build(deps): bump lxml from 5.2.1 to 6.0.2

[dependabot]

Bumps lxml from 5.2.1 to 6.0.2.

Release notes

Sourced from lxml's releases.

lxml-6.0.2

No release notes provided.

lxml-6.0.1

No release notes provided.

lxml-6.0.0

No release notes provided.

lxml-5.4.0

5.4.0 (2025-04-22)

Bugs fixed

• LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin, see https://bugs.launchpad.net/lxml/+bug/2107279

lxml-5.3.2

No release notes provided.

lxml-5.3.1

No release notes provided.

lxml-5.3.0

No release notes provided.

lxml-5.2.2

5.2.2 (2024-05-12)

Bugs fixed

• GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

• LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

• If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

Changelog

Sourced from lxml's changelog.

6.0.2 (2025-09-21)

Bugs fixed

• LP#2125278: Compilation with libxml2 2.15.0 failed. Original patch by Xi Ruoyao.

• Setting decompress=True in the parser had no effect in libxml2 2.15.

• Binary wheels on Linux and macOS use the library version libxml2 2.14.6. See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.6

• Test failures in libxml2 2.15.0 were fixed.

Other changes

• Binary wheels for Py3.9-3.11 on the riscv64 architecture were added.

• Error constants were updated to match libxml2 2.15.0.

• Built using Cython 3.1.4.

6.0.1 (2025-08-22)

Bugs fixed

• LP#2116333: lxml.sax._getNsTag() could fail with an exception on malformed input.

• GH#467: Some test adaptations were made for libxml2 2.15. Patch by Nick Wellnhofer.

• LP2119510, GH#473: A Python compatibility test was fixed for Python 3.14+. Patch by Lumír Balhar.

• GH#471: Wheels for "riscv64" on recent Python versions were added. Patch by ffgan.

• GH#469: The wheel build no longer requires the wheel package unconditionally. Patch by Miro Hrončok.

• Binary wheels use the library version libxml2 2.14.5. See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.5

• Windows binary wheels continue to use a security patched library version libxml2 2.11.9.

... (truncated)

Commits

• 283d02e Build: Minor readability cleanup.
• 52cf97c Revert "Build: Avoid redundant manylinux2014 builds across newer jobs."
• a21e474 Build: Avoid redundant manylinux2014 builds across newer jobs.
• 58d4d2b Build: Upgrade libxml2 to 2.14.6.
• e5d80da Build: Clean up and simplify target selection and environment setup in pyproj...
• e913380 Build: Limit optimised wheel builds to AMD64 and Arm64 to save time and resou...
• d22f6a1 Build: bump actions/setup-python in the github-actions group (GH-479)
• f8fa76d Build: Prevent redundant branch wheel builds for pull requests.
• b3e9372 Build: bump pypa/cibuildwheel in the github-actions group (GH-478)
• a7ec229 Prepare release of lxml 6.0.2.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.70%. Comparing base (dafd236) to head (877b171).

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #13550      +/-   ##
==========================================
- Coverage   73.71%   73.70%   -0.02%     
==========================================
  Files         921      921              
  Lines       54234    54234              
  Branches     6177     6177              
==========================================
- Hits        39978    39971       -7     
- Misses      12652    12658       +6     
- Partials     1604     1605       +1     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.