Skip to content

Bump lxml from 5.3.0 to 6.0.4#931

Closed
dependabot[bot] wants to merge 1 commit intodevelopmentfrom
dependabot/pip/lxml-6.0.4
Closed

Bump lxml from 5.3.0 to 6.0.4#931
dependabot[bot] wants to merge 1 commit intodevelopmentfrom
dependabot/pip/lxml-6.0.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Bumps lxml from 5.3.0 to 6.0.4.

Release notes

Sourced from lxml's releases.

lxml-6.0.4

No release notes provided.

lxml-6.0.3

No release notes provided.

lxml-6.0.2

No release notes provided.

lxml-6.0.1

No release notes provided.

lxml-6.0.0

No release notes provided.

lxml-5.4.0

5.4.0 (2025-04-22)

Bugs fixed

  • LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin, see https://bugs.launchpad.net/lxml/+bug/2107279

lxml-5.3.2

No release notes provided.

lxml-5.3.1

No release notes provided.

Changelog

Sourced from lxml's changelog.

6.0.4 (2026-04-12)

Bugs fixed

  • LP#2148019: Spurious MemoryError during namespace cleanup.

6.0.3 (2026-04-09)

Bugs fixed

  • Several out of memory error cases now raise MemoryError that were not handled before.

  • Slicing with large step values (outside of +/- sys.maxsize) could trigger undefined C behaviour.

  • LP#2125399: Some failing tests were fixed or disabled in PyPy.

  • LP#2138421: Memory leak in error cases when setting the public_id or system_url of a document.

  • Memory leak in case of a memory allocation failure when copying document subtrees.

  • When mapping an XPath result to Python failed, the result memory could leak.

  • When preparing an XSLT transform failed, the XSLT parameter memory could leak.

Other changes

  • Built using Cython 3.2.4.

  • Binary wheels use zlib 1.3.2.

6.0.2 (2025-09-21)

Bugs fixed

  • LP#2125278: Compilation with libxml2 2.15.0 failed. Original patch by Xi Ruoyao.

  • Setting decompress=True in the parser had no effect in libxml2 2.15.

  • Binary wheels on Linux and macOS use the library version libxml2 2.14.6. See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.6

... (truncated)

Commits
  • 1fd1d6b Fix release date.
  • 5154859 CI: Include all library versions in libs cache key to asssure updated on vers...
  • 6a606f3 Add "doesn't crash" tests for LP#2148019.
  • f488f16 Prepare release of 6.0.4.
  • 1255d98 LP#2148019: Prevent spurious MemoryError during namespace cleanup.
  • 03b0c4a Remove dead type check.
  • a6f833c Fix release date.
  • 973d059 Update changelog.
  • 9044a52 Build: Downgrade libiconv to 1.18 since 1.19 does not build reliably.
  • a34dfdd Build: Upgrade libiconv to 1.19.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump lxml from 5.3.0 to 6.0.4
a6e8d8d 
Bumps [lxml](https://github.com/lxml/lxml) from 5.3.0 to 6.0.4.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-5.3.0...lxml-6.0.4)

---
updated-dependencies:
- dependency-name: lxml
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 13, 2026
@dependabot dependabot Bot mentioned this pull request Apr 13, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 20, 2026

Superseded by #936.

@dependabot dependabot Bot closed this Apr 20, 2026
@dependabot dependabot Bot deleted the dependabot/pip/lxml-6.0.4 branch April 20, 2026 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants