Skip to content

Bump lxml from 5.2.2 to 5.3.0#10742

Merged
mtesauro merged 1 commit intodevfrom
dependabot/pip/dev/lxml-5.3.0
Aug 12, 2024
Merged

Bump lxml from 5.2.2 to 5.3.0#10742
mtesauro merged 1 commit intodevfrom
dependabot/pip/dev/lxml-5.3.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Aug 12, 2024

Bumps lxml from 5.2.2 to 5.3.0.

Changelog

Sourced from lxml's changelog.

5.3.0 (2024-08-10)

Features added

  • GH#421: Nested CDATA sections are no longer rejected but split on output to represent ]]> correctly. Patch by Gertjan Klein.

Bugs fixed

  • LP#2060160: Attribute values serialised differently in xmlfile.element() and xmlfile.write().

  • LP#2058177: The ISO-Schematron implementation could fail on unknown prefixes. Patch by David Lakin.

Other changes

  • LP#2067707: The strip_cdata option in HTMLParser() turned out to be useless and is now deprecated.

  • Binary wheels use the library versions libxml2 2.12.9 and libxslt 1.1.42.

  • Windows binary wheels use the library versions libxml2 2.11.8 and libxslt 1.1.39.

  • Built with Cython 3.0.11.

Commits
  • 475f4ab Update release date.
  • e356a1e Build: Add some debug output.
  • 8345680 Build: Retry library downloads on failures.
  • 2fe6c90 CI: Test oldest officially supported library versions again (the slightly new...
  • 00335a1 Build: Improve download regexes.
  • f3da47d Prepare release of lxml 5.3.0.
  • 3119703 Add missing global name to "all" in lxml.etree.
  • 9de6180 Build: Upgrade cibuildwheel version also for the matrix setup.
  • 54e36cb Build: Upgrade libxslt to latest (1.1.42).
  • d4f56ee Build: Slightly increase the oldest libxslt version that we test against to w...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump lxml from 5.2.2 to 5.3.0
8bb877d 
Bumps [lxml](https://github.com/lxml/lxml) from 5.2.2 to 5.3.0.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-5.2.2...lxml-5.3.0)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 12, 2024
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Aug 12, 2024
edited
Loading

DryRun Security Summary

The provided text summarizes a minor update to the lxml library in a requirements.txt file, which is a routine change that is unlikely to introduce any significant security concerns.

Expand for full summary

Summary:

The code change in the provided requirements.txt file appears to be a minor update to the lxml library, from version 5.2.2 to 5.3.0. From an application security perspective, this change is not particularly interesting or concerning, as the lxml library is a popular XML and HTML parser for Python, and version updates are typically focused on bug fixes, performance improvements, and compatibility updates, rather than addressing significant security vulnerabilities.

The requirements.txt file itself is a standard file used in Python projects to manage dependencies and their versions. It is a common practice to keep this file up-to-date to ensure that the project is using the latest stable versions of the required libraries, which can help address potential security issues. Overall, this code change appears to be a routine update to a common library, and there is nothing particularly noteworthy from an application security perspective. The update should be reviewed and tested as part of the normal development and deployment process, but there are no obvious security concerns raised by this specific change.

Files Changed:

  • requirements.txt: This file has been updated to use the latest version of the lxml library, from 5.2.2 to 5.3.0. This is a minor version update that is unlikely to introduce any significant security vulnerabilities.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Aug 12, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit cefda19 into dev Aug 12, 2024
@dependabot dependabot Bot deleted the dependabot/pip/dev/lxml-5.3.0 branch August 12, 2024 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

+1 more reviewer

@cneill cneill cneill approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cneill @mtesauro