mig5/jinjaturtle
1
0
Fork 0
Code Issues Pull requests Projects Releases 8 Packages Wiki Activity Actions

Use defusedxml
Some checks failed
Lint / test (push) Successful in 25s
Details
Trivy / test (push) Successful in 26s
Details
CI / test (push) Failing after 40s
Details

Browse source
This commit is contained in:
Miguel Jacq 2025-11-27 14:57:47 +11:00
parent 8b8a95a796
commit 1a7359fc3c
Signed by: mig5
GPG key ID: 59B3F0C24135C6A9
4 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
poetry.lock generated
View file

@ -461,6 +461,17 @@ ssh = ["bcrypt (>=3.1.5)"]
test = ["certifi (>=2024)", "cryptography-vectors (==46.0.3)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"] test = ["certifi (>=2024)", "cryptography-vectors (==46.0.3)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
test-randomorder = ["pytest-randomly"] test-randomorder = ["pytest-randomly"]
[[package]]
name = "defusedxml"
version = "0.7.1"
description = "XML bomb protection for Python stdlib modules"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
files = [
{file = "defusedxml-0.7.1-py2.py3-none-any.whl", hash = "sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"},
{file = "defusedxml-0.7.1.tar.gz", hash = "sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69"},
]
[[package]] [[package]]
name = "desktop-entry-lib" name = "desktop-entry-lib"
version = "5.0" version = "5.0"
@ -1182,4 +1193,4 @@ type = ["pytest-mypy"]
[metadata] [metadata]
lock-version = "2.0" lock-version = "2.0"
python-versions = "^3.10" python-versions = "^3.10"
content-hash = "17e97a5516576384aafd227385b42be9178527537a52ab44e8797816534b5193" content-hash = "b9153226d96d26f633a7d95ba83b05e78a0063d4c5471b5e0d5f928a4cae0a57"

1
pyproject.toml
View file

@ -16,6 +16,7 @@ repository = "https://git.mig5.net/mig5/jinjaturtle"
python = "^3.10" python = "^3.10"
PyYAML = "^6.0" PyYAML = "^6.0"
tomli = { version = "^2.0.0", python = "<3.11" } tomli = { version = "^2.0.0", python = "<3.11" }
defusedxml = "^0.7.1"
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]
pytest = "^7.0" pytest = "^7.0"

2
src/jinjaturtle/core.py
View file

@ -2,10 +2,10 @@ from __future__ import annotations
import configparser import configparser
import json import json
import xml.etree.ElementTree as ET
import yaml import yaml
from collections import Counter, defaultdict from collections import Counter, defaultdict
from defusedxml import ElementTree as ET
from pathlib import Path from pathlib import Path
from typing import Any, Iterable from typing import Any, Iterable

2
tests/test_core.py
View file

@ -1,11 +1,11 @@
from __future__ import annotations from __future__ import annotations
from defusedxml import ElementTree as ET
from pathlib import Path from pathlib import Path
import configparser import configparser
import pytest import pytest
import textwrap import textwrap
import yaml import yaml
import xml.etree.ElementTree as ET
import jinjaturtle.core as core import jinjaturtle.core as core
from jinjaturtle.core import ( from jinjaturtle.core import (