`](https://github.com/lxml/lxml/commit/bb2a4fd588d1cdf5ecd9badd618505d578ea2942) LP#1827833: Fix .rnc parsing support with recent versions of rnc2rng. - Additional commits viewable in [compare view](https://github.com/lxml/lxml/compare/lxml-4.3.4...lxml-4.4.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.