ForgeFlux/nodeinfo-test
2
0
Fork 0
Code Issues 1 Pull requests 4 Projects Releases Packages Wiki Activity

chore(deps): update dependency lxml to v5 #18

Merged
realaravinth merged 1 commit from renovate/lxml-5.x into master 2024-06-08 16:33:04 +05:30
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2024-06-08 01:23:41 +05:30
Member
Copy link

This PR contains the following updates:

Package Update Change
lxml (source, changelog) major ==4.9.4 -> ==5.2.2

Release Notes

lxml/lxml (lxml)

v5.2.2

Compare Source

==================

Bugs fixed

  • GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed.
    It is now skipped in that case.

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to
    "core2", without SSE 4.2.

  • If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

v5.2.1

Compare Source

==================

Bugs fixed

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to
    "core2", but with SSE 4.2 enabled.

  • LP#2059977: Element.iterfind("//absolute_path") failed with a SyntaxError
    where it should have issued a warning.

  • GH#416: The documentation build was using the non-standard which command.
    Patch by Michał Górny.

v5.2.0

Compare Source

==================

Other changes

  • LP#1958539: The lxml.html.clean implementation suffered from several (only if used)
    security issues in the past and was now extracted into a separate library:

    https://github.com/fedora-python/lxml_html_clean

    Projects that use lxml without "lxml.html.clean" will not notice any difference,
    except that they won't have potentially vulnerable code installed.
    The module is available as an "extra" setuptools dependency "lxml[html_clean]",
    so that Projects that need "lxml.html.clean" will need to switch their requirements
    from "lxml" to "lxml[html_clean]", or install the new library themselves.

  • The minimum CPU architecture for the Linux x86 binary wheels was upgraded to
    "sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.

  • Built with Cython 3.0.10.

v5.1.1

Compare Source

==================

Bugs fixed

  • LP#2048920: iterlinks() in lxml.html rejected bytes input in 5.1.0.

  • High source line numbers from the parser are no longer truncated
    (up to a C long) when using libxml2 2.11 or later.

Other changes

  • GH#407: A compatibility test was adapted to recent expat versions.
    Patch by Miro Hrončok.

  • Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39.

  • Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39.

  • Built with Cython 3.0.9.

v5.1.0

Compare Source

==================

Features added

  • Parsing ASCII strings is slightly faster.

Bugs fixed

  • GH#349: The HTML Cleaner() interpreted an accidentally provided string parameter
    for the host_whitelist as list of characters and silently failed to reject any hosts.
    Passing a non-collection is now rejected.

Other changes

  • Support for Python 2.7 and Python versions < 3.6 was removed.

  • The wheel build was migrated to use cibuildwheel.
    Patch by Primož Godec.

v5.0.2

Compare Source

==================

Other changes

  • GH#407: A compatibility test was adapted to recent expat versions.
    Patch by Miro Hrončok.

  • Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39.

  • Built with Cython 3.0.9.

v5.0.1

Compare Source

==================

Bugs fixed

  • LP#2046208: Parsing non-BMP Python Unicode strings could fail on macOS.

  • LP#2044225: When incrementally parsing broken HTML, reporting start events on
    missing structural tags failed and could lead to subsequent exceptions.

  • LP#2045435: Some (not all) issues with stricter C compilers were resolved.

  • The binary wheels in the 5.0.0 release did not validate cleanly (but installed ok).

.. _latest_release:

v5.0.0

Compare Source

==================

Features added

  • Character escaping in C14N2 serialisation now uses a single pass over the text
    instead of searching for each unescaped character separately.

  • Early support for Python 3.13a2 was added.

Bugs fixed

  • LP#1976304: The Element.addnext() method previously inserted the new element
    before existing tail text. The tail text of both sibling elements now stays on
    the respective elements.

  • LP#1980767, GH#379: TreeBuilder.close() could fail with a TypeError after
    parsing incorrect input. Original patch by Enrico Minack.

  • Element.itertext(with_tail=False) returned the tail text of comments and
    processing instructions, despite the explicit option.

  • GH#370: A crash with recent libxml2 2.11.x versions was resolved.
    Patch by Michael Schlenker.

  • A compile problem with recent libxml2 2.12.x versions was resolved.

  • The internal exception handling in C callbacks was improved for Cython 3.0.

  • The exception declarations of xmlInputReadCallback, xmlInputCloseCallback,
    xmlOutputWriteCallback and xmlOutputCloseCallback in tree.pxd were
    corrected to prevent running Python code or calling into the C-API with a live
    exception set.

  • GH#385: The long deprecated unittest.m̀akeSuite() function is no longer used.
    Patch by Miro Hrončok.

  • LP#1522052: A file-system specific test is now optional and should no longer fail
    on systems that don't support it.

  • GH#392: Some tests were adapted for libxml2 2.13.
    Patch by Nick Wellnhofer.

  • Contains all fixes from lxml 4.9.4.

Other changes

  • LP#1742885: lxml no longer expands external entities (XXE) by default to prevent
    the security risk of loading arbitrary files and URLs. If this feature is needed,
    it can be enabled in a backwards compatible way by using a parser with the option
    resolve_entities=True. The new default is resolve_entities='internal'.

  • With libxml2 2.10.4 and later (as provided by the lxml 5.0 binary wheels),
    parsing HTML tags with "prefixes" no longer builds a namespace dictionary
    in nsmap but considers the prefix:name string the actual tag name.
    With older libxml2 versions, since 2.9.11, the prefix was removed. Before
    that, the prefix was parsed as XML prefix.

    lxml 5.0 does not try to hide this difference but now changes the ElementPath
    implementation to let element.find("part1:part2") search for the tag
    part1:part2 in documents parsed as HTML, instead of looking only for part2.

  • LP#2024343: The validation of the schema file itself is now optional in the
    ISO-Schematron implementation. This was done because some lxml distributions
    discard the RNG validation schema file due to licensing issues. The validation
    can now always be disabled with Schematron(..., validate_schema=False).
    It is enabled by default if available and disabled otherwise. The module
    constant lxml.isoschematron.schematron_schema_valid_supported can be used
    to detect whether schema file validation is available.

  • Some redundant and long deprecated methods were removed:
    parser.setElementClassLookup(),
    xslt_transform.apply(),
    xpath.evaluate().

  • Some incorrect declarations were removed from python.pxd. In general, this file
    should not be used by external Cython code. Use the C-API declarations provided by
    Cython itself instead.

  • Binary wheels use the library versions libxml2 2.12.3 and libxslt 1.1.39.

  • Built with Cython 3.0.7, updated to follow recent changes in Cython 3.1-dev.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [lxml](https://lxml.de/) ([source](https://github.com/lxml/lxml), [changelog](https://git.launchpad.net/lxml/plain/CHANGES.txt)) | major | `==4.9.4` -> `==5.2.2` | --- ### Release Notes <details> <summary>lxml/lxml (lxml)</summary> ### [`v5.2.2`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#522-2024-05-12) [Compare Source](https://github.com/lxml/lxml/compare/lxml-5.2.1...lxml-5.2.2) \================== ## Bugs fixed - [GH#417](https://github.com/GH/lxml/issues/417): The `test_feed_parser` test could fail if `lxml_html_clean` was not installed. It is now skipped in that case. - [LP#2059910](https://github.com/LP/lxml/issues/2059910): The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2. - If libxml2 uses iconv, the compile time version is available as `etree.ICONV_COMPILED_VERSION`. ### [`v5.2.1`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#521-2024-04-02) [Compare Source](https://github.com/lxml/lxml/compare/lxml-5.2.0...lxml-5.2.1) \================== ## Bugs fixed - [LP#2059910](https://github.com/LP/lxml/issues/2059910): The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", but with SSE 4.2 enabled. - [LP#2059977](https://github.com/LP/lxml/issues/2059977): `Element.iterfind("//absolute_path")` failed with a `SyntaxError` where it should have issued a warning. - [GH#416](https://github.com/GH/lxml/issues/416): The documentation build was using the non-standard `which` command. Patch by Michał Górny. ### [`v5.2.0`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#520-2024-03-30) [Compare Source](https://github.com/lxml/lxml/compare/lxml-5.1.1...lxml-5.2.0) \================== ## Other changes - [LP#1958539](https://github.com/LP/lxml/issues/1958539): The `lxml.html.clean` implementation suffered from several (only if used) security issues in the past and was now extracted into a separate library: https://github.com/fedora-python/lxml_html_clean Projects that use lxml without "lxml.html.clean" will not notice any difference, except that they won't have potentially vulnerable code installed. The module is available as an "extra" setuptools dependency "lxml\[html_clean]", so that Projects that need "lxml.html.clean" will need to switch their requirements from "lxml" to "lxml\[html_clean]", or install the new library themselves. - The minimum CPU architecture for the Linux x86 binary wheels was upgraded to "sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux\_2\_28) wheels were added. - Built with Cython 3.0.10. ### [`v5.1.1`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#511-2024-03-28) [Compare Source](https://github.com/lxml/lxml/compare/lxml-5.1.0...lxml-5.1.1) \================== ## Bugs fixed - [LP#2048920](https://github.com/LP/lxml/issues/2048920): `iterlinks()` in `lxml.html` rejected `bytes` input in 5.1.0. - High source line numbers from the parser are no longer truncated (up to a C `long`) when using libxml2 2.11 or later. ## Other changes - [GH#407](https://github.com/GH/lxml/issues/407): A compatibility test was adapted to recent expat versions. Patch by Miro Hrončok. - Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39. - Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39. - Built with Cython 3.0.9. ### [`v5.1.0`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#510-2024-01-05) [Compare Source](https://github.com/lxml/lxml/compare/lxml-5.0.2...lxml-5.1.0) \================== ## Features added - Parsing ASCII strings is slightly faster. ## Bugs fixed - [GH#349](https://github.com/GH/lxml/issues/349): The HTML `Cleaner()` interpreted an accidentally provided string parameter for the `host_whitelist` as list of characters and silently failed to reject any hosts. Passing a non-collection is now rejected. ## Other changes - Support for Python 2.7 and Python versions < 3.6 was removed. - The wheel build was migrated to use `cibuildwheel`. Patch by Primož Godec. ### [`v5.0.2`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#502-2024-03-28) [Compare Source](https://github.com/lxml/lxml/compare/lxml-5.0.1...lxml-5.0.2) \================== ## Other changes - [GH#407](https://github.com/GH/lxml/issues/407): A compatibility test was adapted to recent expat versions. Patch by Miro Hrončok. - Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39. - Built with Cython 3.0.9. ### [`v5.0.1`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#501-2024-01-05) [Compare Source](https://github.com/lxml/lxml/compare/lxml-5.0.0...lxml-5.0.1) \================== ## Bugs fixed - [LP#2046208](https://github.com/LP/lxml/issues/2046208): Parsing non-BMP Python Unicode strings could fail on macOS. - [LP#2044225](https://github.com/LP/lxml/issues/2044225): When incrementally parsing broken HTML, reporting start events on missing structural tags failed and could lead to subsequent exceptions. - [LP#2045435](https://github.com/LP/lxml/issues/2045435): Some (not all) issues with stricter C compilers were resolved. - The binary wheels in the 5.0.0 release did not validate cleanly (but installed ok). .. \_latest_release: ### [`v5.0.0`](https://github.com/lxml/lxml/blob/HEAD/CHANGES.txt#500-2023-12-29) [Compare Source](https://github.com/lxml/lxml/compare/lxml-4.9.4...lxml-5.0.0) \================== ## Features added - Character escaping in `C14N2` serialisation now uses a single pass over the text instead of searching for each unescaped character separately. - Early support for Python 3.13a2 was added. ## Bugs fixed - [LP#1976304](https://github.com/LP/lxml/issues/1976304): The `Element.addnext()` method previously inserted the new element before existing tail text. The tail text of both sibling elements now stays on the respective elements. - [LP#1980767](https://github.com/LP/lxml/issues/1980767), [GH#379](https://github.com/GH/lxml/issues/379): `TreeBuilder.close()` could fail with a `TypeError` after parsing incorrect input. Original patch by Enrico Minack. - `Element.itertext(with_tail=False)` returned the tail text of comments and processing instructions, despite the explicit option. - [GH#370](https://github.com/GH/lxml/issues/370): A crash with recent libxml2 2.11.x versions was resolved. Patch by Michael Schlenker. - A compile problem with recent libxml2 2.12.x versions was resolved. - The internal exception handling in C callbacks was improved for Cython 3.0. - The exception declarations of `xmlInputReadCallback`, `xmlInputCloseCallback`, `xmlOutputWriteCallback` and `xmlOutputCloseCallback` in `tree.pxd` were corrected to prevent running Python code or calling into the C-API with a live exception set. - [GH#385](https://github.com/GH/lxml/issues/385): The long deprecated `unittest.m̀akeSuite()` function is no longer used. Patch by Miro Hrončok. - [LP#1522052](https://github.com/LP/lxml/issues/1522052): A file-system specific test is now optional and should no longer fail on systems that don't support it. - [GH#392](https://github.com/GH/lxml/issues/392): Some tests were adapted for libxml2 2.13. Patch by Nick Wellnhofer. - Contains all fixes from lxml 4.9.4. ## Other changes - [LP#1742885](https://github.com/LP/lxml/issues/1742885): lxml no longer expands external entities (XXE) by default to prevent the security risk of loading arbitrary files and URLs. If this feature is needed, it can be enabled in a backwards compatible way by using a parser with the option `resolve_entities=True`. The new default is `resolve_entities='internal'`. - With libxml2 2.10.4 and later (as provided by the lxml 5.0 binary wheels), parsing HTML tags with "prefixes" no longer builds a namespace dictionary in `nsmap` but considers the `prefix:name` string the actual tag name. With older libxml2 versions, since 2.9.11, the prefix was removed. Before that, the prefix was parsed as XML prefix. lxml 5.0 does not try to hide this difference but now changes the ElementPath implementation to let `element.find("part1:part2")` search for the tag `part1:part2` in documents parsed as HTML, instead of looking only for `part2`. - [LP#2024343](https://github.com/LP/lxml/issues/2024343): The validation of the schema file itself is now optional in the ISO-Schematron implementation. This was done because some lxml distributions discard the RNG validation schema file due to licensing issues. The validation can now always be disabled with `Schematron(..., validate_schema=False)`. It is enabled by default if available and disabled otherwise. The module constant `lxml.isoschematron.schematron_schema_valid_supported` can be used to detect whether schema file validation is available. - Some redundant and long deprecated methods were removed: `parser.setElementClassLookup()`, `xslt_transform.apply()`, `xpath.evaluate()`. - Some incorrect declarations were removed from `python.pxd`. In general, this file should not be used by external Cython code. Use the C-API declarations provided by Cython itself instead. - Binary wheels use the library versions libxml2 2.12.3 and libxslt 1.1.39. - Built with Cython 3.0.7, updated to follow recent changes in Cython 3.1-dev. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTkuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5OS4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbInJlbm92YXRlLWJvdCJdfQ==-->
renovate-bot added the
renovate-bot
 label 2024-06-08 01:23:41 +05:30
renovate-bot force-pushed renovate/lxml-5.x from 117c41a28b to 37f000b5b7 2024-06-08 02:04:43 +05:30 Compare
renovate-bot force-pushed renovate/lxml-5.x from 37f000b5b7 to ac06726a82 2024-06-08 13:35:33 +05:30 Compare
realaravinth merged commit f133750a72 into master 2024-06-08 16:33:04 +05:30
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
  
renovate-bot

   
renovate-security

   
security
No labels
renovate-bot
renovate-security
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: ForgeFlux/nodeinfo-test#18
No description provided.
Delete branch "renovate/lxml-5.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?