Update dependency xmltodict to ~=0.15.0 #106

Merged

Renovate merged 1 commits from renovate/xmltodict-0.x into dev 2025-09-05 04:21:02 +03:00

Conversation 0 Commits 1 Files Changed 1 +1 -1

Renovate commented 2025-09-05 04:20:59 +03:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Update	Change
xmltodict	minor	~=0.14.0 -> ~=0.15.0

---

Release Notes

martinblech/xmltodict (xmltodict)

v0.15.0

Compare Source

• Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
  element and attribute names (including @xmlns prefixes) during unparse.
  This limits validation to avoiding tag-context escapes; attribute values
  continue to be escaped by the SAX XMLGenerator.
  Advisory: https://fluidattacks.com/advisories/mono

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [xmltodict](https://github.com/martinblech/xmltodict) | minor | `~=0.14.0` -> `~=0.15.0` | --- ### Release Notes <details> <summary>martinblech/xmltodict (xmltodict)</summary> ### [`v0.15.0`](https://github.com/martinblech/xmltodict/blob/HEAD/CHANGELOG.md#v0150) [Compare Source](https://github.com/martinblech/xmltodict/compare/v0.14.2...v0.15.0) - Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including `@xmlns` prefixes) during unparse. This limits validation to avoiding tag-context escapes; attribute values continue to be escaped by the SAX `XMLGenerator`. Advisory: https://fluidattacks.com/advisories/mono </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4zNS4wIiwidXBkYXRlZEluVmVyIjoiMzYuMzUuMCIsInRhcmdldEJyYW5jaCI6ImRldiJ9-->

Renovate added 1 commit 2025-09-05 04:21:00 +03:00

Update dependency xmltodict to ~=0.15.0 870e54aeb0

Renovate scheduled this pull request to auto merge when all checks succeed 2025-09-05 04:21:00 +03:00

Renovate merged commit 870e54aeb0 into dev 2025-09-05 04:21:02 +03:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Kind/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Reviewed

Confirmed

Issue has been confirmed

Reviewed

Duplicate

This issue or pull request already exists

Reviewed

Invalid

Invalid issue

Reviewed

Won't Fix

This issue won't be fixed

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

Renovate profitroll

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Reference: profitroll/PythonRMV#106

No description provided.