chore(deps): update dependency lxml to v6.1.1#1628
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates the pinned lxml dependency from 6.1.0 to 6.1.1 to incorporate security fixes (xlink:href in link_attrs, libxslt CVE-2025-7424 and CVE-2025-11731).
Changes:
- Bumps
lxmlfrom6.1.0to6.1.1in the dependency-installation helper script.
☂️ Code Coverage
Overall Coverage
New FilesNo new covered files... Modified FilesNo covered modified files...
|
Test Results 4 files 4 suites 40m 14s ⏱️ Results for commit 9c83230. ♻️ This comment has been updated with latest results. |
amilcarlucas
force-pushed
the
renovate/lxml-6.x
branch
from
8735209 to
280082d
Compare
Coverage Report for CI Build 26430382903Warning No base build found for commit Coverage: 94.649%Details
Uncovered ChangesNo uncovered changes found. Coverage RegressionsRequires a base build to compare against. How to fix this → Coverage Stats
💛 - Coveralls |
amilcarlucas
force-pushed
the
renovate/lxml-6.x
branch
from
280082d to
9c83230
Compare
This PR contains the following updates:
6.1.0→6.1.1Release Notes
lxml/lxml (lxml)
v6.1.1Compare Source
==================
Bugs fixed
The known link attributes in
lxml.html.defs.link_attrswere missingxlink:href,which can be used for URL bypass attacks in embedded SVG/MathML/etc. content.
https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f
The Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.
The Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.