Changelog
### 4.4.0
```
==================
Features added
--------------
* ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to
clear everything but the tail text. This is helpful in some document-style
use cases.
* When creating attributes or namespaces from a dict in Python 3.6+, lxml now
preserves the original insertion order of that dict, instead of always sorting
the items by name. A similar change was made for ElementTree in CPython 3.8.
See https://bugs.python.org/issue34160
* Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method.
* GH269: Read-only elements in XSLT were missing the ``nsmap`` property.
Original patch by Jan Pazdziora.
* ElementInclude can now restrict the maximum inclusion depth via a ``max_depth``
argument to prevent content explosion. It is limited to 6 by default.
* The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()``
callback methods to listen to namespace declarations.
* The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to
pass factories for creating comments and processing instructions, as well as
flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the
tree when set to false.
* A `C14N 2.0 <https://www.w3.org/TR/xml-c14n2/>`_ implementation was added as
``etree.canonicalize()``, a corresponding ``C14NWriterTarget`` class, and
a ``c14n2`` serialisation method.
Bugs fixed
----------
* When writing to file paths that contain the URL escape character '%', the file
path could wrongly be mangled by URL unescaping and thus write to a different
file or directory. Code that writes to file paths that are provided by untrusted
sources, but that must work with previous versions of lxml, should best either
reject paths that contain '%' characters, or otherwise make sure that the path
does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.
* Assigning to Element child slices with negative step could insert the slice at
the wrong position, starting too far on the left.
* Assigning to Element child slices with overly large step size could take very
long, regardless of the length of the actual slice.
* Assigning to Element child slices of the wrong size could sometimes fail to
raise a ValueError (like a list assignment would) and instead assign outside
of the original slice bounds or leave parts of it unreplaced.
* The ``comment`` and ``pi`` events in ``iterwalk()`` were never triggered, and
instead, comments and processing instructions in the tree were reported as
``start`` elements. Also, when walking an ElementTree (as opposed to its root
element), comments and PIs outside of the root element are now reported.
* LP1827833: The RelaxNG compact syntax support was broken with recent versions
of ``rnc2rng``.
* LP1758553: The HTML elements ``source`` and ``track`` were added to the list
of empty tags in ``lxml.html.defs``.
* Registering a prefix other than "xml" for the XML namespace is now rejected.
* Failing to write XSLT output to a file could raise a misleading exception.
It now raises ``IOError``.
Other changes
-------------
* Support for Python 3.4 was removed.
* When using ``Element.find*()`` with prefix-namespace mappings, the empty string
is now accepted to define a default namespace, in addition to the previously
supported ``None`` prefix. Empty strings are more convenient since they keep
all prefix keys in a namespace dict strings, which simplifies sorting etc.
* The ``ElementTree.write_c14n()`` method has been deprecated in favour of the
long preferred ``ElementTree.write(f, method="c14n")``. It will be removed
in a future release.
```
Links
- PyPI: https://pypi.org/project/lxml
- Changelog: https://pyup.io/changelogs/lxml/
- Homepage: http://lxml.de/
This PR updates lxml from 4.3.5 to 4.4.0.
Changelog
### 4.4.0 ``` ================== Features added -------------- * ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to clear everything but the tail text. This is helpful in some document-style use cases. * When creating attributes or namespaces from a dict in Python 3.6+, lxml now preserves the original insertion order of that dict, instead of always sorting the items by name. A similar change was made for ElementTree in CPython 3.8. See https://bugs.python.org/issue34160 * Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method. * GH269: Read-only elements in XSLT were missing the ``nsmap`` property. Original patch by Jan Pazdziora. * ElementInclude can now restrict the maximum inclusion depth via a ``max_depth`` argument to prevent content explosion. It is limited to 6 by default. * The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()`` callback methods to listen to namespace declarations. * The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to pass factories for creating comments and processing instructions, as well as flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the tree when set to false. * A `C14N 2.0 <https://www.w3.org/TR/xml-c14n2/>`_ implementation was added as ``etree.canonicalize()``, a corresponding ``C14NWriterTarget`` class, and a ``c14n2`` serialisation method. Bugs fixed ---------- * When writing to file paths that contain the URL escape character '%', the file path could wrongly be mangled by URL unescaping and thus write to a different file or directory. Code that writes to file paths that are provided by untrusted sources, but that must work with previous versions of lxml, should best either reject paths that contain '%' characters, or otherwise make sure that the path does not contain maliciously injected '%XX' URL hex escapes for paths like '../'. * Assigning to Element child slices with negative step could insert the slice at the wrong position, starting too far on the left. * Assigning to Element child slices with overly large step size could take very long, regardless of the length of the actual slice. * Assigning to Element child slices of the wrong size could sometimes fail to raise a ValueError (like a list assignment would) and instead assign outside of the original slice bounds or leave parts of it unreplaced. * The ``comment`` and ``pi`` events in ``iterwalk()`` were never triggered, and instead, comments and processing instructions in the tree were reported as ``start`` elements. Also, when walking an ElementTree (as opposed to its root element), comments and PIs outside of the root element are now reported. * LP1827833: The RelaxNG compact syntax support was broken with recent versions of ``rnc2rng``. * LP1758553: The HTML elements ``source`` and ``track`` were added to the list of empty tags in ``lxml.html.defs``. * Registering a prefix other than "xml" for the XML namespace is now rejected. * Failing to write XSLT output to a file could raise a misleading exception. It now raises ``IOError``. Other changes ------------- * Support for Python 3.4 was removed. * When using ``Element.find*()`` with prefix-namespace mappings, the empty string is now accepted to define a default namespace, in addition to the previously supported ``None`` prefix. Empty strings are more convenient since they keep all prefix keys in a namespace dict strings, which simplifies sorting etc. * The ``ElementTree.write_c14n()`` method has been deprecated in favour of the long preferred ``ElementTree.write(f, method="c14n")``. It will be removed in a future release. ```Links
- PyPI: https://pypi.org/project/lxml - Changelog: https://pyup.io/changelogs/lxml/ - Homepage: http://lxml.de/