From 94f4775e8542e6077afee99ac1a31ef03101a11f Mon Sep 17 00:00:00 2001
From: "orca-security-eu[bot]"
 <121541134+orca-security-eu[bot]@users.noreply.github.com>
Date: Tue, 18 Mar 2025 11:50:44 +0000
Subject: [PATCH] Fix(security): Replace vulnerable XML parsing with defusedxml
 library

---
 env/lib/python3.9/site-packages/py/_path/svnwc.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/env/lib/python3.9/site-packages/py/_path/svnwc.py b/env/lib/python3.9/site-packages/py/_path/svnwc.py
index b5b9d8d..1356f6a 100644
--- a/env/lib/python3.9/site-packages/py/_path/svnwc.py
+++ b/env/lib/python3.9/site-packages/py/_path/svnwc.py
@@ -1107,8 +1107,7 @@ def fromstring(data, rootwcpath, rev=None, modrev=None, author=None):
 
             if wcpath == rootwcpath:
                 rootstatus.rev = rev
-                rootstatus.modrev = modrev
-                rootstatus.author = author
+                rootstatus.modrev = modrevrootstatus.author = author
                 rootstatus.date = date
 
             # handle repos-status element (remote info)
@@ -1207,9 +1206,9 @@ def make_recursive_propdict(wcroot,
 def importxml(cache=[]):
     if cache:
         return cache
-    from xml.dom import minidom
+    from defusedxml.minidom import parse, parseString
     from xml.parsers.expat import ExpatError
-    cache.extend([minidom, ExpatError])
+    cache.extend([parse, parseString, ExpatError])
     return cache
 
 class LogEntry:
@@ -1236,5 +1235,3 @@ def __init__(self, logentry):
     def __repr__(self):
         return '<Logentry rev=%d author=%s date=%s>' % (
             self.rev, self.author, self.date)
-
-