Commit 1a35ece
build(deps): bump lxml from 6.1.0 to 6.1.1 (#614)
Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's
changelog</a>.</em></p>
<blockquote>
<h1>6.1.1 (2026-05-18)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>
<p>The known link attributes in <code>lxml.html.defs.link_attrs</code>
were missing <code>xlink:href</code>,
which can be used for URL bypass attacks in embedded SVG/MathML/etc.
content.
<a
href="https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f">https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f</a></p>
</li>
<li>
<p>The Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424
and CVE-2025-11731.</p>
</li>
<li>
<p>The Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and
CVE-2025-11731.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a"><code>b4a4c59</code></a>
Build: Fix build in Py3.8.</li>
<li><a
href="https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff"><code>a116dcb</code></a>
Fix typo: type annotions -> type annotations in PEP 560 comments (<a
href="https://redirect.github.com/lxml/lxml/issues/504">GH-504</a>)</li>
<li><a
href="https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6"><code>7287a75</code></a>
Prepare release of 6.1.1.</li>
<li><a
href="https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0"><code>5927a6d</code></a>
Add missing "xlink:href" to the known HTML link
attributes.</li>
<li><a
href="https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c"><code>23efeb4</code></a>
Build: Fix build in Py3.8.</li>
<li><a
href="https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e"><code>2c0563b</code></a>
Build: Add bug patch for libxslt 1.1.43 and apply it during the static
librar...</li>
<li><a
href="https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7"><code>8a35fcc</code></a>
Fix doctest in PyPy3.9.</li>
<li>See full diff in <a
href="https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rob Mitchell <40571882+robertandremitchell@users.noreply.github.com>
Co-authored-by: Rob Mitchell <robert.a.mitchell@skylight.digital>1 parent bf5425f commit 1a35ece
1 file changed
Lines changed: 46 additions & 44 deletions
0 commit comments