Drop defusedxml dependency / update package metadata #16
Conversation
Only the tostring function was used, which was just an alias to the lxml.etree.tostring function.
sergei-maertens
force-pushed
the
chore/drop-defusedxml-lxml
branch
from
624f27b
to
3dc0990
Compare
sergei-maertens
force-pushed
the
chore/drop-defusedxml-lxml
branch
from
a40940b
to
3cd95c5
Compare
sergei-maertens
force-pushed
the
chore/drop-defusedxml-lxml
branch
from
3cd95c5
to
928de66
Compare
It looks like our fork's modifications result in an extra text node being present in the generated XML, causing the test to crash. This was probably broken a long time already, but CI wasn't running so... we never realized it?
This is why all projects should just use black.
This also disables the coverage/coveralls step due to a missing token and it's not like we're going to act on coverage deficits anyway.
sergei-maertens
force-pushed
the
chore/drop-defusedxml-lxml
branch
from
928de66
to
b8db58a
Compare
There was a problem hiding this comment.
What shifted by one and why?
Extra CDATA node because of lxml update?
There was a problem hiding this comment.
so from the git history I see that Alexander added some extra key information (passphrase) in the signing flow which isn't there in upstream: a7b306bd#diff-f289c39b13ed7b63ec4515ca0f0a8848757505fd429019558f5b2452487b97d0R799 but I can't really trace down how that results in an extra text node
it could also be the lxml update that results in an extra newline. Looking at the actual XML that is produced, the shift-by-one does seem to make sense. I just dislike how this test is written - why doesn't it use an absolute xpath instead to point to the right node? :(
There was a problem hiding this comment.
downgraded lxml in my local env, it's due to the lxml 5+ upgrade
Looks like we were up to date with upstream master, but getting tests to pass locally required changes to
pyproject.toml