[upd] pypi: Bump lxml from 6.0.4 to 6.1.0 (#6036)

Release 6.1.0 fixes a possible external entity injection (XXE) vulnerability in ``iterparse()`` and the ``ETCompatXMLParser``. https://github.com/lxml/lxml/blob/64ed06c1a0c1833bfac99f209f16c3bdfddfde79/CHANGES.txt#L42-L66 - Closes https://github.com/searxng/searxng/issues/6025 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2026-05-07 18:03:51 +02:00 · 2026-04-29 07:11:13 +02:00
parent 616d6f4818
commit f96ac331ed
1 changed files with 1 additions and 1 deletions
@@ -3,7 +3,7 @@ babel==2.18.0
 flask-babel==4.0.0
 flask==3.1.3
 jinja2==3.1.6
-lxml==6.0.4
+lxml==6.1.0
 pygments==2.20.0
 python-dateutil==2.9.0.post0
 pyyaml==6.0.3