No longer using defusedxml since it is not necessary.#1179
Merged
mvantellingen merged 2 commits intomasterfrom Apr 11, 2021
unknown repository
Merged
No longer using defusedxml since it is not necessary.#1179mvantellingen merged 2 commits intomasterfrom unknown repository
mvantellingen merged 2 commits intomasterfrom
unknown repository
Conversation
added 2 commits
January 6, 2021 14:00
- mimicked behaviour from defused into the loader.py - bumped lxml version to > 4.6.0
- mimicked behaviour from defused into the loader.py - bumped lxml version to > 4.6.0
Author
|
Zie blurb on https://github.com/tiran/defusedxml/blob/master/defusedxml/lxml.py for an explanation:
|
|
Have you an estimate date for a new release with this pull request ? |
Author
|
I do not know, I haven't had any feedback on this PR from the owner. The repository seems very quiet. |
Owner
|
Looks good, thanks! This was on my todo list for a while |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #956
Closes #1014
It is not necessary to use defused when using the lxml parser. The package defusedxml.lxml is deprecated because of this.
The lxml parser uses libxml2 that has the guards against the vulnerabilities build in (at least libxml2 > 2.6). Since zeep already uses the lxml parser, this pull request removes defusedxml as a dependency. Some functionality regarding
forbid_dtdandforbid_entitiesthat were present in defusedxml is now present inloader.pyand exceptions were added to zeep with the same name as in defusedxml.DTDForbiddenenEntitiesForbidden