- update to 0.4.5 (bsc#1270285, CVE-2026-49825): * Fixed a security vulnerability where javascript: URLs in xlink:href attributes were not sanitized when``safe_attrs_only=False``, allowing cross-site scripting (XSS) attacks. The fix requires lxml>=6.1.1, which adds xlink:href to the set of link attributes iterated by rewrite_links(). Reported by Guillem Lefait (@glefait). OBS-URL: https://build.opensuse.org/request/show/1363833 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-lxml_html_clean?expand=0&rev=6