Bump lxml from 3.8.0 to 4.4.0

[dependabot-preview]

Bumps lxml from 3.8.0 to 4.4.0.

Changelog

Sourced from lxml's changelog.

4.4.0 (2019-07-27)

Features added

• Element.clear() accepts a new keyword argument keep_tail=True to
  clear everything but the tail text. This is helpful in some document-style
  use cases.

• When creating attributes or namespaces from a dict in Python 3.6+, lxml now
  preserves the original insertion order of that dict, instead of always sorting
  the items by name. A similar change was made for ElementTree in CPython 3.8.
  See https://bugs.python.org/issue34160

• Integer elements in lxml.objectify implement the __index__() special method.

• GH#269: Read-only elements in XSLT were missing the nsmap property.
  Original patch by Jan Pazdziora.

• ElementInclude can now restrict the maximum inclusion depth via a max_depth
  argument to prevent content explosion. It is limited to 6 by default.

• The target object of the XMLParser can have start_ns() and end_ns()
  callback methods to listen to namespace declarations.

• The TreeBuilder has new arguments comment_factory and pi_factory to
  pass factories for creating comments and processing instructions, as well as
  flag arguments insert_comments and insert_pis to discard them from the
  tree when set to false.

• A C14N 2.0 <https://www.w3.org/TR/xml-c14n2/>_ implementation was added as
  etree.canonicalize(), a corresponding C14NWriterTarget class, and
  a c14n2 serialisation method.

Bugs fixed

• When writing to file paths that contain the URL escape character '%', the file
  path could wrongly be mangled by URL unescaping and thus write to a different
  file or directory. Code that writes to file paths that are provided by untrusted
  sources, but that must work with previous versions of lxml, should best either
  reject paths that contain '%' characters, or otherwise make sure that the path
  does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.

• Assigning to Element child slices with negative step could insert the slice at
  the wrong position, starting too far on the left.

• Assigning to Element child slices with overly large step size could take very
  long, regardless of the length of the actual slice.

... (truncated)

Commits

• ca90c24 Prepare release of lxml 4.4.0.
• 2287911 Update TreeBuilder tests from CPython's test suite.
• 5666bda Make 'data' argument optional for TreeBuilder.pi(), as in ElementTree.
• 0f41502 Merge branch lxml-4.3 into master.
• 1848047 Prepare release of lxml 4.3.5.
• 15c52ac Remove "sudo" tag from travis config (GH-281)
• 6beef45 Fix typos (GH-282)
• 886b76b Merge branch lxml-4.3.
• 6156d61 Prepare release of lxml 4.3.4.
• c0df0bc Prevent the default namespace from being picked up when searching for unprefi...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #75.