ForgeFlux/host-meta-test
2
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity

chore(deps): update dependency xmltodict to v1 #30

Open
renovate-bot wants to merge 1 commit from renovate/xmltodict-1.x into master
pull from: renovate/xmltodict-1.x
merge into: ForgeFlux:master
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2025-09-15 05:15:46 +05:30
Member
Copy link

This PR contains the following updates:

Package Change Age Confidence
xmltodict ==0.14.2 -> ==1.0.2 age confidence

Release Notes

martinblech/xmltodict (xmltodict)

v1.0.2

Compare Source

Bug Fixes
  • allow DOCTYPE with disable_entities=True (default) (25b61a4)

v1.0.1

Compare Source

Bug Fixes
  • fail closed when entities disabled (c986d2d)
  • validate XML comments (3d4d2d3)
Documentation
  • add SECURITY.md (6413023)
  • clarify behavior for empty lists (2025b5c)
  • clarify process_comments docs (6b464fc)
  • clarify strip whitespace comment behavior (b3e2203)
  • create AGENTS.md for coding agents (0da66ee)
  • replace travis with actions badge (2576b94)
  • update CONTRIBUTING.md (db39180)

v1.0.0

Compare Source

⚠ BREAKING CHANGES
  • modernize for Python 3.9+; drop legacy compat paths
Features
  • unparse: add limited XML comment round-trip; unify _emit behavior (e43537e)
  • unparse: add selective force_cdata support (bool/tuple/callable) (a497fed), closes #​375
Bug Fixes
  • namespaces: attach [@xmlns](https://github.com/xmlns) to declaring element when process_namespaces=True (f0322e5), closes #​163
  • streaming: avoid parent accumulation at item_depth; add regression tests (220240c)
  • unparse: handle non-string #text with attributes; unify value conversion (927a025), closes #​366
  • unparse: skip empty lists to keep pretty/compact outputs consistent (ab4c86f)
Reverts
  • remove initial Release Drafter config (c0b74ed)
Documentation
  • readme: add API reference for parse()/unparse() kwargs (e5039ad)
  • readme: mention types-xmltodict stub package (58ec03e)
Code Refactoring
  • modernize for Python 3.9+; drop legacy compat paths (7364427)

v0.15.1

Compare Source

  • Security: Further harden XML injection prevention during unparse (follow-up to
    v0.15.0). In addition to '<'/'>' rejection, now also reject element and
    attribute names (including @xmlns prefixes) that:
    • start with '?' or '!'
    • contain '/' or any whitespace
    • contain quotes (' or ") or '='
    • are non-strings (names must be str; no coercion)

v0.15.0

Compare Source

  • Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
    element and attribute names (including @xmlns prefixes) during unparse.
    This limits validation to avoiding tag-context escapes; attribute values
    continue to be escaped by the SAX XMLGenerator.
    Advisory: https://fluidattacks.com/advisories/mono

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [xmltodict](https://github.com/martinblech/xmltodict) | `==0.14.2` -> `==1.0.2` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/xmltodict/1.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/xmltodict/0.14.2/1.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>martinblech/xmltodict (xmltodict)</summary> ### [`v1.0.2`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#102-2025-09-17) [Compare Source](https://github.com/martinblech/xmltodict/compare/v1.0.1...v1.0.2) ##### Bug Fixes - allow DOCTYPE with disable\_entities=True (default) ([25b61a4](https://github.com/martinblech/xmltodict/commit/25b61a41f580cfc211df07c5fbbf603bd8eb5a5f)) ### [`v1.0.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#101-2025-09-17) [Compare Source](https://github.com/martinblech/xmltodict/compare/v1.0.0...v1.0.1) ##### Bug Fixes - fail closed when entities disabled ([c986d2d](https://github.com/martinblech/xmltodict/commit/c986d2d37a93d45fcc059b09063d9d9c45a655ec)) - validate XML comments ([3d4d2d3](https://github.com/martinblech/xmltodict/commit/3d4d2d3a4cd0f68d1211dba549010261fa87b969)) ##### Documentation - add SECURITY.md ([6413023](https://github.com/martinblech/xmltodict/commit/64130233c8fea272a5f82f2f585e1593523ec1b1)) - clarify behavior for empty lists ([2025b5c](https://github.com/martinblech/xmltodict/commit/2025b5cb5e64fc9c4d54b8644187a0a193bdd0ed)) - clarify process\_comments docs ([6b464fc](https://github.com/martinblech/xmltodict/commit/6b464fce284a93dbb292f3d063c9f310a478a014)) - clarify strip whitespace comment behavior ([b3e2203](https://github.com/martinblech/xmltodict/commit/b3e22032d21cc387d6cecf3930116e8fdc3151cf)) - create AGENTS.md for coding agents ([0da66ee](https://github.com/martinblech/xmltodict/commit/0da66ee797ced7479312aecef92c6a25e235007c)) - replace travis with actions badge ([2576b94](https://github.com/martinblech/xmltodict/commit/2576b94c918fbd154489a95dbbb3feda8bd3cbd8)) - update CONTRIBUTING.md ([db39180](https://github.com/martinblech/xmltodict/commit/db3918057cf125af989a1263d52df8df5ef8c642)) ### [`v1.0.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#100-2025-09-12) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.15.1...v1.0.0) ##### ⚠ BREAKING CHANGES - modernize for Python 3.9+; drop legacy compat paths ##### Features - **unparse:** add limited XML comment round-trip; unify `_emit` behavior ([e43537e](https://github.com/martinblech/xmltodict/commit/e43537eee61c20ef50f0e4242eb9223de7a6aefd)) - **unparse:** add selective `force_cdata` support (bool/tuple/callable) ([a497fed](https://github.com/martinblech/xmltodict/commit/a497fedb7d6103d68af155543ac3337a73778b19)), closes [#&#8203;375](https://github.com/martinblech/xmltodict/issues/375) ##### Bug Fixes - **namespaces:** attach `[@xmlns](https://github.com/xmlns)` to declaring element when process\_namespaces=True ([f0322e5](https://github.com/martinblech/xmltodict/commit/f0322e578184421693434902547f330f4f0a44c3)), closes [#&#8203;163](https://github.com/martinblech/xmltodict/issues/163) - **streaming:** avoid parent accumulation at item\_depth; add regression tests ([220240c](https://github.com/martinblech/xmltodict/commit/220240c5eb2d12b75adf26cc84ec9c803ce8bb2b)) - **unparse:** handle non-string `#text` with attributes; unify value conversion ([927a025](https://github.com/martinblech/xmltodict/commit/927a025ae8a62cbb542d5caff38b29161a2096fa)), closes [#&#8203;366](https://github.com/martinblech/xmltodict/issues/366) - **unparse:** skip empty lists to keep pretty/compact outputs consistent ([ab4c86f](https://github.com/martinblech/xmltodict/commit/ab4c86fed24dc8ef0e932a524edfb01c6453ecf6)) ##### Reverts - remove initial Release Drafter config ([c0b74ed](https://github.com/martinblech/xmltodict/commit/c0b74ed58f933bffd160c60a58620f672710ff7c)) ##### Documentation - **readme:** add API reference for parse()/unparse() kwargs ([e5039ad](https://github.com/martinblech/xmltodict/commit/e5039ad3f5159cc45ac1d52c4aa901ca50d4c722)) - **readme:** mention types-xmltodict stub package ([58ec03e](https://github.com/martinblech/xmltodict/commit/58ec03e6d94f17ed359742d9ce2f99e796669694)) ##### Code Refactoring - modernize for Python 3.9+; drop legacy compat paths ([7364427](https://github.com/martinblech/xmltodict/commit/7364427c86c62f55ad4c2dce96df6761da69c354)) ### [`v0.15.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0151) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.15.0...v0.15.1) - Security: Further harden XML injection prevention during unparse (follow-up to v0.15.0). In addition to '<'/'>' rejection, now also reject element and attribute names (including `@xmlns` prefixes) that: - start with '?' or '!' - contain '/' or any whitespace - contain quotes (' or ") or '=' - are non-strings (names must be `str`; no coercion) ### [`v0.15.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0150) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.2...v0.15.0) - Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including `@xmlns` prefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAX `XMLGenerator`. Advisory: <https://fluidattacks.com/advisories/mono> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMTMuMyIsInVwZGF0ZWRJblZlciI6IjQxLjEyMi4zIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbInJlbm92YXRlLWJvdCJdfQ==-->
renovate-bot force-pushed renovate/xmltodict-1.x from e5ff7ad246 to 9deb60c55c 2025-09-22 05:19:36 +05:30 Compare
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/xmltodict-1.x:renovate/xmltodict-1.x
git switch renovate/xmltodict-1.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master
git merge --no-ff renovate/xmltodict-1.x
git switch renovate/xmltodict-1.x
git rebase master
git switch master
git merge --ff-only renovate/xmltodict-1.x
git switch renovate/xmltodict-1.x
git rebase master
git switch master
git merge --no-ff renovate/xmltodict-1.x
git switch master
git merge --squash renovate/xmltodict-1.x
git switch master
git merge --ff-only renovate/xmltodict-1.x
git switch master
git merge renovate/xmltodict-1.x
git push origin master
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
  
renovate-bot

   
renovate-security

   
security
No labels
renovate-bot
renovate-security
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ForgeFlux/host-meta-test!30
No description provided.