CVS commit: pkgsrc/textproc/py-lxml-html-clean

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri May 22 12:50:00 UTC 2026

Modified Files:
        pkgsrc/textproc/py-lxml-html-clean: Makefile distinfo

Log Message:
py-lxml-html-clean: updated to 0.4.5

0.4.5

Bugs fixed

* Fixed a security vulnerability where ``javascript:`` URLs in ``xlink:href``
  attributes were not sanitized when``safe_attrs_only=False``, allowing
  cross-site scripting (XSS) attacks. The fix requires ``lxml>=6.1.1``,
  which adds ``xlink:href`` to the set of link attributes iterated by
  ``rewrite_links()``. Reported by Guillem Lefait (@glefait).


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/py-lxml-html-clean/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/textproc/py-lxml-html-clean/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/py-lxml-html-clean/Makefile
diff -u pkgsrc/textproc/py-lxml-html-clean/Makefile:1.13 pkgsrc/textproc/py-lxml-html-clean/Makefile:1.14
--- pkgsrc/textproc/py-lxml-html-clean/Makefile:1.13    Sun Mar  1 08:29:31 2026
+++ pkgsrc/textproc/py-lxml-html-clean/Makefile Fri May 22 12:50:00 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2026/03/01 08:29:31 adam Exp $
+# $NetBSD: Makefile,v 1.14 2026/05/22 12:50:00 adam Exp $
 
-DISTNAME=      lxml_html_clean-0.4.4
+DISTNAME=      lxml_html_clean-0.4.5
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME:S/_/-/g}
 CATEGORIES=    textproc python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=l/lxml-html-clean/}
@@ -11,7 +11,7 @@ COMMENT=      HTML cleaner from lxml project
 LICENSE=       modified-bsd
 
 TOOL_DEPENDS+= ${PYPKGPREFIX}-setuptools>=78:../../devel/py-setuptools
-DEPENDS+=      ${PYPKGPREFIX}-lxml-[0-9]*:../../textproc/py-lxml
+DEPENDS+=      ${PYPKGPREFIX}-lxml>=6.1.1:../../textproc/py-lxml
 
 PYTHON_VERSIONS_INCOMPATIBLE=  310
 

Index: pkgsrc/textproc/py-lxml-html-clean/distinfo
diff -u pkgsrc/textproc/py-lxml-html-clean/distinfo:1.10 pkgsrc/textproc/py-lxml-html-clean/distinfo:1.11
--- pkgsrc/textproc/py-lxml-html-clean/distinfo:1.10    Sun Mar  1 08:29:31 2026
+++ pkgsrc/textproc/py-lxml-html-clean/distinfo Fri May 22 12:50:00 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.10 2026/03/01 08:29:31 adam Exp $
+$NetBSD: distinfo,v 1.11 2026/05/22 12:50:00 adam Exp $
 
-BLAKE2s (lxml_html_clean-0.4.4.tar.gz) = ed5c41626fc4e7afb0ff885af43271dcb4d6635b52b6ba5d92c82bb8bcac0db5
-SHA512 (lxml_html_clean-0.4.4.tar.gz) = 3d287269be30bf585aa6e02990ecb2c4cc4169bac7451ce05d24b8e08232760ec5c220aec435f8317624a779c203a1608fa2bbcdb5174ee454fba6a2d4d0a9fe
-Size (lxml_html_clean-0.4.4.tar.gz) = 23899 bytes
+BLAKE2s (lxml_html_clean-0.4.5.tar.gz) = a954aa1bdb1309e59f505d2a7629986e6e61469248f69b39c315e5ff4f9b488a
+SHA512 (lxml_html_clean-0.4.5.tar.gz) = 3be6270eb583c0a0124c0369b6871acf0dbc26da1ea3221e00858af83e127d33182db2495ceb9c64e16650993748e2bc6fc3192059ba296cf14a36bc6b8a7607
+Size (lxml_html_clean-0.4.5.tar.gz) = 24142 bytes