Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Bump lxml from 4.6.2 to 4.6.3 in /desktop/core (#1952)
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.2 to 4.6.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>.</em></p> <blockquote> <h1>4.6.3 (2021-03-21)</h1> <h2>Bugs fixed</h2> <ul> <li>A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 <code>formaction</code> attribute.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999"><code>a5f9cb5</code></a> Prepare release of lxml 4.6.3.</li> <li><a href="https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d"><code>2d01a1b</code></a> Add HTML-5 "formaction" attribute to "defs.link_attrs" (<a href="https://github-redirect.dependabot.com/lxml/lxml/issues/316">GH-316</a>)</li> <li><a href="https://github.com/lxml/lxml/commit/e986a9cb5d54827c59aefa8803bc90954d67221e"><code>e986a9c</code></a> Fix reference in docs.</li> <li>See full diff in <a href="https://github.com/lxml/lxml/compare/lxml-4.6.2...lxml-4.6.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end)
- Loading branch information
1 parent
9055ef8
commit 0001b34