LP#1958539: The lxml.html.clean implementation suffered from several (only if used)
security issues in the past and was now extracted into a separate library:
Projects that use lxml without "lxml.html.clean" will not notice any difference,
except that they won't have potentially vulnerable code installed.
The module is available as an "extra" setuptools dependency "lxml[html_clean]",
so that Projects that need "lxml.html.clean" will need to switch their requirements
from "lxml" to "lxml[html_clean]", or install the new library themselves.
The minimum CPU architecture for the Linux x86 binary wheels was upgraded to
"sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.
Built with Cython 3.0.10.
5.1.1 (2024-03-28)
Bugs fixed
LP#2048920: iterlinks() in lxml.html rejected bytes input in 5.1.0.
High source line numbers from the parser are no longer truncated
(up to a C long) when using libxml2 2.11 or later.
Other changes
GH#407: A compatibility test was adapted to recent expat versions.
Patch by Miro Hrončok.
Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39.
Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the python-packages group with 3 updates: httpcore, lxml and pycparser.
Updates
httpcore
from 1.0.4 to 1.0.5Release notes
Sourced from httpcore's releases.
Changelog
Sourced from httpcore's changelog.
Commits
1851ac3
Version 1.0.5 (#904)4565838
Update trio dependency... (#903)fbbd909
HandleEndOfStream
for anyio backend (#899)10481ce
Fixed typo inRequest
class docstring. (#898)7b39e6a
Bump the python-packages group with 6 updates (#896)5c9be94
bump to v0.3.0 && format (#895)5518172
Moveunasync.py
toscripts
(#891)Updates
lxml
from 5.1.0 to 5.2.0Changelog
Sourced from lxml's changelog.
Commits
a8ab41d
docs: Minor cleanup.ce2828e
Prepare release of lxml 5.2.0.187f8fd
Build: Use Cython 3.0.10.3f11678
Revert "Build: Make sure we have "-fPIC" in LDFLAGS."11be8e8
CI: Allow Py3.13 to fail for now.3f71c11
Build: Make sure we have "-fPIC" in LDFLAGS.f3eefca
Update changelog.a970538
Remove Cleaner related documentation after removing the code.7377868
Use html.clean from external project and provide "html_clean" extra dependenc...06b70c3
Set master version to 5.2.0a0.Updates
pycparser
from 2.21 to 2.22Release notes
Sourced from pycparser's releases.
Changelog
Sourced from pycparser's changelog.
Commits
129d32e
Prepare for release 2.22c3e2644
update CHANGES file for future changesc500fb6
ply: Make generated lextab.py deterministic (#531)f740995
Add support for Python 3.12 (#515)6cf69df
New example to generate AST from scratch (#507)50a26ac
Remove unneeded import in an exampled86a9e5
Remove from future imports from all files in this repoa9f073e
Remove from future imports in examples670979b
Update SECURITY.md9e8cd29
Create a Security Policy (#499)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show