perso/huawei-3G-SMS-API
4
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Releases Wiki Activity

Update dependency xmltodict to v0.15.1 #4

Open
jcabillot wants to merge 1 commits from renovate/xmltodict-0.x into master
pull from: renovate/xmltodict-0.x
merge into: perso:master
Conversation 0 Commits 1 Files Changed 1
+1 -1
jcabillot commented 2026-05-26 20:32:55 -04:00
Owner
Copy Link
Copy Source

This PR contains the following updates:

Package Update Change
xmltodict minor ==0.12.0==0.15.1

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

martinblech/xmltodict (xmltodict)

v0.15.1

Compare Source

  • Security: Further harden XML injection prevention during unparse (follow-up to
    v0.15.0). In addition to '<'/'>' rejection, now also reject element and
    attribute names (including @xmlns prefixes) that:
    • start with '?' or '!'
    • contain '/' or any whitespace
    • contain quotes (' or ") or '='
    • are non-strings (names must be str; no coercion)

v0.15.0

Compare Source

  • Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
    element and attribute names (including @xmlns prefixes) during unparse.
    This limits validation to avoiding tag-context escapes; attribute values
    continue to be escaped by the SAX XMLGenerator.
    Advisory: https://fluidattacks.com/advisories/mono

v0.14.2

Compare Source

  • Revert "Ensure significant whitespace is not trimmed"
    • This changed was backwards incompatible and caused downstream issues.

v0.14.1

Compare Source

v0.14.0

Compare Source

  • Drop old Python 2 support leftover code and apply several RUFF code health fixes.
  • Add Python 3.11, 3.12 and 3.13 support and tests.
  • Tests in gh-action.
  • Remove defusedexpat import.
  • Replace deprecated BadZipfile with BadZipFile.
  • Support indent using integer format, enable python -m unittest tests/*.py.
  • Ensure significant whitespace is not trimmed
  • added conda installation command
  • fix attributes not appearing in streaming mode
  • Fix Travis CI status badge URL
  • Update push_release.sh to use twine.

v0.13.0

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [xmltodict](https://github.com/martinblech/xmltodict) | minor | `==0.12.0` → `==0.15.1` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/3) for more information. --- ### Release Notes <details> <summary>martinblech/xmltodict (xmltodict)</summary> ### [`v0.15.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0151) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.15.0...v0.15.1) - Security: Further harden XML injection prevention during unparse (follow-up to v0.15.0). In addition to '<'/'>' rejection, now also reject element and attribute names (including `@xmlns` prefixes) that: - start with '?' or '!' - contain '/' or any whitespace - contain quotes (' or ") or '=' - are non-strings (names must be `str`; no coercion) ### [`v0.15.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0150) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.2...v0.15.0) - Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including `@xmlns` prefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAX `XMLGenerator`. Advisory: <https://fluidattacks.com/advisories/mono> ### [`v0.14.2`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0142) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.1...v0.14.2) - Revert "Ensure significant whitespace is not trimmed" - This changed was backwards incompatible and caused downstream issues. ### [`v0.14.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0141) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.0...v0.14.1) - Drop support for Python older than 3.6 - Additional ruff/Pyflakes/codespell fixes. - Thanks [@&#8203;DimitriPapadopoulos](https://github.com/DimitriPapadopoulos)! ### [`v0.14.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0140) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.13.0...v0.14.0) - Drop old Python 2 support leftover code and apply several RUFF code health fixes. - Thanks, [@&#8203;DimitriPapadopoulos](https://github.com/DimitriPapadopoulos)! - Add Python 3.11, 3.12 and 3.13 support and tests. - Thanks, [@&#8203;angvp](https://github.com/angvp)! - Tests in gh-action. - Thanks, [@&#8203;almaz](https://github.com/almaz).kun! - Remove defusedexpat import. - Thanks, [@&#8203;hanno](https://github.com/hanno)! - Replace deprecated BadZipfile with BadZipFile. - Thanks, [@&#8203;hugovk](https://github.com/hugovk)! - Support indent using integer format, enable `python -m unittest tests/*.py`. - Thanks, [@&#8203;hiiwave](https://github.com/hiiwave)! - Ensure significant whitespace is not trimmed - Thanks, [@&#8203;trey](https://github.com/trey).franklin! - added conda installation command - Thanks, [@&#8203;sugatoray](https://github.com/sugatoray)! - fix attributes not appearing in streaming mode - Thanks, [@&#8203;timnguyen001](https://github.com/timnguyen001)! - Fix Travis CI status badge URL - Update push\_release.sh to use twine. ### [`v0.13.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0130) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.12.0...v0.13.0) - Add install info to readme for openSUSE. ([#&#8203;205](https://github.com/martinblech/xmltodict/issues/205)) - Thanks, [@&#8203;smarlowucf](https://github.com/smarlowucf)! - Support defaultdict for namespace mapping ([#&#8203;211](https://github.com/martinblech/xmltodict/issues/211)) - Thanks, [@&#8203;nathanalderson](https://github.com/nathanalderson)! - parse(generator) is now possible ([#&#8203;212](https://github.com/martinblech/xmltodict/issues/212)) - Thanks, [@&#8203;xandey](https://github.com/xandey)! - Processing comments on parsing from xml to dict (connected to [#&#8203;109](https://github.com/martinblech/xmltodict/issues/109)) ([#&#8203;221](https://github.com/martinblech/xmltodict/issues/221)) - Thanks, [@&#8203;svetazol](https://github.com/svetazol)! - Add expand\_iter kw to unparse to expand iterables ([#&#8203;213](https://github.com/martinblech/xmltodict/issues/213)) - Thanks, [@&#8203;claweyenuk](https://github.com/claweyenuk)! - Fixed some typos - Thanks, [@&#8203;timgates42](https://github.com/timgates42) and [@&#8203;kianmeng](https://github.com/kianmeng)! - Add support for python3.8 - Thanks, [@&#8203;t0b3](https://github.com/t0b3)! - Drop Jython/Python 2 and add Python 3.9/3.10. - Drop OrderedDict in Python >= 3.7 - Do not use len() to determine if a sequence is empty - Thanks, [@&#8203;DimitriPapadopoulos](https://github.com/DimitriPapadopoulos)! - Add more namespace attribute tests - Thanks, [@&#8203;leogregianin](https://github.com/leogregianin)! - Fix encoding issue in setup.py - Thanks, [@&#8203;rjarry](https://github.com/rjarry)! </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ1cGRhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOltdfQ==-->
jcabillot added 1 commit 2026-05-26 20:32:56 -04:00
Update dependency xmltodict to v0.15.1
perso/huawei-3G-SMS-API/pipeline/pr-master This commit looks good
Details
3b31badee8
jcabillot self-assigned this 2026-05-26 20:32:58 -04:00
Some checks are pending
perso/huawei-3G-SMS-API/pipeline/pr-master This commit looks good
Details
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/xmltodict-0.x:renovate/xmltodict-0.x
git checkout renovate/xmltodict-0.x
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
cloudix_mcp_server jcabillot opencodecabilloteu renovate
No Assignees jcabillot
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: perso/huawei-3G-SMS-API#4
Delete Branch "renovate/xmltodict-0.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?