Skip to content

fix(deps): update dependency xmltodict to v1#272

Closed
dreadnode-renovate-bot[bot] wants to merge 1 commit into
mainfrom
renovate/xmltodict-1.x
Closed

fix(deps): update dependency xmltodict to v1#272
dreadnode-renovate-bot[bot] wants to merge 1 commit into
mainfrom
renovate/xmltodict-1.x

Conversation

@dreadnode-renovate-bot
Copy link
Copy Markdown
Contributor

@dreadnode-renovate-bot dreadnode-renovate-bot Bot commented Sep 13, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
xmltodict ^0.13.0 -> ^1.0.0 age confidence

Release Notes

martinblech/xmltodict (xmltodict)

v1.0.2

Compare Source

Bug Fixes
  • allow DOCTYPE with disable_entities=True (default) (25b61a4)

v1.0.1

Compare Source

Bug Fixes
  • fail closed when entities disabled (c986d2d)
  • validate XML comments (3d4d2d3)
Documentation
  • add SECURITY.md (6413023)
  • clarify behavior for empty lists (2025b5c)
  • clarify process_comments docs (6b464fc)
  • clarify strip whitespace comment behavior (b3e2203)
  • create AGENTS.md for coding agents (0da66ee)
  • replace travis with actions badge (2576b94)
  • update CONTRIBUTING.md (db39180)

v1.0.0

Compare Source

⚠ BREAKING CHANGES
  • modernize for Python 3.9+; drop legacy compat paths
Features
  • unparse: add limited XML comment round-trip; unify _emit behavior (e43537e)
  • unparse: add selective force_cdata support (bool/tuple/callable) (a497fed), closes #​375
Bug Fixes
  • namespaces: attach [@xmlns](https://redirect.github.com/xmlns) to declaring element when process_namespaces=True (f0322e5), closes #​163
  • streaming: avoid parent accumulation at item_depth; add regression tests (220240c)
  • unparse: handle non-string #text with attributes; unify value conversion (927a025), closes #​366
  • unparse: skip empty lists to keep pretty/compact outputs consistent (ab4c86f)
Reverts
  • remove initial Release Drafter config (c0b74ed)
Documentation
  • readme: add API reference for parse()/unparse() kwargs (e5039ad)
  • readme: mention types-xmltodict stub package (58ec03e)
Code Refactoring
  • modernize for Python 3.9+; drop legacy compat paths (7364427)

v0.15.1

Compare Source

  • Security: Further harden XML injection prevention during unparse (follow-up to
    v0.15.0). In addition to '<'/'>' rejection, now also reject element and
    attribute names (including @xmlns prefixes) that:
    • start with '?' or '!'
    • contain '/' or any whitespace
    • contain quotes (' or ") or '='
    • are non-strings (names must be str; no coercion)

v0.15.0

Compare Source

  • Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
    element and attribute names (including @xmlns prefixes) during unparse.
    This limits validation to avoiding tag-context escapes; attribute values
    continue to be escaped by the SAX XMLGenerator.
    Advisory: https://fluidattacks.com/advisories/mono

v0.14.2

Compare Source

  • Revert "Ensure significant whitespace is not trimmed"
    • This changed was backwards incompatible and caused downstream issues.

v0.14.1

Compare Source

v0.14.0

Compare Source

  • Drop old Python 2 support leftover code and apply several RUFF code health fixes.
  • Add Python 3.11, 3.12 and 3.13 support and tests.
  • Tests in gh-action.
  • Remove defusedexpat import.
  • Replace deprecated BadZipfile with BadZipFile.
  • Support indent using integer format, enable python -m unittest tests/*.py.
  • Ensure significant whitespace is not trimmed
  • added conda installation command
  • fix attributes not appearing in streaming mode
  • Fix Travis CI status badge URL
  • Update push_release.sh to use twine.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@dreadnode-renovate-bot
fix(deps): update dependency xmltodict to v1
8257ed7 
| datasource | package   | from   | to    |
| ---------- | --------- | ------ | ----- |
| pypi       | xmltodict | 0.13.0 | 1.0.0 |
@dreadnode-renovate-bot
Copy link
Copy Markdown
Contributor Author

dreadnode-renovate-bot Bot commented Sep 13, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock
Updating dependencies
Resolving dependencies...


Package pyairports (2.1.1) not found.

@dreadnode-renovate-bot dreadnode-renovate-bot Bot requested a review from a team as a code owner September 13, 2025 20:05
@dreadnode-renovate-bot dreadnode-renovate-bot Bot added type/digest Dependency digest updates area/python Changes to Python package configuration and dependencies labels Sep 13, 2025
@monoxgas monoxgas closed this Nov 13, 2025
@monoxgas monoxgas deleted the renovate/xmltodict-1.x branch November 13, 2025 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/python Changes to Python package configuration and dependencies type/digest Dependency digest updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@monoxgas