ForgeFlux/host-meta-test
2
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity

chore(deps): update dependency xmltodict to v0.15.1 #29

Open
renovate-bot wants to merge 1 commit from renovate/xmltodict-0.x into master
pull from: renovate/xmltodict-0.x
merge into: ForgeFlux:master
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2025-09-08 05:15:38 +05:30
Member
Copy link

This PR contains the following updates:

Package Change Age Confidence
xmltodict ==0.14.2 -> ==0.15.1 age confidence

Release Notes

martinblech/xmltodict (xmltodict)

v0.15.1

Compare Source

  • Security: Further harden XML injection prevention during unparse (follow-up to
    v0.15.0). In addition to '<'/'>' rejection, now also reject element and
    attribute names (including @xmlns prefixes) that:
    • start with '?' or '!'
    • contain '/' or any whitespace
    • contain quotes (' or ") or '='
    • are non-strings (names must be str; no coercion)

v0.15.0

Compare Source

  • Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
    element and attribute names (including @xmlns prefixes) during unparse.
    This limits validation to avoiding tag-context escapes; attribute values
    continue to be escaped by the SAX XMLGenerator.
    Advisory: https://fluidattacks.com/advisories/mono

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [xmltodict](https://github.com/martinblech/xmltodict) | `==0.14.2` -> `==0.15.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/xmltodict/0.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/xmltodict/0.14.2/0.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>martinblech/xmltodict (xmltodict)</summary> ### [`v0.15.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0151) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.15.0...v0.15.1) - Security: Further harden XML injection prevention during unparse (follow-up to v0.15.0). In addition to '<'/'>' rejection, now also reject element and attribute names (including `@xmlns` prefixes) that: - start with '?' or '!' - contain '/' or any whitespace - contain quotes (' or ") or '=' - are non-strings (names must be `str`; no coercion) ### [`v0.15.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0150) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.2...v0.15.0) - Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including `@xmlns` prefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAX `XMLGenerator`. Advisory: <https://fluidattacks.com/advisories/mono> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny45IiwidXBkYXRlZEluVmVyIjoiNDEuMTEzLjMiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsicmVub3ZhdGUtYm90Il19-->
renovate-bot force-pushed renovate/xmltodict-0.x from 95ca8a8406 to f71c8a6916 2025-09-15 05:15:43 +05:30 Compare
renovate-bot changed title from chore(deps): update dependency xmltodict to v0.15.0 to chore(deps): update dependency xmltodict to v0.15.1 2025-09-15 05:15:43 +05:30
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/xmltodict-0.x:renovate/xmltodict-0.x
git switch renovate/xmltodict-0.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master
git merge --no-ff renovate/xmltodict-0.x
git switch renovate/xmltodict-0.x
git rebase master
git switch master
git merge --ff-only renovate/xmltodict-0.x
git switch renovate/xmltodict-0.x
git rebase master
git switch master
git merge --no-ff renovate/xmltodict-0.x
git switch master
git merge --squash renovate/xmltodict-0.x
git switch master
git merge --ff-only renovate/xmltodict-0.x
git switch master
git merge renovate/xmltodict-0.x
git push origin master
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
  
renovate-bot

   
renovate-security

   
security
No labels
renovate-bot
renovate-security
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ForgeFlux/host-meta-test!29
No description provided.