From f0aacc63ff252a860f636657398bed7e37766b67 Mon Sep 17 00:00:00 2001
From: Jose Tomas Robles Hahn <jtrobles@cordada.com>
Date: Mon, 5 Feb 2024 19:09:42 -0300
Subject: [PATCH] chore(deps): Update `lxml` from 4.9.4 to 5.1.0

- [Software Repository](https://pypi.org/project/lxml/5.1.0/)
- [Release notes](https://github.com/lxml/lxml/blob/lxml-5.1.0/CHANGES.txt#L5)
- [Changelog](https://github.com/lxml/lxml/blob/lxml-5.1.0/CHANGES.txt#L5)
- [Commits](https://github.com/lxml/lxml/compare/lxml-4.9.4...lxml-5.1.0)
---
 requirements.in                  |  2 +-
 requirements.txt                 |  2 +-
 setup.py                         |  2 +-
 src/tests/test_libs_xml_utils.py | 10 +++++++---
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/requirements.in b/requirements.in
index 02a3a75d..313df023 100644
--- a/requirements.in
+++ b/requirements.in
@@ -11,7 +11,7 @@ Django>=2.2.24
 djangorestframework>=3.10.3,<3.15
 importlib-metadata==6.1.0
 jsonschema==4.21.1
-lxml==4.9.4
+lxml==5.1.0
 marshmallow==3.20.2
 pydantic==2.6.1
 pyOpenSSL==24.0.0
diff --git a/requirements.txt b/requirements.txt
index 30d7da70..4c5cd68f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -39,7 +39,7 @@ jsonschema==4.21.1
     # via -r requirements.in
 jsonschema-specifications==2023.7.1
     # via jsonschema
-lxml==4.9.4
+lxml==5.1.0
     # via
     #   -r requirements.in
     #   signxml
diff --git a/setup.py b/setup.py
index 838138ae..6d84bfb1 100644
--- a/setup.py
+++ b/setup.py
@@ -24,7 +24,7 @@ def get_version(*file_paths: str) -> str:
     'cryptography>=38.0.0',
     'defusedxml>=0.6.0,<1',
     'jsonschema>=3.1.1',
-    'lxml>=4.6.5,<5',
+    'lxml>=4.6.5,<6',
     'marshmallow>=3,<4',
     'pydantic>=2.3.0,!=1.7.*,!=1.8.*,!=1.9.*',
     'pyOpenSSL>=22.0.0',
diff --git a/src/tests/test_libs_xml_utils.py b/src/tests/test_libs_xml_utils.py
index 2ab5c33c..e30c7f45 100644
--- a/src/tests/test_libs_xml_utils.py
+++ b/src/tests/test_libs_xml_utils.py
@@ -51,17 +51,21 @@ def test_attack_billion_laughs_1(self) -> None:
 
         self.assertSequenceEqual(
             cm.exception.args,
-            ("XML syntax error. Detected an entity reference loop, line 1, column 7.",),
+            (
+                "XML syntax error."
+                " Maximum entity amplification factor exceeded, see xmlCtxtSetMaxAmplification.,"
+                " line 1, column 25.",
+            ),
         )
 
     def test_attack_billion_laughs_2(self) -> None:
         value = read_test_file_bytes('test_data/xml/attacks/billion-laughs-2.xml')
-        with self.assertRaises(XmlSyntaxError) as cm:
+        with self.assertRaises(XmlFeatureForbidden) as cm:
             parse_untrusted_xml(value)
 
         self.assertSequenceEqual(
             cm.exception.args,
-            ("XML syntax error. Detected an entity reference loop, line 1, column 4.",),
+            ("XML uses or contains a forbidden feature.",),
         )
 
     def test_attack_quadratic_blowup(self) -> None: