Update lxml and pytest versions

Issue: Currently the lxml version 4.6.5 is used for e2e tests. This version is part of the CVE-2022-2309 for all versions below 4.9.1, which could lead to a denial of service attack.

Solution: Update lxml to 4.9.2

mentioned in merge request !129 (merged)

@rbiegel before we close it: the Python packages used by the CI must be updated manually, right?

I tested pyOpenPASS with the updated lxml version from a user perspective and it worked, you might need to check this, too.

Yes, we have to update them manually. Will look into that.

update is completed

assigned to @szipfel

changed milestone to %Release v0.11

changed title from Update lmxl and pytest versions to Update lxml and pytest versions

Title also says pytest - what about that?

I used pytest 7.0.1 and from a user perspective, running the tests in test_end_to_end.json worked.

The question was if it is necessary to update pytest too? Is there a known security issue for the currently used version<7?

There is currently no security issue with pytest<7. I just wanted to update both, because Jan has tested it, but then decided to just create a merge request for lmxl.

From my point of view, there is no need to update pytest right now.

I'll update the Docker image during the afternoon and file a ticket for Windows CI update. Will report the results here.

Turns out the Docker image currently used already has 4.9.2 installed.

Filed an issue for update of the Windows build agent

closed