[3.12] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) by hartwork · Pull Request #139662 · python/cpython (original) (raw)

Appearance settings

- AI CODE CREATION
  * GitHub CopilotWrite better code with AI
  * GitHub SparkBuild and deploy intelligent apps
  * GitHub ModelsManage and compare prompts
  * MCP RegistryNewIntegrate external tools
- DEVELOPER WORKFLOWS
  * ActionsAutomate any workflow
  * CodespacesInstant dev environments
  * IssuesPlan and track work
  * Code ReviewManage code changes
- APPLICATION SECURITY
  * GitHub Advanced SecurityFind and fix vulnerabilities
  * Code securitySecure your code as you build
  * Secret protectionStop leaks before they start
- EXPLORE
  * Why GitHub
  * Documentation
  * Blog
  * Changelog
  * Marketplace

View all features

- BY COMPANY SIZE
  * Enterprises
  * Small and medium teams
  * Startups
  * Nonprofits
- BY USE CASE
  * App Modernization
  * DevSecOps
  * DevOps
  * CI/CD
  * View all use cases
- BY INDUSTRY
  * Healthcare
  * Financial services
  * Manufacturing
  * Government
  * View all industries

View all solutions

- EXPLORE BY TOPIC
  * AI
  * Software Development
  * DevOps
  * Security
  * View all topics
- EXPLORE BY TYPE
  * Customer stories
  * Events & webinars
  * Ebooks & reports
  * Business insights
  * GitHub Skills
- SUPPORT & SERVICES
  * Documentation
  * Customer support
  * Community forum
  * Trust center
  * Partners

View all resources

- COMMUNITY
  * GitHub SponsorsFund open source developers
- PROGRAMS
  * Security Lab
  * Maintainer Community
  * Accelerator
  * GitHub Stars
  * Archive Program
- REPOSITORIES
  * Topics
  * Trending
  * Collections
- ENTERPRISE SOLUTIONS
  * Enterprise platformAI-powered developer platform
- AVAILABLE ADD-ONS
  * GitHub Advanced SecurityEnterprise-grade security features
  * Copilot for BusinessEnterprise-grade AI features
  * Premium SupportEnterprise-grade 24/7 support
Pricing

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

python / cpython Public

Notifications You must be signed in to change notification settings
Fork34.4k
Star 72.2k
Code
Issues 5k+
Pull requests 2.1k
Actions
Projects
Security and quality
Insights

Additional navigation options

Merged

ambv merged 2 commits intopython:3.12from

hartwork:backport-48d0d0d-3.12

Oct 7, 2025

Conversation Commits (2)Checks Files changed

Merged

[3.12] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319)#139662

ambv merged 2 commits intopython:3.12from

hartwork:backport-48d0d0d-3.12

Conversation

Copy link Copy Markdown

Contributor

@hartwork hartwork commented

Oct 6, 2025

•

edited by bedevere-appbot

CC @Yhg1s

Issue: Please upgrade bundled Expat to 2.7.3 (e.g. for two key bugfixes) #139312

`[[3.12]](/python/cpython/pull/139662/commits/dc87fc40a72bb28fadd68a63a3ef7ced46224f2c "[3.12] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319)

Blurb
Update sbom.spdx.json (cherry picked from commit 48d0d0dd9733eae4935f2ebd31bef786d8074fc8)

Co-authored-by: Stan Ulbrych 89152624+StanFromIreland@users.noreply.github.com") pythongh-139312[: Update bundled libexpat to 2.7.3 (](/python/cpython/pull/139662/commits/dc87fc40a72bb28fadd68a63a3ef7ced46224f2c "[3.12] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319)

Blurb
Update sbom.spdx.json (cherry picked from commit 48d0d0dd9733eae4935f2ebd31bef786d8074fc8)

Co-authored-by: Stan Ulbrych 89152624+StanFromIreland@users.noreply.github.com")pythonGH-13… `

[dc87fc4](/python/cpython/pull/139662/commits/dc87fc40a72bb28fadd68a63a3ef7ced46224f2c)

…9319)

Blurb
Update sbom.spdx.json (cherry picked from commit 48d0d0d)

Co-authored-by: Stan Ulbrych 89152624+StanFromIreland@users.noreply.github.com

hartwork requested a review from sethmlarson as a code owner

October 6, 2025 14:17

bedevere-app bot mentioned this pull request

Oct 6, 2025

Please upgrade bundled Expat to 2.7.3 (e.g. for two key bugfixes)#139312

Closed

bedevere-app bot added the awaiting review label

Oct 6, 2025

bedevere-app bot mentioned this pull request

Oct 6, 2025

gh-139312: Update bundled libexpat to 2.7.3#139319

Merged

Copy link Copy Markdown

Member

StanFromIreland commented

Oct 6, 2025

You need to run "make regen-sbom"

`[Sync checksums for file SPDXRef-FILE-Modules-expat-refresh.sh](/python/cpython/pull/139662/commits/d421943266e7ee75a8fcfda551dde45386eceb60 "Sync checksums for file SPDXRef-FILE-Modules-expat-refresh.sh

.. via "make regen-sbom"") `

[d421943](/python/cpython/pull/139662/commits/d421943266e7ee75a8fcfda551dde45386eceb60)

.. via "make regen-sbom"

Copy link Copy Markdown

Contributor Author

hartwork commented

Oct 6, 2025

You need to run "make regen-sbom"

@StanFromIreland thanks, that helped! Push upcoming…

StanFromIreland reacted with thumbs up emoji

StanFromIreland assigned Yhg1s

Oct 6, 2025

StanFromIreland requested a review from gpshead

October 6, 2025 15:23

StanFromIreland approved these changes Oct 6, 2025

View reviewed changes

Copy link Copy Markdown

Member

@StanFromIreland StanFromIreland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; thanks for backporting!

hartwork reacted with thumbs up emoji

bedevere-app bot added awaiting core review and removed awaiting review labels

Oct 6, 2025

ambv merged commit aecbbee into python:3.12

Oct 7, 2025

30 checks passed

bedevere-app bot removed the awaiting core review label

Oct 7, 2025

Copy link Copy Markdown

Contributor Author

hartwork commented

Oct 7, 2025

@ambv thank you!

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})