Update dependency xmltodict to ~=0.15.0 #106

Merged
Renovate merged 1 commits from renovate/xmltodict-0.x into dev 2025-09-05 04:21:02 +03:00
Collaborator

This PR contains the following updates:

Package Update Change
xmltodict minor ~=0.14.0 -> ~=0.15.0

Release Notes

martinblech/xmltodict (xmltodict)

v0.15.0

Compare Source

  • Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
    element and attribute names (including @xmlns prefixes) during unparse.
    This limits validation to avoiding tag-context escapes; attribute values
    continue to be escaped by the SAX XMLGenerator.
    Advisory: https://fluidattacks.com/advisories/mono

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [xmltodict](https://github.com/martinblech/xmltodict) | minor | `~=0.14.0` -> `~=0.15.0` | --- ### Release Notes <details> <summary>martinblech/xmltodict (xmltodict)</summary> ### [`v0.15.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0150) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.2...v0.15.0) - Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including `@xmlns` prefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAX `XMLGenerator`. Advisory: https://fluidattacks.com/advisories/mono </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4zNS4wIiwidXBkYXRlZEluVmVyIjoiMzYuMzUuMCIsInRhcmdldEJyYW5jaCI6ImRldiJ9-->
Renovate added 1 commit 2025-09-05 04:21:00 +03:00
Update dependency xmltodict to ~=0.15.0
All checks were successful
Tests / test (3.10) (pull_request) Successful in -12s
Tests / test (3.11) (pull_request) Successful in -16s
Tests / test (3.12) (pull_request) Successful in -8s
Tests / test (3.9) (pull_request) Successful in -16s
Tests / test (3.10) (push) Successful in -15s
Tests / test (3.11) (push) Successful in -15s
Tests / test (3.12) (push) Successful in -11s
Tests / test (3.9) (push) Successful in -16s
870e54aeb0
Renovate scheduled this pull request to auto merge when all checks succeed 2025-09-05 04:21:00 +03:00
Renovate merged commit 870e54aeb0 into dev 2025-09-05 04:21:02 +03:00
Sign in to join this conversation.
No description provided.