You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code implementing the MIVOT feature (PR #497) uses lxml.etree. The data model handling requires to run XML operations: parsing and XPATH queries.
However, lxml is not a part of the PyVO dependencies, and is considered insecure as well as the xml native package (xml documentation), the reason why we have been resilient in using them.
The two possibilities are:
use defusedxml which will also add a new dependency.
add the fragment needed of defusedxml in PyVO (defusedxml is on Python Software Foundation License)
What would you recommend?
The text was updated successfully, but these errors were encountered:
Either of them ends up as a dependency they will need to be an optional dependency, e.g imports needs to be done as part of conditionals, test should be skipped when the dependency is missing, etc.
For examples see the case e.g. regions in astroquery.
The code implementing the MIVOT feature (PR #497) uses lxml.etree. The data model handling requires to run XML operations: parsing and XPATH queries.
However, lxml is not a part of the PyVO dependencies, and is considered insecure as well as the xml native package (xml documentation), the reason why we have been resilient in using them.
The two possibilities are:
What would you recommend?
The text was updated successfully, but these errors were encountered: