Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BREAKING CHANGE introduced by dependency lxml 5.2.0 #38

Closed
waldeck-dev opened this issue Mar 31, 2024 · 0 comments · Fixed by #39
Closed

BREAKING CHANGE introduced by dependency lxml 5.2.0 #38

waldeck-dev opened this issue Mar 31, 2024 · 0 comments · Fixed by #39

Comments

@waldeck-dev
Copy link
Contributor

Hello there,

The lxml dependency recently introduced a breaking change wit new release 5.2.0 (https://github.com/lxml/lxml/releases/tag/lxml-5.2.0)

* LP#1958539: The ``lxml.html.clean`` implementation suffered from several (only if used)
  security issues in the past and was now extracted into a separate library:

  https://github.com/fedora-python/lxml_html_clean

  Projects that use lxml without "lxml.html.clean" will not notice any difference,
  except that they won't have potentially vulnerable code installed.
  The module is available as an "extra" setuptools dependency "lxml[html_clean]",
  so that Projects that need "lxml.html.clean" will need to switch their requirements
  from "lxml" to "lxml[html_clean]", or install the new library themselves.

As mentionned in the release note, the quick fix would be to install lxml[html_clean].
waldeck-dev added a commit to waldeck-dev/html-sanitizer that referenced this issue Mar 31, 2024
@waldeck-dev
Use dependency lxml[html_clean]
4149747 
Fixes matthiask#38

New verion of `lxml` (5.2.0) extracted the `lxml.html.clean` implementation into a separate library.
This commit switches dependency from `lxml` to `lxml[html_clean]`.

Signed-off-by: Valentin <valentin@waldeck.dev>
@waldeck-dev waldeck-dev mentioned this issue Mar 31, 2024
Merged
matthiask added a commit that referenced this issue Apr 1, 2024
@waldeck-dev @matthiask
Use dependency lxml[html_clean] (#39)
83d24a1 
* Use dependency `lxml[html_clean]`

Fixes #38

New verion of `lxml` (5.2.0) extracted the `lxml.html.clean` implementation into a separate library.
This commit switches dependency from `lxml` to `lxml[html_clean]`.

Signed-off-by: Valentin <valentin@waldeck.dev>

* Update pyproject.toml

---------

Signed-off-by: Valentin <valentin@waldeck.dev>
Co-authored-by: Matthias Kestenholz <mk@feinheit.ch>
@waldeck-dev waldeck-dev mentioned this issue Apr 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use dependency lxml[html_clean] waldeck-dev/html-sanitizer
1 participant
@waldeck-dev