FFe updating lxml to the 5.2.1 release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxml (Ubuntu) |
Fix Committed
|
Undecided
|
Unassigned | ||
pandas (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
readability (Ubuntu) |
Triaged
|
Undecided
|
Unassigned |
Bug Description
updating lxml to the 5.2.1 release allows us to gid rid off the lxml-html-clean module into a separate package lxmö-html-clean (already in noble), and demote it to universe This module is responsible for almost all CVEs in lxml in the past years.
Changes in 5.2.1 compared to 5.1.0:
5.2.1 (2024-04-02)
==================
Bugs fixed
----------
* LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to
"core2", but with SSE 4.2 enabled.
* LP#2059977: ``Element.
where it should have issued a warning.
* GH#416: The documentation build was using the non-standard ``which`` command.
Patch by Michał Górny.
5.2.0 (2024-03-30)
==================
Other changes
-------------
* LP#1958539: The ``lxml.html.clean`` implementation suffered from several (only if used)
security issues in the past and was now extracted into a separate library:
https:/
Projects that use lxml without "lxml.html.clean" will not notice any difference,
except that they won't have potentially vulnerable code installed.
The module is available as an "extra" setuptools dependency "lxml[html_clean]",
so that Projects that need "lxml.html.clean" will need to switch their requirements
from "lxml" to "lxml[html_clean]", or install the new library themselves.
* The minimum CPU architecture for the Linux x86 binary wheels was upgraded to
"sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.
* Built with Cython 3.0.10.
Changed in lxml (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in pandas (Ubuntu): | |
status: | New → Triaged |
Changed in readability (Ubuntu): | |
status: | New → Triaged |
this change will need minor changes in two depending packages.