Bump lxml from 4.3.0 to 4.3.1

[dependabot-preview[bot]]

Bumps lxml from 4.3.0 to 4.3.1.

Changelog

*Sourced from [lxml's changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt).* > 4.3.1 (2019-02-08) > ================== > > Bugs fixed > ---------- > > * LP#1814522: Crash when appending a child subtree that contains unsubstituted > entity references. > > Other changes > ------------- > > * Built with Cython 0.29.5.

Commits

- [`642a41b`](https://github.com/lxml/lxml/commit/642a41bdc3aae05f52ccf32981c429c7d3789f63) Prepare release of 4.3.1. - [`866e515`](https://github.com/lxml/lxml/commit/866e515a0e877be9c6a839f240cd3974de29bac6) Remove Py3.7 from allowed build failures in travis. - [`ee9dc10`](https://github.com/lxml/lxml/commit/ee9dc101d7190c24d5b72ba208412c82e5c7484b) Also set .doc field of attribute children (if any) during subtree migration. - [`3a8123d`](https://github.com/lxml/lxml/commit/3a8123d0115e8ed555dc1d699aab05ec67be61ed) Replace obfuscated loop with a helper function that is called twice for two d... - [`3806d61`](https://github.com/lxml/lxml/commit/3806d612b8d3c8a6ce894ba3aaef213cc65d1558) Disable a test under Windows that depends on library linking. - [`9a6db11`](https://github.com/lxml/lxml/commit/9a6db11a42f3239f3f2c1c4386f3fbe7eb924d9d) Rename appveyor script to more common name without leading dot. - [`10ee383`](https://github.com/lxml/lxml/commit/10ee3839744ff41eca4737ee1fc44db4fc8470e9) First build, *then* run the tests in appveyor. - [`fc0a4d3`](https://github.com/lxml/lxml/commit/fc0a4d3cfe410dc3483ada551781203a95167964) Run tests in appveyor. - [`201b712`](https://github.com/lxml/lxml/commit/201b712edf0478e6a94ace984c1e8435bf3bc3c3) LP#1814522: Fix a crash when appending a child subtree that contains unsubsti... - See full diff in [compare view](https://github.com/lxml/lxml/compare/lxml-4.3.0...lxml-4.3.1)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.