chore(deps): bump lxml from 6.1.0 to 6.1.1

[dependabot]

Bumps lxml from 6.1.0 to 6.1.1.

Changelog

Sourced from lxml's changelog.

6.1.1 (2026-05-18)

Bugs fixed

• The known link attributes in lxml.html.defs.link_attrs were missing xlink:href, which can be used for URL bypass attacks in embedded SVG/MathML/etc. content. GHSA-4jhm-jv67-739f

• The Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.

• The Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.

Commits

• b4a4c59 Build: Fix build in Py3.8.
• a116dcb Fix typo: type annotions -> type annotations in PEP 560 comments (GH-504)
• 7287a75 Prepare release of 6.1.1.
• 5927a6d Add missing "xlink:href" to the known HTML link attributes.
• 23efeb4 Build: Fix build in Py3.8.
• 2c0563b Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...
• 8a35fcc Fix doctest in PyPy3.9.
• See full diff in compare view

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The PR updates the pinned lxml dependency version from 6.1.0 to 6.1.1 in pyproject.toml. This is a single-line version bump within the project.dependencies configuration.

Changes

Dependency Updates

Layer / File(s)	Summary
lxml version bump pyproject.toml	lxml dependency pinned version incremented from 6.1.0 to 6.1.1.

---

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	PR description lacks required sections from template: missing related issue link, incomplete description section, and no completion of mandatory checklist items.	Add 'Resolve #(issue_number)' section with linked issue, expand Description section explaining why lxml 6.1.1 is needed, and check all checklist items (especially changelog and docs generation).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows conventional commits format with type 'chore', scope 'deps', and clearly describes the dependency version bump.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/uv/lxml-6.1.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pyproject.toml (1)

3-3: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Bump project.version minor when changing dependencies.

This dependency change should be accompanied by a minor version bump (patch must remain 0) per repo policy. Please update version = "0.24.0" to the next minor (for example, 0.25.0).

As per coding guidelines, pyproject.toml must follow minor-bump-only versioning: patch version is always 0, and minor is bumped for any change.

Also applies to: 42-42

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pyproject.toml` at line 3, Update the project version string from version =
"0.24.0" to the next minor with patch 0 (e.g., version = "0.25.0") in
pyproject.toml so the project.version follows the repo policy of minor-only
bumps when dependencies change; ensure the patch component remains 0.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@pyproject.toml`:
- Line 3: Update the project version string from version = "0.24.0" to the next
minor with patch 0 (e.g., version = "0.25.0") in pyproject.toml so the
project.version follows the repo policy of minor-only bumps when dependencies
change; ensure the patch component remains 0.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: d95847e8-12ca-4fa3-9743-6803d56655e7

📥 Commits

Reviewing files that changed from the base of the PR and between 5191d53 and 6d4d6e5.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml

[coderabbitai]

Actionable comments posted: 0

[elkaix]

@dependabot rebase

[elkaix]

Superseded by #32, which consolidates this bump with the other two reviewed Dependabot updates into a single PR.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.