Update all dependencies #1717
Open
Update all dependencies #1717
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently t
8000
han what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
a48170b to
0d19d30
Compare
894137b to
0cee7c7
Compare
08c6204 to
0489443
Compare
0489443 to
468a448
Compare
0438c54 to
2f6fbb4
Compare
b1255e4 to
f024744
Compare
f024744 to
61806d2
Compare
2fdad22 to
c5ce1eb
Compare
09ffc7d to
58fe601
Compare
ebe70c8 to
8f9a060
Compare
8f9a060 to
0d6e8c3
Compare
62af0c5 to
e6befb9
Compare
fa21a22 to
154fcd8
Compare
7917b89 to
bcf8c6b
Compare
e01a21f to
9800282
Compare
9800282 to
6d052a5
Compare
84ce216 to
136d417
Compare
136d417 to
28c3584
Compare
bf7bc75 to
f11b92c
Compare
f11b92c to
022ea12
Compare
db421ed to
f66284a
Compare
52d9d49 to
3fdae84
Compare
efe48ed to
8ad13a9
Compare
37dda12 to
294382c
Compare
fb77d88 to
f8282d0
Compare
2a74191 to
82567f8
Compare
82567f8 to
11ea191
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
8ade135->11bd719v3->v4v4->v5v3->v4==0.10.3->==0.12.1==4.56.0->==4.58.0v2->v3==4.9.3->==5.4.0v2.21.1->v2.23.33.11->3.133.9->3.13v1->v2==1.13.1->==1.13.3Release Notes
actions/download-artifact (actions/download-artifact)
v4Compare Source
actions/setup-python (actions/setup-python)
v5Compare Source
actions/upload-artifact (actions/upload-artifact)
v4Compare Source
robotools/defcon (defcon)
v0.12.1Compare Source
What's Changed
Full Changelog: robotools/defcon@0.12.0...0.12.1
v0.12.0Compare Source
What's Changed
Full Changelog: robotools/defcon@0.11.0...0.12.0
v0.11.0Compare Source
What's Changed
.readthedocs.yamlby @roberto-arista in https://github.com/robotools/defcon/pull/451New Contributors
Full Changelog: robotools/defcon@0.10.3...0.11.0
fonttools/fonttools (fontTools)
v4.58.0Compare Source
GVARtable (#3728)AttributeErrorwhen reporting table overflow (#3808)<NULL>in single pos lookups (#3803)instead of silently ignoring it (#3811)
fonttools voltLibcommand line tool to compile VOLT sources directly (doing an intermediate fea conversion internally) (#3818)v4.57.0Compare Source
ttLib.__main__] Add--no-recalc-timestampflag (#3771)ttLib.__main__] Add-b(recalcBBoxes=False) flag (#3772)ttLib.__main__] Improvements around the-tflag (#3776)GPOS(#3794)github/codeql-action (github/codeql-action)
v3Compare Source
lxml/lxml (lxml)
v5.4.0Compare Source
==================
Bugs fixed
(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)
Issue found by Anatoly Katyushin.
v5.3.2Compare Source
==================
This release resolves CVE-2025-24928 as described in
https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
Bugs fixed
Binary wheels use libxml2 2.12.10 and libxslt 1.1.42.
Binary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39.
v5.3.1Compare Source
==================
Bugs fixed
GH#440: Some tests were adapted for libxml2 2.14.0.
Patch by Nick Wellnhofer.
LP#2097175:
DTD(external_id="…")erroneously required a byte string as ID value.GH#450:
iterparse()internally triggered the `DeprecationWarning`` added in lxml 5.3.0 when parsing HTML.Other changes
-flat_namespace.v5.3.0Compare Source
==================
Features added
CDATAsections are no longer rejected but split on outputto represent
]]>correctly.Patch by Gertjan Klein.
Bugs fixed
LP#2060160: Attribute values serialised differently in
xmlfile.element()andxmlfile.write().LP#2058177: The ISO-Schematron implementation could fail on unknown prefixes.
Patch by David Lakin.
Other changes
LP#2067707: The
strip_cdataoption inHTMLParser()turned out to be useless and is now deprecated.Binary wheels use the library versions libxml2 2.12.9 and libxslt 1.1.42.
Windows binary wheels use the library versions libxml2 2.11.8 and libxslt 1.1.39.
Built with Cython 3.0.11.
v5.2.2Compare Source
==================
Bugs fixed
GH#417: The
test_feed_parsertest could fail iflxml_html_cleanwas not installed.It is now skipped in that case.
LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to
"core2", without SSE 4.2.
If libxml2 uses iconv, the compile time version is available as
etree.ICONV_COMPILED_VERSION.v5.2.1Compare Source
==================
Bugs fixed
LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to
"core2", but with SSE 4.2 enabled.
LP#2059977:
Element.iterfind("//absolute_path")failed with aSyntaxErrorwhere it should have issued a warning.
GH#416: The documentation build was using the non-standard
whichcommand.Patch by Michał Górny.
v5.2.0Compare Source
==================
Other changes
LP#1958539: The
lxml.html.cleanimplementation suffered from several (only if used)security issues in the past and was now extracted into a separate library:
https://github.com/fedora-python/lxml_html_clean
Projects that use lxml without "lxml.html.clean" will not notice any difference,
except that they won't have potentially vulnerable code installed.
The module is available as an "extra" setuptools dependency "lxml[html_clean]",
so that Projects that need "lxml.html.clean" will need to switch their requirements
from "lxml" to "lxml[html_clean]", or install the new library themselves.
The minimum CPU architecture for the Linux x86 binary wheels was upgraded to
"sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.
Built with Cython 3.0.10.
v5.1.1Compare Source
==================
Bugs fixed
LP#2048920:
iterlinks()inlxml.htmlrejectedbytesinput in 5.1.0.High source line numbers from the parser are no longer truncated
(up to a C
long) when using libxml2 2.11 or later.Other changes
GH#407: A compatibility test was adapted to recent expat versions.
Patch by Miro Hrončok.
Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39.
Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39.
Built with Cython 3.0.9.
v5.1.0Compare Source
==================
Features added
Bugs fixed
Cleaner()interpreted an accidentally provided string parameterfor the
host_whitelistas list of characters and silently failed to reject any hosts.Passing a non-collection is now rejected.
Other changes
Support for Python 2.7 and Python versions < 3.6 was removed.
The wheel build was migrated to use
cibuildwheel.Patch by Primož Godec.
v5.0.2Compare Source
==================
Other changes
GH#407: A compatibility test was adapted to recent expat versions.
Patch by Miro Hrončok.
Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39.
Built with Cython 3.0.9.
v5.0.1Compare Source
==================
Bugs fixed
LP#2046208: Parsing non-BMP Python Unicode strings could fail on macOS.
LP#2044225: When incrementally parsing broken HTML, reporting start events on
missing structural tags failed and could lead to subsequent exceptions.
LP#2045435: Some (not all) issues with stricter C compilers were resolved.
The binary wheels in the 5.0.0 release did not validate cleanly (but installed ok).
.. _latest_release:
v5.0.0Compare Source
==================
Features added
Character escaping in
C14N2serialisation now uses a single pass over the textinstead of searching for each unescaped character separately.
Early support for Python 3.13a2 was added.
Bugs fixed
LP#1976304: The
Element.addnext()method previously inserted the new elementbefore existing tail text. The tail text of both sibling elements now stays on
the respective elements.
LP#1980767, GH#379:
TreeBuilder.close()could fail with aTypeErrorafterparsing incorrect input. Original patch by Enrico Minack.
Element.itertext(with_tail=False)returned the tail text of comments andprocessing instructions, despite the explicit option.
GH#370: A crash with recent libxml2 2.11.x versions was resolved.
Patch by Michael Schlenker.
A compile problem with recent libxml2 2.12.x versions was resolved.
The internal exception handling in C callbacks was improved for Cython 3.0.
The exception declarations of
xmlInputReadCallback,xmlInputCloseCallback,xmlOutputWriteCallbackandxmlOutputCloseCallbackintree.pxdwerecorrected to prevent running Python code or calling into the C-API with a live
exception set.
GH#385: The long deprecated
unittest.m̀akeSuite()function is no longer used.Patch by Miro Hrončok.
LP#1522052: A file-system specific test is now optional and should no longer fail
on systems that don't support it.
GH#392: Some tests were adapted for libxml2 2.13.
Patch by Nick Wellnhofer.
Contains all fixes from lxml 4.9.4.
Other changes
LP#1742885: lxml no longer expands external entities (XXE) by default to prevent
the security risk of loading arbitrary files and URLs. If this feature is needed,
it can be enabled in a backwards compatible way by using a parser with the option
resolve_entities=True. The new default isresolve_entities='internal'.With l 10000 ibxml2 2.10.4 and later (as provided by the lxml 5.0 binary wheels),
parsing HTML tags with "prefixes" no longer builds a namespace dictionary
in
nsmapbut considers theprefix:namestring the actual tag name.With older libxml2 versions, since 2.9.11, the prefix was removed. Before
that, the prefix was parsed as XML prefix.
lxml 5.0 does not try to hide this difference but now changes the ElementPath
implementation to let
element.find("part1:part2")search for the tagpart1:part2in documents parsed as HTML, instead of looking only forpart2.LP#2024343: The validation of the schema file itself is now optional in the
ISO-Schematron implementation. This was done because some lxml distributions
discard the RNG validation schema file due to licensing issues. The validation
can now always be disabled with
Schematron(..., validate_schema=False).It is enabled by default if available and disabled otherwise. The module
constant
lxml.isoschematron.schematron_schema_valid_supportedcan be usedto detect whether schema file validation is available.
Some redundant and long deprecated methods were removed:
parser.setElementClassLookup(),xslt_transform.apply(),xpath.evaluate().Some incorrect declarations were removed from
python.pxd. In general, this fileshould not be used by external Cython code. Use the C-API declarations provided by
Cython itself instead.
Binary wheels use the library versions libxml2 2.12.3 and libxslt 1.1.39.
Built with Cython 3.0.7, updated to follow recent changes in Cython 3.1-dev.
v4.9.4Compare Source
==================
Bugs fixed
LP#2046398: Inserting/replacing an ancestor into a node's children could loop indefinitely.
LP#1980767, GH#379:
TreeBuilder.close()could fail with aTypeErrorafterparsing incorrect input. Original patch by Enrico Minack.
LP#1522052: A file-system specific test is now optional and should no longer fail
on systems that don't support it.
Other changes
Wheels include zlib 1.3, libxml2 2.10.3 and libxslt 1.1.39
(zlib 1.2.12, libxml2 2.10.3 and libxslt 1.1.37 on Windows).
Built with Cython 0.29.37.
pypa/cibuildwheel (pypa/cibuildwheel)
v2.23.3Compare Source
v2.23.2Compare Source
v2.23.1Compare Source
manylinux1,manylinux2010,manylinux_2_24, andmusllinux_1_1are used to specify the images in linux builds. The shorthand to these (unmaintainted) images will be removed in v3.0. If you want to keep using these images, explicitly opt-in using the full image URL, which can be found in this file. (#2312)v2.23.0Compare Source
v2.22.0: Version 2.22.0Compare Source
CIBW_ENABLE/enablefeature that replacesCIBW_FREETHREADED_SUPPORT/free-threaded-supportandCIBW_PRERELEASE_PYTHONSwith a system that supports both. In cibuildwheel 3, this will also include a PyPy setting and the deprecated options will be removed. (#2048)CIBW_TEST_GROUPS/test-groupsto specify groups in[dependency-groups]for testing. (#2063)CIBW_BEFORE_ALL/before-allon linux, replacing 3.8, which is now EoL (#2043)uname -mfails on ARM (#2049)manylinux-interpreters ensurefails (#2066)v2.21.3Compare Source
v2.21.2Compare Source
armv7lto try it out if you're interested! (#2017)Note: the default manylinux image is scheduled to change from
manylinux2014tomanylinux_2_28in a cibuildwheel release on or after 6th May 2025 - you can set the value now to avoid getting upgraded if you want. (#1992)actions/python-versions (python)
v3.13.3: 3.13.3Compare Source
Python 3.13.3
v3.13.2: 3.13.2Compare Source
Python 3.13.2
v3.13.1: 3.13.1Compare Source
Python 3.13.1
v3.13.0: 3.13.0Compare Source
Python 3.13.0
v3.12.10: 3.12.10Compare Source
Python 3.12.10
v3.12.9: 3.12.9Compare Source
Python 3.12.9
v3.12.8: 3.12.8Compare Source
Python 3.12.8
v3.12.7: 3.12.7Compare Source
Python 3.12.7
v3.12.6: 3.12.6Compare Source
Python 3.12.6
v3.12.5: 3.12.5Compare Source
Python 3.12.5
v3.12.4: 3.12.4Compare Source
Python 3.12.4
v3.12.3: 3.12.3Compare Source
Python 3.12.3
v3.12.2: 3.12.2Compare Source
Python 3.12.2
v3.12.1: 3.12.1Compare Source
Python 3.12.1
v3.12.0: 3.12.0Compare Source
Python 3.12.0
softprops/action-gh-release (softprops/action-gh-release)
v2Compare Source
LettError/ufoProcessor (ufoProcessor)
v1.13.3Compare Source
Fix issue 68
v1.13.2: FixesCompare Source
Provide access to
addLocationLabelandaddLocationLabelDescriptor. These are already present in the FontTools DesignspaceLib.Add a method
startLogto be called when we want to see the log after starting without debug.Fixes an issue with
locationToDescriptiveString: check if the discrete location isNoneself.loadFonts()added togenerateUFOs(),makeInstance,makeOneInstance,makeFontProportions,makeOneGlyph,makeOneInfo,makeOneKerning. Because it is not always clear whether the fonts were indeed loaded. I acknowledge this is a small overhead, but it seems justified by the time spent in confusion if it is not called.Round the instance kerning data when asked.
Respect the glyphnames listed in font.lib
public.skipExportGlyphswhen making UFO. This creates a mechanism to remove specific glyphs from output, to allow test fonts to be made from designspaces that contain incomplete, unfinished glyphs.Version upped to 1.13.2.
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.