#525 Bump lxml from 4.5.2 to 4.6.3 in /backend
Bumps <https://github.com/lxml/lxml|lxml> from 4.5.2 to 4.6.3. Changelog _Sourced from <https://github.com/lxml/lxml/blob/master/CHANGES.txt|lxml's changelog>._ > *4.6.3 (2021-03-21)* > *Bugs fixed* > > • A vulnerability (<https://github.com/advisories/GHSA-jq4v-f5q6-mjqq|CVE-2021-28957>) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 `formaction` attribute. > > *4.6.2 (2020-11-26)* > *Bugs fixed* > > • A vulnerability (<https://github.com/advisories/GHSA-pgww-xf46-h92r|CVE-2020-27783>) was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. > > *4.6.1 (2020-10-18)* > *Bugs fixed* > > • A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. > > *4.6.0 (2020-10-17)* > *Features added* > > • GH#310: `lxml.html.InputGetter` supports `__len__()` to count the number of input fields. Patch by Aidan Woolley. > • `lxml.html.InputGetter` has a new `.items()` method to ease processing all input fields. > • `lxml.html.InputGetter.keys()` now returns the field names in document order. > • <https://github-redirect.dependabot.com/lxml/lxml/issues/309|GH-309>: The API documentation is now generated using `sphinx-apidoc`. Patch by Chris Mayo. > > *Bugs fixed* ... (truncated) Commits • <https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999|`a5f9cb5`> Prepare release of lxml 4.6.3. • <https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d|`2d01a1b`> Add HTML-5 "formaction" attribute to "defs.link_attrs" (<https://github-redirect.dependabot.com/lxml/lxml/issues/316|GH-316>) • <https://github.com/lxml/lxml/commit/e986a9cb5d54827c59aefa8803bc90954d67221e|`e986a9c`> Fix reference in docs. • <https://github.com/lxml/lxml/commit/4cb57362deb23bca0f70f41ab1efa13390fcdbb1|`4cb5736`> Work around Py2's lack of "re.ASCII". • <https://github.com/lxml/lxml/commit/c30106ff2648cdafe7857654e9606c491b1acf4d|`c30106f`> Prepare release of 4.6.2. • <https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7|`a105ab8`> Prevent combinations of <math/svg> and <style> to sneak JavaScript through th... • <https://github.com/lxml/lxml/commit/c053dc159c7f0a6a98922c937a0baede7ce7af9d|`c053dc1`> Add a recipe for a look-ahead generator to allow modifications during tree it... • <https://github.com/lxml/lxml/commit/b083124281d824eb861ff58e7276a5c1f1d8c18d|`b083124`> lxml actually works in Py3.9. • <https://github.com/lxml/lxml/commit/0f80590d7ebe62c61d2bdf2a220a093821dcbab8|`0f80590`> lxml actually works in Py3.9. • <https://github.com/lxml/lxml/commit/fd8893ccb538e95c5acb2a2b47f0e87003de5b0d|`fd8893c`> Add a doc note that the .find() methods are usually faster than one might exp... • Additional commits viewable in <https://github.com/lxml/lxml/compare/lxml-4.5.2...lxml-4.6.3|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/Disfactory/network/alerts|Security Alerts page>.
:white_check_mark: All checks have passed
