Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BREAKING CHANGE introduced by dependency lxml 5.2.0 #38

Closed
waldeck-dev opened this issue Mar 31, 2024 · 0 comments · Fixed by #39
Closed

BREAKING CHANGE introduced by dependency lxml 5.2.0 #38

waldeck-dev opened this issue Mar 31, 2024 · 0 comments · Fixed by #39

Comments

@waldeck-dev
Copy link
Contributor

Hello there,

The lxml dependency recently introduced a breaking change wit new release 5.2.0 (https://github.com/lxml/lxml/releases/tag/lxml-5.2.0)

* LP#1958539: The ``lxml.html.clean`` implementation suffered from several (only if used)
  security issues in the past and was now extracted into a separate library:

  https://github.com/fedora-python/lxml_html_clean

  Projects that use lxml without "lxml.html.clean" will not notice any difference,
  except that they won't have potentially vulnerable code installed.
  The module is available as an "extra" setuptools dependency "lxml[html_clean]",
  so that Projects that need "lxml.html.clean" will need to switch their requirements
  from "lxml" to "lxml[html_clean]", or install the new library themselves.

As mentionned in the release note, the quick fix would be to install lxml[html_clean].

waldeck-dev added a commit to waldeck-dev/html-sanitizer that referenced this issue Mar 31, 2024
Fixes matthiask#38

New verion of `lxml` (5.2.0) extracted the `lxml.html.clean` implementation into a separate library.
This commit switches dependency from `lxml` to `lxml[html_clean]`.

Signed-off-by: Valentin <valentin@waldeck.dev>
matthiask added a commit that referenced this issue Apr 1, 2024
* Use dependency `lxml[html_clean]`

Fixes #38

New verion of `lxml` (5.2.0) extracted the `lxml.html.clean` implementation into a separate library.
This commit switches dependency from `lxml` to `lxml[html_clean]`.

Signed-off-by: Valentin <valentin@waldeck.dev>

* Update pyproject.toml

---------

Signed-off-by: Valentin <valentin@waldeck.dev>
Co-authored-by: Matthias Kestenholz <mk@feinheit.ch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant