Skip to content

Bump the production-dependencies group across 1 directory with 5 updates#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-91bb4ebb59
Open

Bump the production-dependencies group across 1 directory with 5 updates#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-91bb4ebb59

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 13, 2026
edited
Loading

Bumps the production-dependencies group with 5 updates in the / directory:

Package From To
beautifulsoup4 4.12.2 4.14.3
lxml 4.9.3 6.0.4
feedgenerator 2.1.0 2.2.1
django 4.2.24 6.0.4
python-dateutil 2.9.0 2.9.0.post0

Updates beautifulsoup4 from 4.12.2 to 4.14.3

Updates lxml from 4.9.3 to 6.0.4

Release notes

Sourced from lxml's releases.

lxml-6.0.4

No release notes provided.

lxml-6.0.3

No release notes provided.

lxml-6.0.2

No release notes provided.

lxml-6.0.1

No release notes provided.

lxml-6.0.0

No release notes provided.

lxml-5.4.0

5.4.0 (2025-04-22)

Bugs fixed

  • LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin, see https://bugs.launchpad.net/lxml/+bug/2107279

lxml-5.3.2

No release notes provided.

lxml-5.3.1

No release notes provided.

lxml-5.3.0

No release notes provided.

lxml-5.2.2

5.2.2 (2024-05-12)

Bugs fixed

  • GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

  • If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

... (truncated)

Changelog

Sourced from lxml's changelog.

6.0.4 (2026-04-12)

Bugs fixed

  • LP#2148019: Spurious MemoryError during namespace cleanup.

6.0.3 (2026-04-09)

Bugs fixed

  • Several out of memory error cases now raise MemoryError that were not handled before.

  • Slicing with large step values (outside of +/- sys.maxsize) could trigger undefined C behaviour.

  • LP#2125399: Some failing tests were fixed or disabled in PyPy.

  • LP#2138421: Memory leak in error cases when setting the public_id or system_url of a document.

  • Memory leak in case of a memory allocation failure when copying document subtrees.

  • When mapping an XPath result to Python failed, the result memory could leak.

  • When preparing an XSLT transform failed, the XSLT parameter memory could leak.

Other changes

  • Built using Cython 3.2.4.

  • Binary wheels use zlib 1.3.2.

6.0.2 (2025-09-21)

Bugs fixed

  • LP#2125278: Compilation with libxml2 2.15.0 failed. Original patch by Xi Ruoyao.

  • Setting decompress=True in the parser had no effect in libxml2 2.15.

  • Binary wheels on Linux and macOS use the library version libxml2 2.14.6. See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.6

... (truncated)

Commits
  • 1fd1d6b Fix release date.
  • 5154859 CI: Include all library versions in libs cache key to asssure updated on vers...
  • 6a606f3 Add "doesn't crash" tests for LP#2148019.
  • f488f16 Prepare release of 6.0.4.
  • 1255d98 LP#2148019: Prevent spurious MemoryError during namespace cleanup.
  • 03b0c4a Remove dead type check.
  • a6f833c Fix release date.
  • 973d059 Update changelog.
  • 9044a52 Build: Downgrade libiconv to 1.18 since 1.19 does not build reliably.
  • a34dfdd Build: Upgrade libiconv to 1.19.
  • Additional commits viewable in compare view

Updates feedgenerator from 2.1.0 to 2.2.1

Release notes

Sourced from feedgenerator's releases.

FeedGenerator 2.2.1

Restore missing content property to default item dictionary (#47 by @​uda)

FeedGenerator 2.2.0

  • Update to latest upstream code from Django 5.2 (#44 — thanks to @​uda)
  • Remove pytz as a dependency on non-Windows systems (#43 — thanks to @​do3cc)
  • Use standardized pyproject file (#37 — thanks to @​venthur)
  • Drop support for EOL Python 3.7 & 3.8 (@​justinmayer)
Changelog

Sourced from feedgenerator's changelog.

2.2.1 - 2025-08-17

Restore missing content property to default item dictionary.

2.2.0 - 2025-07-14

  • Update to latest upstream code from Django 5.2
  • Remove pytz as a dependency on non-Windows systems
  • Use standardized pyproject file
  • Drop support for EOL Python 3.7 & 3.8
Commits
  • 1412182 Release FeedGenerator 2.2.1
  • d6fdf49 Restore content to default item dict (#48)
  • d4d6b5a Adjust project to look for README.md
  • 339e5a6 docs: Convert README to Markdown & add more badges
  • f01c06e Rename README to prepare for Markdown conversion
  • b53e364 Use correct pyproject header for dev dependencies
  • c448e55 Release FeedGenerator 2.2.0
  • f0de665 Prepare release
  • 7176064 Switch build system from Setuptools to Hatchling
  • 3d8738c Remove upper bound on supported Python versions
  • Additional commits viewable in compare view

Updates django from 4.2.24 to 6.0.4

Commits

Updates python-dateutil from 2.9.0 to 2.9.0.post0

Release notes

Sourced from python-dateutil's releases.

2.9.0.post0

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.
Changelog

Sourced from python-dateutil's changelog.

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 13, 2026
@dependabot
Bump the production-dependencies group across 1 directory with 5 updates
58f64aa 
Bumps the production-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.12.2` | `4.14.3` |
| [lxml](https://github.com/lxml/lxml) | `4.9.3` | `6.0.4` |
| [feedgenerator](https://github.com/getpelican/feedgenerator) | `2.1.0` | `2.2.1` |
| [django](https://github.com/django/django) | `4.2.24` | `6.0.4` |
| [python-dateutil](https://github.com/dateutil/dateutil) | `2.9.0` | `2.9.0.post0` |



Updates `beautifulsoup4` from 4.12.2 to 4.14.3

Updates `lxml` from 4.9.3 to 6.0.4
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.9.3...lxml-6.0.4)

Updates `feedgenerator` from 2.1.0 to 2.2.1
- [Release notes](https://github.com/getpelican/feedgenerator/releases)
- [Changelog](https://github.com/getpelican/feedgenerator/blob/main/CHANGELOG.md)
- [Commits](getpelican/feedgenerator@2.1.0...2.2.1)

Updates `django` from 4.2.24 to 6.0.4
- [Commits](django/django@4.2.24...6.0.4)

Updates `python-dateutil` from 2.9.0 to 2.9.0.post0
- [Release notes](https://github.com/dateutil/dateutil/releases)
- [Changelog](https://github.com/dateutil/dateutil/blob/master/NEWS)
- [Commits](dateutil/dateutil@2.9.0...2.9.0.post0)

---
updated-dependencies:
- dependency-name: beautifulsoup4
  dependency-version: 4.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: django
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: feedgenerator
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: lxml
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: python-dateutil
  dependency-version: 2.9.0.post0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the production-dependencies group with 5 updates Bump the production-dependencies group across 1 directory with 5 updates May 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/production-dependencies-91bb4ebb59 branch from ff0faf7 to 58f64aa Compare May 14, 2026 02:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants