This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [lxml](https://lxml.de/)
([source](https://redirect.github.com/lxml/lxml),
[changelog](https://git.launchpad.net/lxml/plain/CHANGES.txt)) |
`>=4.5.0,<6.0.0` -> `>=4.5.0,<6.1.0` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>lxml/lxml (lxml)</summary>
###
[`v6.0.0`](https://redirect.github.com/lxml/lxml/blob/HEAD/CHANGES.txt#600-2025-06-26)
[Compare
Source](https://redirect.github.com/lxml/lxml/compare/lxml-5.4.0...lxml-6.0.0)
\==================
## Features added
- [GH#463](https://redirect.github.com/GH/lxml/issues/463):
`lxml.html.diff` is faster and provides structurally better diffs.
Original patch by Steven Fernandez.
- [GH#405](https://redirect.github.com/GH/lxml/issues/405): The
factories `Element` and `ElementTree` can now be used in type hints.
- [GH#448](https://redirect.github.com/GH/lxml/issues/448): Parsing from
`memoryview` and other buffers is supported to allow zero-copy parsing.
- [GH#437](https://redirect.github.com/GH/lxml/issues/437):
`lxml.html.builder` was missing several HTML5 tag names.
Patch by Nick Tarleton.
- [GH#458](https://redirect.github.com/GH/lxml/issues/458): `CDATA` can
now be written into the incremental `xmlfile()` writer.
Original patch by Lane Shaw.
- A new parser option `decompress=False` was added that controls the
automatic
input decompression when using libxml2 2.15.0 or later. Disabling this
option
by default will effectively prevent decompression bombs when handling
untrusted
input. Code that depends on automatic decompression must enable this
option.
Note that libxml2 2.15.0 was not released yet, so this option currently
has no
effect but can already be used.
- The set of compile time / runtime supported libxml2 feature names is
available as
`etree.LIBXML_COMPILED_FEATURES` and `etree.LIBXML_FEATURES`.
This currently includes
`catalog`, `ftp`, `html`, `http`, `iconv`, `icu`,
`lzma`, `regexp`, `schematron`, `xmlschema`, `xpath`, `zlib`.
## Bugs fixed
- [GH#353](https://redirect.github.com/GH/lxml/issues/353): Predicates
in `.find*()` could mishandle tag indices if a default namespace is
provided.
Original patch by Luise K.
- [GH#272](https://redirect.github.com/GH/lxml/issues/272): The `head`
and `body` properties of `lxml.html` elements failed if no such element
was found. They now return `None` instead.
Original patch by FVolral.
- Tag names provided by code (API, not data) that are longer than
`INT_MAX`
could be truncated or mishandled in other ways.
- `.text_content()` on `lxml.html` elements accidentally returned a
"smart string"
without additional information. It now returns a plain string.
- [LP#2109931](https://redirect.github.com/LP/lxml/issues/2109931): When
building lxml with coverage reporting, it now disables the
`sys.monitoring`
support due to the lack of support
i[https://github.com/nedbat/coveragepy/issues/1790](https://redirect.github.com/nedbat/coveragepy/issues/1790)90
## Other changes
- Support for Python < 3.8 was removed.
- Parsing directly from zlib (or lzma) compressed data is now considered
an optional
feature in lxml. It may get removed from libxml2 at some point for
security reasons
(compression bombs) and is therefore no longer guaranteed to be
available in lxml.
As of this release, zlib support is still normally available in the
binary wheels
but may get disabled or removed in later (x.y.0) releases. To test the
availability,
use `"zlib" in etree.LIBXML_FEATURES`.
- The `Schematron` class is deprecated and will become non-functional in
a future lxml version.
The feature will soon be removed from libxml2 and stop being available.
- [GH#438](https://redirect.github.com/GH/lxml/issues/438): Wheels
include the `arm7l` target.
- [GH#465](https://redirect.github.com/GH/lxml/issues/465): Windows
wheels include the `arm64` target.
Patch by Finn Womack.
- Binary wheels use the library versions libxml2 2.14.4 and libxslt
1.1.43.
Note that this disables direct HTTP and FTP support for parsing from
URLs.
Use Python URL request tools instead (which usually also support HTTPS).
To test the availability, use `"http" in etree.LIBXML_FEATURES`.
- Windows binary wheels use the library versions libxml2 2.11.9, libxslt
1.1.39 and libiconv 1.17.
They are now based on VS-2022.
- Built using Cython 3.1.2.
- The debug methods `MemDebug.dump()` and `MemDebug.show()` were removed
completely.
libxml2 2.13.0 discarded this feature.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/libretime/libretime).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS41MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuNTEuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicHl0aG9uIl19-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [lxml](https://lxml.de/) ([source](https://togithub.com/lxml/lxml),
[changelog](https://git.launchpad.net/lxml/plain/CHANGES.txt)) |
`>=4.5.0,<4.10.0` -> `>=4.5.0,<5.1.0` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>lxml/lxml (lxml)</summary>
###
[`v5.0.0`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#500-2023-12-29)
[Compare
Source](https://togithub.com/lxml/lxml/compare/lxml-4.9.4...lxml-5.0.0)
\==================
## Features added
- Character escaping in `C14N2` serialisation now uses a single pass
over the text
instead of searching for each unescaped character separately.
- Early support for Python 3.13a2 was added.
## Bugs fixed
- [LP#1976304](https://togithub.com/LP/lxml/issues/1976304): The
`Element.addnext()` method previously inserted the new element
before existing tail text. The tail text of both sibling elements now
stays on
the respective elements.
- [LP#1980767](https://togithub.com/LP/lxml/issues/1980767),
[GH#379](https://togithub.com/GH/lxml/issues/379): `TreeBuilder.close()`
could fail with a `TypeError` after
parsing incorrect input. Original patch by Enrico Minack.
- `Element.itertext(with_tail=False)` returned the tail text of comments
and
processing instructions, despite the explicit option.
- [GH#370](https://togithub.com/GH/lxml/issues/370): A crash with recent
libxml2 2.11.x versions was resolved.
Patch by Michael Schlenker.
- A compile problem with recent libxml2 2.12.x versions was resolved.
- The internal exception handling in C callbacks was improved for Cython
3.0.
- The exception declarations of `xmlInputReadCallback`,
`xmlInputCloseCallback`,
`xmlOutputWriteCallback` and `xmlOutputCloseCallback` in `tree.pxd` were
corrected to prevent running Python code or calling into the C-API with
a live
exception set.
- [GH#385](https://togithub.com/GH/lxml/issues/385): The long deprecated
`unittest.m̀akeSuite()` function is no longer used.
Patch by Miro Hrončok.
- [LP#1522052](https://togithub.com/LP/lxml/issues/1522052): A
file-system specific test is now optional and should no longer fail
on systems that don't support it.
- [GH#392](https://togithub.com/GH/lxml/issues/392): Some tests were
adapted for libxml2 2.13.
Patch by Nick Wellnhofer.
- Contains all fixes from lxml 4.9.4.
## Other changes
- [LP#1742885](https://togithub.com/LP/lxml/issues/1742885): lxml no
longer expands external entities (XXE) by default to prevent
the security risk of loading arbitrary files and URLs. If this feature
is needed,
it can be enabled in a backwards compatible way by using a parser with
the option
`resolve_entities=True`. The new default is
`resolve_entities='internal'`.
- With libxml2 2.10.4 and later (as provided by the lxml 5.0 binary
wheels),
parsing HTML tags with "prefixes" no longer builds a namespace
dictionary
in `nsmap` but considers the `prefix:name` string the actual tag name.
With older libxml2 versions, since 2.9.11, the prefix was removed.
Before
that, the prefix was parsed as XML prefix.
lxml 5.0 does not try to hide this difference but now changes the
ElementPath
implementation to let `element.find("part1:part2")` search for the tag
`part1:part2` in documents parsed as HTML, instead of looking only for
`part2`.
- [LP#2024343](https://togithub.com/LP/lxml/issues/2024343): The
validation of the schema file itself is now optional in the
ISO-Schematron implementation. This was done because some lxml
distributions
discard the RNG validation schema file due to licensing issues. The
validation
can now always be disabled with `Schematron(...,
validate_schema=False)`.
It is enabled by default if available and disabled otherwise. The module
constant `lxml.isoschematron.schematron_schema_valid_supported` can be
used
to detect whether schema file validation is available.
- Some redundant and long deprecated methods were removed:
`parser.setElementClassLookup()`,
`xslt_transform.apply()`,
`xpath.evaluate()`.
- Some incorrect declarations were removed from `python.pxd`. In
general, this file
should not be used by external Cython code. Use the C-API declarations
provided by
Cython itself instead.
- Binary wheels use the library versions libxml2 2.12.3 and libxslt
1.1.39.
- Built with Cython 3.0.7, updated to follow recent changes in Cython
3.1-dev.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/libretime/libretime).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
This forces to use the same version as the worker.
Previously playout installed kombu>=5.2 and got instanlty
reverted back to 4.6.11 when the worker was installed.
