0ef147457f
- Update to 1.0.2 * allow DOCTYPE with disable_entities=True (default) - from version 1.0.1 * fail closed when entities disabled * validate XML comments * add SECURITY.md * clarify behavior for empty lists * clarify process_comments docs * clarify strip whitespace comment behavior * create AGENTS.md for coding agents * replace travis with actions badge * update CONTRIBUTING.md - Drop skip-tests-expat-245.patch, no longer required
Nico Krapp2025-11-25 09:11:48 +00:00
e9aad3801e
Backport fix for CVE-2025-9375
slfo-main
John Paul Adrian Glaubitz
2025-11-18 11:28:55 +01:00
b16146e9fa
Accepting request 1304458 from devel:languages:python
Ana Guerrero2025-09-14 16:48:28 +00:00
d27e9ab086
- Update to version 1.0.0 BREAKING CHANGES * modernize for Python 3.9+; drop legacy compat paths. Features * unparse: add limited XML comment round-trip; unify _emit behavior (e43537e). * unparse: add selective force_cdata support (bool/tuple/callable) (a497fed), closes#375. Bug Fixes * namespaces: attach [@xmlns](https://github.com/xmlns) to declaring element when process_namespaces=True. * streaming: avoid parent accumulation at item_depth; add regression tests (220240c). * unparse: handle non-string #text with attributes; unify value conversion (927a025). * unparse: skip empty lists to keep pretty/compact outputs consistent (ab4c86f). Reverts * remove initial Release Drafter config (c0b74ed).
Matej Cepl2025-09-12 21:38:12 +00:00
2ac66af257
Accepting request 1303377 from devel:languages:python
Ana Guerrero2025-09-10 15:30:07 +00:00
062fb6b9ef
- Update to version 0.15.1 * Security: Further harden XML injection prevention during unparse (follow-up to v0.15.0). In addition to '<'/'>' rejection, now also reject element and attribute names (including @xmlns prefixes) that: - start with '?' or '!' - contain '/' or any whitespace - contain quotes (' or ") or '=' - are non-strings (names must be str; no coercion)
Markéta Machová2025-09-09 15:24:39 +00:00
8774443f52
- Update to version 0.15.0 * Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including @xmlns prefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAX XMLGenerator. (bsc#1249036, CVE-2025-9375)
Markéta Machová2025-09-08 11:41:21 +00:00
a0b7635925
- Update to version 0.14.2 * Revert "Ensure significant whitespace is not trimmed" This changed was backwards incompatible and caused downstream issues. - Update to version 0.14.1 * Drop support for Python older than 3.6 * Additional ruff/Pyflakes/codespell fixes. - Update to version 0.14.0 * Drop old Python 2 support leftover code and apply several RUFF code health fixes. * Add Python 3.11, 3.12 and 3.13 support and tests. * Remove defusedexpat import. * Replace deprecated BadZipfile with BadZipFile. * Support indent using integer format, enable python -m unittest tests/*.py. * Ensure significant whitespace is not trimmed * added conda installation command * fix attributes not appearing in streaming mode
Dirk Mueller2024-10-29 17:03:36 +00:00
331c6949ae
Accepting request 1146209 from devel:languages:python
Ana Guerrero2024-02-15 19:58:36 +00:00
7bd57a1364
- update to 0.13.0: * Add install info to readme for openSUSE. (#205) * Support defaultdict for namespace mapping (#211) * parse(generator) is now possible (#212) * Processing comments on parsing from xml to dict (connected to #109) (#221) * Add expand_iter kw to unparse to expand iterables (#213) * Fixed some typos * Add support for python3.8 * Drop Jython/Python 2 and add Python 3.9/3.10. * Drop OrderedDict in Python >= 3.7 * Do not use len() to determine if a sequence is empty * Add more namespace attribute tests * Fix encoding issue in setup.py
Dirk Mueller2022-06-19 17:48:25 +00:00
Ana Guerrero
Nico Krapp
John Paul Adrian Glaubitz
Matej Cepl
Markéta Machová
Dominique Leuenberger
Dirk Mueller
Steve Kowalik
Tomáš Chvátal
Todd R
Jan Matejek
Michal Čihař