In #5, defusedxml has been introduced as a dependency to prevent XEE attacks.
According to the docs, defusedxml should not be required anymore with recent Python versions and the recommendation for defusedxml has been removed from the official Python docs after some discussions:
According to the table at https://github.com/tiran/defusedxml?tab=readme-ov-file#python-xml-libraries, the mentioned attacks should not be possible with modern Python anymore.
Is the dependency still required here?
In #5, defusedxml has been introduced as a dependency to prevent XEE attacks.
According to the docs, defusedxml should not be required anymore with recent Python versions and the recommendation for defusedxml has been removed from the official Python docs after some discussions:
According to the table at https://github.com/tiran/defusedxml?tab=readme-ov-file#python-xml-libraries, the mentioned attacks should not be possible with modern Python anymore.
Is the dependency still required here?