chore(deps): bump lxml from 6.1.0 to 6.1.1
Open
Number: #5
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 4
dependabot[bot]Association: Unknown
Comments: 4
Created:
May 28, 2026 at 08:56 PM UTC
(5 days ago)
(5 days ago)
Updated:
May 31, 2026 at 04:50 AM UTC
(2 days ago)
(2 days ago)
Labels:
dependencies python:uv dependabot-approved
dependencies python:uv dependabot-approved
Description:
Bumps lxml from 6.1.0 to 6.1.1.
Changelog
Sourced from lxml's changelog.
6.1.1 (2026-05-18)
Bugs fixed
The known link attributes in
lxml.html.defs.link_attrswere missingxlink:href, which can be used for URL bypass attacks in embedded SVG/MathML/etc. content. https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739fThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.
The Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.
Commits
b4a4c59Build: Fix build in Py3.8.a116dcbFix typo: type annotions -> type annotations in PEP 560 comments (GH-504)7287a75Prepare release of 6.1.1.5927a6dAdd missing "xlink:href" to the known HTML link attributes.23efeb4Build: Fix build in Py3.8.2c0563bBuild: Add bug patch for libxslt 1.1.43 and apply it during the static librar...8a35fccFix doctest in PyPy3.9.- See full diff in compare view
Package Dependencies
Technical Details
| ID: | 15967769 |
| UUID: | 4543760423 |
| Node ID: | PR_kwDOSqs-LM7gZ0sS |
| Host: | GitHub |
| Repository: | TechMatrix-labs/pythinker-code |