[diffoscope] XML parsing failing due to vulnerable version of pyexpat
Aman Sharma
amansha at kth.se
Mon Apr 21 13:54:58 UTC 2025
Hi,
I am running diffoscope 294 over two XML files (attached as txt files). I get a diff using XXD instead of plain text diff because of the following error message:
```
2025-04-21 13:51:26 W: diffoscope.comparators.xml: Vulnerable version of pyexpat detected; disabling comparison of XML documents. Install defusedxml or upgrade your pyexpat.
```
Note that this is not visible when output type is JSON.
However, when I install `defusedxml`, it works and gives a nice like below.
│ - <description>Specifies the Proxy Configuration Controller Service to proxy network requests. If set, it supersedes proxy settings configured per component. Supported proxies: SOCKS + AuthN, HTTP + AuthN</description>
│ + <description>Specifies the Proxy Configuration Controller Service to proxy network requests. If set, it supersedes proxy settings configured per component. Supported proxies: HTTP + AuthN, SOCKS + AuthN</description>
Is there a specific reason that defusedxml is not shipped with the docker image?
Regards,
Aman Sharma
PhD Student
KTH Royal Institute of Technology
School of Electrical Engineering and Computer Science (EECS)
Department of Theoretical Computer Science (TCS)
<http://www.kth.se><https://www.kth.se/profile/amansha><https://www.kth.se/profile/amansha>
<https://www.kth.se/profile/amansha>https://algomaster99.github.io/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/diffoscope/attachments/20250421/c069426b/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: reference.txt
URL: <http://lists.reproducible-builds.org/pipermail/diffoscope/attachments/20250421/c069426b/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rebuild.txt
URL: <http://lists.reproducible-builds.org/pipermail/diffoscope/attachments/20250421/c069426b/attachment-0001.txt>
More information about the diffoscope
mailing list