lxml/lxml (lxml)
### [`v4.9.1`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#491-2022-07-01)
[Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.9.0...lxml-4.9.1)
\==================
## Bugs fixed
- A crash was resolved when using `iterwalk()` (or `canonicalize()`)
after parsing certain incorrect input. Note that `iterwalk()` can crash
on *valid* input parsed with the same parser *after* failing to parse the
incorrect input.
### [`v4.9.0`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#490-2022-06-01)
[Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.8.0...lxml-4.9.0)
\==================
## Bugs fixed
- [GH#341](https://togithub.com/GH/lxml/issues/341): The mixin inheritance order in `lxml.html` was corrected.
Patch by xmo-odoo.
## Other changes
- Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.
- Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35
(libxml2 2.9.12+ and libxslt 1.1.34 on Windows).
- [GH#343](https://togithub.com/GH/lxml/issues/343): Windows-AArch64 build support in Visual Studio.
Patch by Steve Dower.
### [`v4.8.0`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#480-2022-02-17)
[Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.7.1...lxml-4.8.0)
\==================
## Features added
- [GH#337](https://togithub.com/GH/lxml/issues/337): Path-like objects are now supported throughout the API instead of just strings.
Patch by Henning Janssen.
- The `ElementMaker` now supports `QName` values as tags, which always override
the default namespace of the factory.
## Bugs fixed
- [GH#338](https://togithub.com/GH/lxml/issues/338): In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in
lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.
Patch by Tobias Deiminger.
## Other changes
- Built with Cython 0.29.28.
### [`v4.7.1`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#471-2021-12-13)
[Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.7.0...lxml-4.7.1)
\==================
## Features added
- Chunked Unicode string parsing via `parser.feed()` now encodes the input data
to the native UTF-8 encoding directly, instead of going through `Py_UNICODE` /
`wchar_t` encoding first, which previously required duplicate recoding in most cases.
## Bugs fixed
- The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3.
See https://mail.python.org/archives/list/lxml@python.org/thread/6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/
- `lxml.objectify` previously accepted non-XML numbers with underscores (like "1\_000")
as integers or float values in Python 3.6 and later. It now adheres to the number
format of the XML spec again.
- [LP#1939031](https://togithub.com/LP/lxml/issues/1939031): Static wheels of lxml now contain the header files of zlib and libiconv
(in addition to the already provided headers of libxml2/libxslt/libexslt).
## Other changes
- Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
### [`v4.7.0`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#470-2021-12-13)
[Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.6.5...lxml-4.7.0)
\==================
- Release retracted due to missing files in lxml/includes/.
### [`v4.6.5`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#465-2021-12-12)
[Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.6.4...lxml-4.6.5)
\==================
## Bugs fixed
- A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
content through SVG images (CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
content through CSS imports and other crafted constructs (CVE-2021-43818).
### [`v4.6.4`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#464-2021-11-01)
[Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.6.3...lxml-4.6.4)
\==================
## Features added
- [GH#317](https://togithub.com/GH/lxml/issues/317): A new property `system_url` was added to DTD entities.
Patch by Thirdegree.
- [GH#314](https://togithub.com/GH/lxml/issues/314): The `STATIC_*` variables in `setup.py` can now be passed via env vars.
Patch by Isaac Jurado.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==4.6.3
->==4.9.1
By merging this PR, the issue #3 will be automatically resolved and closed:
Release Notes
lxml/lxml (lxml)
### [`v4.9.1`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#491-2022-07-01) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.9.0...lxml-4.9.1) \================== ## Bugs fixed - A crash was resolved when using `iterwalk()` (or `canonicalize()`) after parsing certain incorrect input. Note that `iterwalk()` can crash on *valid* input parsed with the same parser *after* failing to parse the incorrect input. ### [`v4.9.0`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#490-2022-06-01) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.8.0...lxml-4.9.0) \================== ## Bugs fixed - [GH#341](https://togithub.com/GH/lxml/issues/341): The mixin inheritance order in `lxml.html` was corrected. Patch by xmo-odoo. ## Other changes - Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12. - Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows). - [GH#343](https://togithub.com/GH/lxml/issues/343): Windows-AArch64 build support in Visual Studio. Patch by Steve Dower. ### [`v4.8.0`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#480-2022-02-17) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.7.1...lxml-4.8.0) \================== ## Features added - [GH#337](https://togithub.com/GH/lxml/issues/337): Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen. - The `ElementMaker` now supports `QName` values as tags, which always override the default namespace of the factory. ## Bugs fixed - [GH#338](https://togithub.com/GH/lxml/issues/338): In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively. Patch by Tobias Deiminger. ## Other changes - Built with Cython 0.29.28. ### [`v4.7.1`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#471-2021-12-13) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.7.0...lxml-4.7.1) \================== ## Features added - Chunked Unicode string parsing via `parser.feed()` now encodes the input data to the native UTF-8 encoding directly, instead of going through `Py_UNICODE` / `wchar_t` encoding first, which previously required duplicate recoding in most cases. ## Bugs fixed - The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3. See https://mail.python.org/archives/list/lxml@python.org/thread/6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/ - `lxml.objectify` previously accepted non-XML numbers with underscores (like "1\_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again. - [LP#1939031](https://togithub.com/LP/lxml/issues/1939031): Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt). ## Other changes - Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows). ### [`v4.7.0`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#470-2021-12-13) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.6.5...lxml-4.7.0) \================== - Release retracted due to missing files in lxml/includes/. ### [`v4.6.5`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#465-2021-12-12) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.6.4...lxml-4.6.5) \================== ## Bugs fixed - A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818). - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818). ### [`v4.6.4`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#464-2021-11-01) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.6.3...lxml-4.6.4) \================== ## Features added - [GH#317](https://togithub.com/GH/lxml/issues/317): A new property `system_url` was added to DTD entities. Patch by Thirdegree. - [GH#314](https://togithub.com/GH/lxml/issues/314): The `STATIC_*` variables in `setup.py` can now be passed via env vars. Patch by Isaac Jurado.