perso/huawei-3G-SMS-API
4
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Releases Wiki Activity

Update dependency xmltodict to v1 #5

Open
jcabillot wants to merge 1 commits from renovate/xmltodict-1.x into master
pull from: renovate/xmltodict-1.x
merge into: perso:master
Conversation 0 Commits 1 Files Changed 1
+1 -1
jcabillot commented 2026-05-26 20:33:07 -04:00
Owner
Copy Link
Copy Source

This PR contains the following updates:

Package Update Change
xmltodict major ==0.12.0==1.0.4

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

martinblech/xmltodict (xmltodict)

v1.0.4

Compare Source

Bug Fixes
  • unparse: add bytes_errors policy and handle bytes scalars consistently (ed70434)

v1.0.3

Compare Source

Bug Fixes
  • unparse: serialize None text/attrs as empty values (fixes #​401) (aa16511)
Documentation
  • readme: fix Fedora and Arch package links (fd6a73b)

v1.0.2

Compare Source

Bug Fixes
  • allow DOCTYPE with disable_entities=True (default) (25b61a4)

v1.0.1

Compare Source

Bug Fixes
  • fail closed when entities disabled (c986d2d)
  • validate XML comments (3d4d2d3)
Documentation
  • add SECURITY.md (6413023)
  • clarify behavior for empty lists (2025b5c)
  • clarify process_comments docs (6b464fc)
  • clarify strip whitespace comment behavior (b3e2203)
  • create AGENTS.md for coding agents (0da66ee)
  • replace travis with actions badge (2576b94)
  • update CONTRIBUTING.md (db39180)

v1.0.0

Compare Source

⚠ BREAKING CHANGES
  • modernize for Python 3.9+; drop legacy compat paths
Features
  • unparse: add limited XML comment round-trip; unify _emit behavior (e43537e)
  • unparse: add selective force_cdata support (bool/tuple/callable) (a497fed), closes #​375
Bug Fixes
  • namespaces: attach [@xmlns](https://github.com/xmlns) to declaring element when process_namespaces=True (f0322e5), closes #​163
  • streaming: avoid parent accumulation at item_depth; add regression tests (220240c)
  • unparse: handle non-string #text with attributes; unify value conversion (927a025), closes #​366
  • unparse: skip empty lists to keep pretty/compact outputs consistent (ab4c86f)
Reverts
  • remove initial Release Drafter config (c0b74ed)
Documentation
  • readme: add API reference for parse()/unparse() kwargs (e5039ad)
  • readme: mention types-xmltodict stub package (58ec03e)
Code Refactoring
  • modernize for Python 3.9+; drop legacy compat paths (7364427)

v0.15.1

Compare Source

  • Security: Further harden XML injection prevention during unparse (follow-up to
    v0.15.0). In addition to '<'/'>' rejection, now also reject element and
    attribute names (including @xmlns prefixes) that:
    • start with '?' or '!'
    • contain '/' or any whitespace
    • contain quotes (' or ") or '='
    • are non-strings (names must be str; no coercion)

v0.15.0

Compare Source

  • Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
    element and attribute names (including @xmlns prefixes) during unparse.
    This limits validation to avoiding tag-context escapes; attribute values
    continue to be escaped by the SAX XMLGenerator.
    Advisory: https://fluidattacks.com/advisories/mono

v0.14.2

Compare Source

  • Revert "Ensure significant whitespace is not trimmed"
    • This changed was backwards incompatible and caused downstream issues.

v0.14.1

Compare Source

v0.14.0

Compare Source

  • Drop old Python 2 support leftover code and apply several RUFF code health fixes.
  • Add Python 3.11, 3.12 and 3.13 support and tests.
  • Tests in gh-action.
  • Remove defusedexpat import.
  • Replace deprecated BadZipfile with BadZipFile.
  • Support indent using integer format, enable python -m unittest tests/*.py.
  • Ensure significant whitespace is not trimmed
  • added conda installation command
  • fix attributes not appearing in streaming mode
  • Fix Travis CI status badge URL
  • Update push_release.sh to use twine.

v0.13.0

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [xmltodict](https://github.com/martinblech/xmltodict) | major | `==0.12.0` → `==1.0.4` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/3) for more information. --- ### Release Notes <details> <summary>martinblech/xmltodict (xmltodict)</summary> ### [`v1.0.4`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#104-2026-02-22) [Compare Source](https://github.com/martinblech/xmltodict/compare/v1.0.3...v1.0.4) ##### Bug Fixes - **unparse:** add bytes\_errors policy and handle bytes scalars consistently ([ed70434](https://github.com/martinblech/xmltodict/commit/ed704344226ed6451f6735811c695fb5004df44d)) ### [`v1.0.3`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#103-2026-02-15) [Compare Source](https://github.com/martinblech/xmltodict/compare/v1.0.2...v1.0.3) ##### Bug Fixes - **unparse:** serialize None text/attrs as empty values (fixes [#&#8203;401](https://github.com/martinblech/xmltodict/issues/401)) ([aa16511](https://github.com/martinblech/xmltodict/commit/aa165113bef2b3a1a822209863343b9dc9ffe43a)) ##### Documentation - **readme:** fix Fedora and Arch package links ([fd6a73b](https://github.com/martinblech/xmltodict/commit/fd6a73bf606c3932bcc82bf559a70867a1dd75cd)) ### [`v1.0.2`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#102-2025-09-17) [Compare Source](https://github.com/martinblech/xmltodict/compare/v1.0.1...v1.0.2) ##### Bug Fixes - allow DOCTYPE with disable\_entities=True (default) ([25b61a4](https://github.com/martinblech/xmltodict/commit/25b61a41f580cfc211df07c5fbbf603bd8eb5a5f)) ### [`v1.0.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#101-2025-09-17) [Compare Source](https://github.com/martinblech/xmltodict/compare/v1.0.0...v1.0.1) ##### Bug Fixes - fail closed when entities disabled ([c986d2d](https://github.com/martinblech/xmltodict/commit/c986d2d37a93d45fcc059b09063d9d9c45a655ec)) - validate XML comments ([3d4d2d3](https://github.com/martinblech/xmltodict/commit/3d4d2d3a4cd0f68d1211dba549010261fa87b969)) ##### Documentation - add SECURITY.md ([6413023](https://github.com/martinblech/xmltodict/commit/64130233c8fea272a5f82f2f585e1593523ec1b1)) - clarify behavior for empty lists ([2025b5c](https://github.com/martinblech/xmltodict/commit/2025b5cb5e64fc9c4d54b8644187a0a193bdd0ed)) - clarify process\_comments docs ([6b464fc](https://github.com/martinblech/xmltodict/commit/6b464fce284a93dbb292f3d063c9f310a478a014)) - clarify strip whitespace comment behavior ([b3e2203](https://github.com/martinblech/xmltodict/commit/b3e22032d21cc387d6cecf3930116e8fdc3151cf)) - create AGENTS.md for coding agents ([0da66ee](https://github.com/martinblech/xmltodict/commit/0da66ee797ced7479312aecef92c6a25e235007c)) - replace travis with actions badge ([2576b94](https://github.com/martinblech/xmltodict/commit/2576b94c918fbd154489a95dbbb3feda8bd3cbd8)) - update CONTRIBUTING.md ([db39180](https://github.com/martinblech/xmltodict/commit/db3918057cf125af989a1263d52df8df5ef8c642)) ### [`v1.0.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#100-2025-09-12) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.15.1...v1.0.0) ##### ⚠ BREAKING CHANGES - modernize for Python 3.9+; drop legacy compat paths ##### Features - **unparse:** add limited XML comment round-trip; unify `_emit` behavior ([e43537e](https://github.com/martinblech/xmltodict/commit/e43537eee61c20ef50f0e4242eb9223de7a6aefd)) - **unparse:** add selective `force_cdata` support (bool/tuple/callable) ([a497fed](https://github.com/martinblech/xmltodict/commit/a497fedb7d6103d68af155543ac3337a73778b19)), closes [#&#8203;375](https://github.com/martinblech/xmltodict/issues/375) ##### Bug Fixes - **namespaces:** attach `[@xmlns](https://github.com/xmlns)` to declaring element when process\_namespaces=True ([f0322e5](https://github.com/martinblech/xmltodict/commit/f0322e578184421693434902547f330f4f0a44c3)), closes [#&#8203;163](https://github.com/martinblech/xmltodict/issues/163) - **streaming:** avoid parent accumulation at item\_depth; add regression tests ([220240c](https://github.com/martinblech/xmltodict/commit/220240c5eb2d12b75adf26cc84ec9c803ce8bb2b)) - **unparse:** handle non-string `#text` with attributes; unify value conversion ([927a025](https://github.com/martinblech/xmltodict/commit/927a025ae8a62cbb542d5caff38b29161a2096fa)), closes [#&#8203;366](https://github.com/martinblech/xmltodict/issues/366) - **unparse:** skip empty lists to keep pretty/compact outputs consistent ([ab4c86f](https://github.com/martinblech/xmltodict/commit/ab4c86fed24dc8ef0e932a524edfb01c6453ecf6)) ##### Reverts - remove initial Release Drafter config ([c0b74ed](https://github.com/martinblech/xmltodict/commit/c0b74ed58f933bffd160c60a58620f672710ff7c)) ##### Documentation - **readme:** add API reference for parse()/unparse() kwargs ([e5039ad](https://github.com/martinblech/xmltodict/commit/e5039ad3f5159cc45ac1d52c4aa901ca50d4c722)) - **readme:** mention types-xmltodict stub package ([58ec03e](https://github.com/martinblech/xmltodict/commit/58ec03e6d94f17ed359742d9ce2f99e796669694)) ##### Code Refactoring - modernize for Python 3.9+; drop legacy compat paths ([7364427](https://github.com/martinblech/xmltodict/commit/7364427c86c62f55ad4c2dce96df6761da69c354)) ### [`v0.15.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0151) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.15.0...v0.15.1) - Security: Further harden XML injection prevention during unparse (follow-up to v0.15.0). In addition to '<'/'>' rejection, now also reject element and attribute names (including `@xmlns` prefixes) that: - start with '?' or '!' - contain '/' or any whitespace - contain quotes (' or ") or '=' - are non-strings (names must be `str`; no coercion) ### [`v0.15.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0150) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.2...v0.15.0) - Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including `@xmlns` prefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAX `XMLGenerator`. Advisory: <https://fluidattacks.com/advisories/mono> ### [`v0.14.2`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0142) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.1...v0.14.2) - Revert "Ensure significant whitespace is not trimmed" - This changed was backwards incompatible and caused downstream issues. ### [`v0.14.1`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0141) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.0...v0.14.1) - Drop support for Python older than 3.6 - Additional ruff/Pyflakes/codespell fixes. - Thanks [@&#8203;DimitriPapadopoulos](https://github.com/DimitriPapadopoulos)! ### [`v0.14.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0140) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.13.0...v0.14.0) - Drop old Python 2 support leftover code and apply several RUFF code health fixes. - Thanks, [@&#8203;DimitriPapadopoulos](https://github.com/DimitriPapadopoulos)! - Add Python 3.11, 3.12 and 3.13 support and tests. - Thanks, [@&#8203;angvp](https://github.com/angvp)! - Tests in gh-action. - Thanks, [@&#8203;almaz](https://github.com/almaz).kun! - Remove defusedexpat import. - Thanks, [@&#8203;hanno](https://github.com/hanno)! - Replace deprecated BadZipfile with BadZipFile. - Thanks, [@&#8203;hugovk](https://github.com/hugovk)! - Support indent using integer format, enable `python -m unittest tests/*.py`. - Thanks, [@&#8203;hiiwave](https://github.com/hiiwave)! - Ensure significant whitespace is not trimmed - Thanks, [@&#8203;trey](https://github.com/trey).franklin! - added conda installation command - Thanks, [@&#8203;sugatoray](https://github.com/sugatoray)! - fix attributes not appearing in streaming mode - Thanks, [@&#8203;timnguyen001](https://github.com/timnguyen001)! - Fix Travis CI status badge URL - Update push\_release.sh to use twine. ### [`v0.13.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0130) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.12.0...v0.13.0) - Add install info to readme for openSUSE. ([#&#8203;205](https://github.com/martinblech/xmltodict/issues/205)) - Thanks, [@&#8203;smarlowucf](https://github.com/smarlowucf)! - Support defaultdict for namespace mapping ([#&#8203;211](https://github.com/martinblech/xmltodict/issues/211)) - Thanks, [@&#8203;nathanalderson](https://github.com/nathanalderson)! - parse(generator) is now possible ([#&#8203;212](https://github.com/martinblech/xmltodict/issues/212)) - Thanks, [@&#8203;xandey](https://github.com/xandey)! - Processing comments on parsing from xml to dict (connected to [#&#8203;109](https://github.com/martinblech/xmltodict/issues/109)) ([#&#8203;221](https://github.com/martinblech/xmltodict/issues/221)) - Thanks, [@&#8203;svetazol](https://github.com/svetazol)! - Add expand\_iter kw to unparse to expand iterables ([#&#8203;213](https://github.com/martinblech/xmltodict/issues/213)) - Thanks, [@&#8203;claweyenuk](https://github.com/claweyenuk)! - Fixed some typos - Thanks, [@&#8203;timgates42](https://github.com/timgates42) and [@&#8203;kianmeng](https://github.com/kianmeng)! - Add support for python3.8 - Thanks, [@&#8203;t0b3](https://github.com/t0b3)! - Drop Jython/Python 2 and add Python 3.9/3.10. - Drop OrderedDict in Python >= 3.7 - Do not use len() to determine if a sequence is empty - Thanks, [@&#8203;DimitriPapadopoulos](https://github.com/DimitriPapadopoulos)! - Add more namespace attribute tests - Thanks, [@&#8203;leogregianin](https://github.com/leogregianin)! - Fix encoding issue in setup.py - Thanks, [@&#8203;rjarry](https://github.com/rjarry)! </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ1cGRhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOltdfQ==-->
jcabillot added 1 commit 2026-05-26 20:33:08 -04:00
Update dependency xmltodict to v1
perso/huawei-3G-SMS-API/pipeline/pr-master This commit looks good
Details
3b76ecd5ec
jcabillot self-assigned this 2026-05-26 20:33:09 -04:00
Some checks are pending
perso/huawei-3G-SMS-API/pipeline/pr-master This commit looks good
Details
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/xmltodict-1.x:renovate/xmltodict-1.x
git checkout renovate/xmltodict-1.x
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
cloudix_mcp_server jcabillot opencodecabilloteu renovate
No Assignees jcabillot
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: perso/huawei-3G-SMS-API#5
Delete Branch "renovate/xmltodict-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?