Commit bb47541
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
build(deps): bump lxml from 5.3.0 to 6.1.0 in /sdk-platform-java/hermetic_build/library_generation (#12887)
Bumps [lxml](https://github.com/lxml/lxml) from 5.3.0 to 6.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lxml/lxml/releases">lxml's
releases</a>.</em></p>
<blockquote>
<h2>lxml-6.1.0</h2>
<p>No release notes provided.</p>
<h2>lxml-6.0.4</h2>
<p>No release notes provided.</p>
<h2>lxml-6.0.3</h2>
<p>No release notes provided.</p>
<h2>lxml-6.0.2</h2>
<p>No release notes provided.</p>
<h2>lxml-6.0.1</h2>
<p>No release notes provided.</p>
<h2>lxml-6.0.0</h2>
<p>No release notes provided.</p>
<h2>lxml-5.4.0</h2>
<h1>5.4.0 (2025-04-22)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to
resolve several CVEs.
(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and
libxslt 1.1.39.)
Issue found by Anatoly Katyushin, see <a
href="https://bugs.launchpad.net/lxml/+bug/2107279">https://bugs.launchpad.net/lxml/+bug/2107279</a></li>
</ul>
<h2>lxml-5.3.2</h2>
<p>No release notes provided.</p>
<h2>lxml-5.3.1</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's
changelog</a>.</em></p>
<blockquote>
<h1>6.1.0 (2026-04-17)</h1>
<p>This release fixes a possible external entity injection (XXE)
vulnerability in
<code>iterparse()</code> and the <code>ETCompatXMLParser</code>.</p>
<h2>Features added</h2>
<ul>
<li>
<p>GH#486: The HTML ARIA accessibility attributes were added to the set
of safe attributes
in <code>lxml.html.defs</code>. This allows <code>lxml_html_clean</code>
to pass them through.
Patch by oomsveta.</p>
</li>
<li>
<p>The default chunk size for reading from file-likes in
<code>iterparse()</code> is now configurable
with a new <code>chunk_size</code> argument.</p>
</li>
</ul>
<h2>Bugs fixed</h2>
<ul>
<li>LP#2146291: The <code>resolve_entities</code> option was still set
to <code>True</code> for
<code>iterparse</code> and <code>ETCompatXMLParser</code>, allowing for
external entity injection (XXE)
when using these parsers without setting this option explicitly.
The default was now changed to <code>'internal'</code> only (as for the
normal XML and HTML parsers
since lxml 5.0).
Issue found by Sihao Qiu as CVE-2026-41066.</li>
</ul>
<h1>6.0.4 (2026-04-12)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>LP#2148019: Spurious MemoryError during namespace cleanup.</li>
</ul>
<h1>6.0.3 (2026-04-09)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>
<p>Several out of memory error cases now raise <code>MemoryError</code>
that were not handled before.</p>
</li>
<li>
<p>Slicing with large step values (outside of <code>+/-
sys.maxsize</code>) could trigger undefined C behaviour.</p>
</li>
<li>
<p>LP#2125399: Some failing tests were fixed or disabled in PyPy.</p>
</li>
<li>
<p>LP#2138421: Memory leak in error cases when setting the
<code>public_id</code> or <code>system_url</code> of a document.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be"><code>43722f4</code></a>
Update changelog.</li>
<li><a
href="https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa"><code>8747040</code></a>
Name version of option change in docstring.</li>
<li><a
href="https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7"><code>6c36e6c</code></a>
Fix pypistats URL in download statistics script.</li>
<li><a
href="https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0"><code>c7d76d6</code></a>
Change security policy to point to Github security advisories.</li>
<li><a
href="https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42"><code>378ccf8</code></a>
Update project income report.</li>
<li><a
href="https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b"><code>315270b</code></a>
Docs: Reduce TOC depth of package pages and move module contents
first.</li>
<li><a
href="https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5"><code>6dbba7f</code></a>
Docs: Show current year in copyright line.</li>
<li><a
href="https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce"><code>e4385bf</code></a>
Update project income report.</li>
<li><a
href="https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8"><code>5bed1e1</code></a>
Validate file hashes in release download script.</li>
<li><a
href="https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1"><code>c13ee10</code></a>
Prepare release of 6.1.0.</li>
<li>Additional commits viewable in <a
href="https://github.com/lxml/lxml/compare/lxml-5.3.0...lxml-6.1.0">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent eacbe28 commit bb47541
2 files changed
Lines changed: 270 additions & 140 deletions
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
4 | | - | |
| 4 | + | |
5 | 5 | | |
0 commit comments