fix: Resolve vulnerability: CVE-2020-27783 in lxml

.circleci/config.yml

@@ -37,11 +37,18 @@ jobs:
     steps:
       - checkout
       - run:
+          name: Setup Python environment
           command: |
             sudo .circleci/ci-setup.sh
       - run:
+          name: Run tests and self scan
           command: |
             .circleci/ci-run.sh
+            # audit jake with jake
+            pip3 install -e .
+            # hot mess to uninstall dev requirements before we self scan. probably should move to pipenv
+            pip3 uninstall -r requirements-dev.txt -y
+            jake ddt -q
       - store_test_results: # Upload test results for display in Test Summary: https://circleci.com/docs/2.0/collect-test-data/
           path: test-results
       - store_artifacts: # Upload test summary for display in Artifacts: https://circleci.com/docs/2.0/artifacts/
@@ -60,3 +67,13 @@ workflows:
           context: pypi
           requires:
             - build
+
+  build_nightly:
+    triggers:
+      - schedule:
+          cron: "20 20 * * *"
+          filters:
+            branches:
+              only: main
+    jobs:
+      - build

README.md

@@ -326,6 +326,12 @@ a new issue, or comment on an existing issue, to let others know you are!
 We use [python-semantic-release](https://python-semantic-release.readthedocs.io/en/latest/) to generate patch releases
 from commits to the `main` branch.
 
+For example, to perform a "patch" release, add a commit to `main` with a comment like:
+
+```
+fix: Resolve vulnerability: CVE-2020-27783 in lxml
+```
+
 To avoid performing a release after a commit to the `main` branch, be sure your commit message includes `[skip ci] `.
 
 ## The Fine Print

requirements.txt

@@ -7,7 +7,7 @@ distlib==0.3.1
 idna==2.10
 isort==5.6.4
 lazy-object-proxy==1.4.3
-lxml==4.6.1
+lxml==4.6.2
 mccabe==0.6.1
 oyaml==0.9
 packaging==20.3